Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Help with Zbot infection.

04 Nov 2012   #21

Windows 7 Pro. 64/SP-1
 
 

Things are just crazy.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f9fd5091a87fc94d999526271970b004
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-04 06:24:33
# local_time=2012-11-04 01:24:33 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 45884179 103595407 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134259
# found=0
# cleaned=0
# scan_time=1515

Name:  Capture.PNG Eset.PNG
Views: 3
Size:  149.3 KB



My System SpecsSystem Spec
.

04 Nov 2012   #22
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
CanIHaz that is very good research and I thank you very much for time and concern you have. A few minutes ago I got CIMV2-0X800041003, WMI 10. They all might be caused by the same thing. I will investagate on the MAM site. Thanks again.
See this ... Here's how to Fix WMI Event ID 10, "InstanceModificationEven - MSFN Forum
My System SpecsSystem Spec
04 Nov 2012   #23
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This is weird!
My System SpecsSystem Spec
.


04 Nov 2012   #24

Windows 7 Pro. 64/SP-1
 
 

I have already cleared the event log. It was caused by a Marvell driver MV91xx. I have to think on doing a registry edit from 2008.
I think what I'm going to do is reinstall Zbot from MAM quarantine and then run Eset scan again. It might put System Files back as they should be.
My System SpecsSystem Spec
04 Nov 2012   #25

Windows 7 Pro. 64/SP-1
 
 

Okay a little update.
Put back Zbot from MAM quarantine.
Ran Eset online and came up clean.
Updated MAM and ran complete scan, clean.
Cleared event log again.
Used Windows Update and got and installed MSE update.
Ran sfc /scannow 3 times with reboots between each.
Ran Repair disc 3 times with reboots.
Checked sfc /scannow again, still has files that need corrected ever time I ran it.
---------------------------
I don't think I'm infected.
Updating MAM stopped the false positive Zbot.
Windows 7 is just unable to give a clean bill of health using sfc /scannow.
I'm out of ideas and need some more help. I haven't discovered anything that doesn't work as it should except SFC /SCANNOW. so far.
-----------------
I don't have passwords installed on this computer except auto sign in for this site. All my banking excreta are in my pea brain or my Rolodex.
Thanks for worrying.
My System SpecsSystem Spec
04 Nov 2012   #26
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Just before you found these two ZBots, did you uninstall something or install a game/open a PDFfile or?
My System SpecsSystem Spec
04 Nov 2012   #27

Windows 8.1 Pro RTM x64
 
 

Given how devious and prolific malware writers have become, anti-malware vendors (MSE, Avast!, MBAM, etc.) have had to step up their game as well to keep up with the bad guys. Unfortunately, this does mean that once in a while something slips through the net and is not picked up or something legitimate is picked up and wrongly identified as malware. There have been cases where some AV updates have been pulled by the vendor after being notified by several users that something was wrong.
My System SpecsSystem Spec
04 Nov 2012   #28

Windows 7 Pro. 64/SP-1
 
 

Yes I was on this site when I got Zbot. I ticked on the now removed hyper link that was posted.
What is the weight of iso windows 7
---------------------
You are correct Dwarf. Malwarebytes corrected the problem the same day with a update.
Now all I have to do clean up the mess it left behind.
My System SpecsSystem Spec
04 Nov 2012   #29

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)
 
 

There's one consistent file error in the CBS.log
Code:
 
2012-11-01 20:48:12, Info                  CSI    000002ed [SR] Cannot repair member file [l:20{10}]"_isdel.exe" of Microsoft-Windows-InstallShield-WOW64-Main, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-11-01 20:48:12, Info                  CSI    000002ee [SR] Cannot repair member file [l:20{10}]"_isdel.exe" of Microsoft-Windows-InstallShield-WOW64-Main, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
- which is a single file, where both file itself, and the WinSxS backup are corrupted.


I'll work up a fix for you.
My System SpecsSystem Spec
04 Nov 2012   #30

Windows 7 Pro. 64/SP-1
 
 

Thank you Noel. I seen that but I'm quiet sure I don't want to fool with WinSxS without help. I can give you more logs if need be. Thank you all for coming to my rescue.
My System SpecsSystem Spec
Reply

 Help with Zbot infection.




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:05 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33