Win32/Zbot Trojan

[TLE]

I would download an external boot cd such as Dr.Web or Kaspersky and run those. Even better would be MS ERD Commander if you have it. I think you need to attack this from outside of the operating system.

 

[TLE]

use the following link to download a file which will change the permissions on the HOSTS file.

http://download.bleepingcomputer.com/bats/hosts-perm.bat

 

[McK1987]

Cheers mate!

Your a top techie!

I have ERD Commander so I will give that a go, see what I can do with it! Also I will use the download to try amend hosts file.

 

[TLE]

Use the Microsoft Standalone Scanner with the latest updates installed downloaded onto a USB drive. I would then also use CMD to repair the MBR just in case all of which are on ERD Commander.

 

[McK1987]

Cheers Mate.

I'm in ERD at the moment. Does it have USB support?

 

[TLE]

Yes it should do, you start the standalone scanner which will then give you the option to do an online update, or provide the update file. I usually have the file on my USB toolkit which I plug in, browse to the file and let it update.

 

[McK1987]

Right guys,

I managed to delete the hosts file through ERD Commander and create a new one.

Once I restarted I could get the internet but only through Windows Explorer. When I clicked on Mozilla Firefox or IE, nothing would happen. I have reinstalled Firefox and all is working well. I am just away to reinstall IE and do some further scan to check the PC is clean.

Also I have restarted and nothing has came back? Fingers crossed.

 

[TLE]

Is IE set to use a proxy in the Lan Connectioin settings, Malware has a tendancy to set that in some instances.

Ps. I would also check out Scheduled Tasks to make sure nothing has been added which may download more malware.

 

[othersteve]

If you're still sketchy about any of it, feel free to post the OTL log here and I'd still be happy to traverse it for you.