Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Infected by an Explorer virus

21 Feb 2014   #1
Mstikes

Windows 7
 
 
Infected by an Explorer virus

Hi
Seems like I've been infected by an IExplorer virus that first causes the the browser to crash and eventually slows down my entire system. I first started when I got a popup window asking me to update flashplayer.exe that kept popping up similar to this one.

I tried everything including a system restore to an earlier time but it doesn't seem to work.
Do you guys have any idea how to get rid of it ?



I'm on WIndows 7 with IE 11.

Here's some info I got from running my antivirus and malaware tools.

Quote:

Files Detected: 5
C:\Users\B...\AppData\Local\Temp\UpdateFlashPlayer_5fbef799.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\B...\AppData\Local\Temp\UpdateFlashPlayer_dc28c333.exe (Trojan.Zbot.FBD) -> Quarantined and deleted successfully.
C:\Users\B...\Local Settings\tbumwfgx.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\B...\AppData\Local\tbumwfgx.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 3142730981.job (Trojan.Agent.RvGen) -> Quarantined and deleted s


Files Detected: 1
C:\Users\B...\AppData\Roaming\Efyvev\cyycty.exe (Trojan.Zbot.FBD) -> Delete on reboot.

rror: (02/20/2014 10:02:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x000000000002f177
Faulting process id: 0xb3c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3



My System SpecsSystem Spec
.
21 Feb 2014   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please read this:
Quote:
Trojan.Zbot, also called Zeus, is a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet. The Trojan is created using a Trojan-building toolkit.

Infection
The Trojan.Zbot files that are used to compromise computers are generated using a toolkit that is available in marketplaces for online criminals. The toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers.

The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft. The message body warns the user of a problem with their financial information, online account, or software and suggests they visit a link provided in the email. The computer is compromised if the user visits the link, if it is not protected.


Functionality
This Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. This is done by tailoring configuration files that are compiled into the Trojan installer by the attacker. These can later be updated to target other information, if the attacker so wishes.


These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.


If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised.


They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.


More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports, ISP Information
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security | DSLReports, ISP Information
My System SpecsSystem Spec
21 Feb 2014   #3
cottonball

Windows 7 Home Premium
 
 

Mstikes,

The above information provided by Jacee makes you aware of possible consequences of Trojan.Zbot

However, you do have the option to remove this malware from the system.

You may experience problems running certain tools, so let's cut to the chase...

To start, please use Malwarebytes Anti-Rootkit (MBAR)
Download > http://downloads.malwarebytes.org/file/mbar
Save to the Desktop
Double-click the downloaded file to run the program.

Follow the instructions to update and press: Next
Press Scan to allow the program to check your computer for threats.

Click the Cleanup button to remove any threats, and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.

Perform a second scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
If they do, click Cleanup once again, and repeat the process.

When done, please post the two logs produced: mbar-log.txt and system-log.txt
(The logs are found in the MBAR folder located on the Desktop)



Next, see if you can use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download

Select the version that applies to your system: 64-bit
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens, click Yes to the disclaimer.
Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.
The first time the tool is run, it also creates another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec
.

Reply

 Infected by an Explorer virus




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Would an image restore fix a virus infected PC?
I was just reading about all the new virus/malware threats. So far I've never been infected, but if it happens, would an image restore using the boot CD make everything A-OK again?
Backup and Restore
how to fix infected from s.m.s.r.t virus
hello guys, i have window 7 home premium it is infected with the (data recovery) s.m.a.r.t virus. as i turn on the comp it it start with it, desktop is almost blank. i need help with it how to fix this pain ,and one more thing to tell you guys another message comes up same time :warn: System...
System Security
Keep getting infected with virus even after formatting pc
Hello. I am having a pretty serious issue with a virus that keeps re-infecting my pc even after I format and reinstall Windows. I will try to provide as much detail as possible about my situation. I have been dealing with this repeated infection for quite some time now and have tried a few...
System Security
I think my netbook is infected by a virus... HELP
Sorry for newbie questions. New here in the forums. My problem is, my task manager has 2 process "csrss.exe" and "winlogon.exe" and they dont have a username and description(BTW im using Windows 7 starter). Ive searched any info about it in google and they all said it was a windows process and its...
General Discussion
If your system was infected with a virus, would you ?
Would you, attempt to disinfect and clean or would you just format and reinstall Windows ? I guess it depends on how serious the situation is, but isn't reinstalling always best due to the fact it wipes everything clean ?
System Security
System infected with a Virus
I am using an AV "nod32 v3 Full Version" and since last 3-4 years i hadnt ever had any virus attack on my pc/lapy. few days ago i used flashdrive of a friend ofmine for formating and since then my lapy catched a virus from it. Exactly what it did was all folders in my data drives (g h)...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:03.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App