Infected by an Explorer virus


  1. Posts : 1
    Windows 7
       #1

    Infected by an Explorer virus


    Hi
    Seems like I've been infected by an IExplorer virus that first causes the the browser to crash and eventually slows down my entire system. I first started when I got a popup window asking me to update flashplayer.exe that kept popping up similar to this one.

    I tried everything including a system restore to an earlier time but it doesn't seem to work.
    Do you guys have any idea how to get rid of it ?



    I'm on WIndows 7 with IE 11.

    Here's some info I got from running my antivirus and malaware tools.


    Files Detected: 5
    C:\Users\B...\AppData\Local\Temp\UpdateFlashPlayer_5fbef799.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
    C:\Users\B...\AppData\Local\Temp\UpdateFlashPlayer_dc28c333.exe (Trojan.Zbot.FBD) -> Quarantined and deleted successfully.
    C:\Users\B...\Local Settings\tbumwfgx.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
    C:\Users\B...\AppData\Local\tbumwfgx.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\Security Center Update - 3142730981.job (Trojan.Agent.RvGen) -> Quarantined and deleted s


    Files Detected: 1
    C:\Users\B...\AppData\Roaming\Efyvev\cyycty.exe (Trojan.Zbot.FBD) -> Delete on reboot.

    rror: (02/20/2014 10:02:43 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
    Exception code: 0xc0000005
    Fault offset: 0x000000000002f177
    Faulting process id: 0xb3c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Please read this:
    Trojan.Zbot, also called Zeus, is a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet. The Trojan is created using a Trojan-building toolkit.

    Infection
    The Trojan.Zbot files that are used to compromise computers are generated using a toolkit that is available in marketplaces for online criminals. The toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers.

    The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft. The message body warns the user of a problem with their financial information, online account, or software and suggests they visit a link provided in the email. The computer is compromised if the user visits the link, if it is not protected.


    Functionality
    This Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. This is done by tailoring configuration files that are compiled into the Trojan installer by the attacker. These can later be updated to target other information, if the attacker so wishes.


    These are the most dangerous, and most widespread, type of Trojan.
    Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.


    If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised.


    They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
    Banking and credit card institutions should be notified of the possible security breech.


    More info can be found below:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports, ISP Information
    When should I re-format? How should I reinstall?
    When should I re-format? How should I reinstall? Security | DSLReports, ISP Information
      My Computer


  3. Posts : 2,470
    Windows 7 Home Premium
       #3

    Mstikes,

    The above information provided by Jacee makes you aware of possible consequences of Trojan.Zbot

    However, you do have the option to remove this malware from the system.

    You may experience problems running certain tools, so let's cut to the chase...

    To start, please use Malwarebytes Anti-Rootkit (MBAR)
    Download > http://downloads.malwarebytes.org/file/mbar
    Save to the Desktop
    Double-click the downloaded file to run the program.

    Follow the instructions to update and press: Next
    Press Scan to allow the program to check your computer for threats.

    Click the Cleanup button to remove any threats, and reboot if prompted to do so.
    Wait while the system shuts down and the cleanup process is performed.

    Perform a second scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
    If they do, click Cleanup once again, and repeat the process.

    When done, please post the two logs produced: mbar-log.txt and system-log.txt
    (The logs are found in the MBAR folder located on the Desktop)



    Next, see if you can use the Farbar Recovery Scan Tool.
    Download: Farbar Recovery Scan Tool Download

    Select the version that applies to your system: 64-bit
    Save it to your Desktop.
    Double-click the downloaded file to run it.

    When the tool opens, click Yes to the disclaimer.
    Press the Scan button.

    When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

    Please provide the FRST.txt in your reply.
    The first time the tool is run, it also creates another log: Addition.txt
    Also post the Addition.txt in your reply.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:35.
Find Us