Page 5 of 9 FirstFirst 123456789 LastLast
Results 41 to 50 of 88

Thread: PWS:win32/zbot.gen!AC after downloading Free File Opener

  1. #41
    Member
    Join Date
    Oct 2008
    Posts
    95

    Default

    Wondering if you can understand the following: doc and settings/all users/documents access denied . As far as I know I am always logged on as admin. This has been unaccessable for at least 2 years. it occured to me that that might be where all the HD is taken up, so I was wanting to look.

    thanks!

  2. #42
    Security Expert JonTom's Avatar
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Is this a business/company machine?

    I have cancelled the installation, and am hoping you are happy to advise me here
    Sounds as though the new version of Avira may not be compatible with the applications you listed. If you want to stick with Avira you'll have to uninstall those other applications.

    The HD is full, and I dont know why. It is too full to run defrag.
    Lets see if we can find out what is taking up all of the space:

    1. WinDirStat


      • Please download WinDirStat by clicking here and save it to your desktop.
      • Once saved, open the program.
      • Make sure that All Local Drives is selected, then press OK and let it run.
      • Please post a screenshot of the results in your next reply.
    Proud Graduate of the WTT Classroom

  3. #43
    Member
    Join Date
    Oct 2008
    Posts
    95

    Default

    Cannot get the prtSc to paste into here. Have put it into windows word, and copied from there, same problem.

    The laptop is my personal one.

    Yes sounds like avira isn't compatible, do you have any advice here: shall I disable the required progs?

    thanks,
    sarah

  4. #44
    Security Expert JonTom's Avatar
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Yes sounds like avira isn't compatible, do you have any advice here: shall I disable the required progs?
    Its really up to you. MBAM and S&D are good programs. I can provide some alternatives to Avira which may allow you to keep them if you wish.

    Cannot get the prtSc to paste into here
    You need to upload the screenshot to a host such as photobucket, in order to link to it.

    Once you run the scan and take a screenshot, it can be pasted into an application such as Paint.

    Once pasted into paint, save the screenshot to your desktop as a JPEG file.

    Once saved, go to your image host of choice (there are a few available, but I use photobucket) and upload the file into your account.

    The screenshot will be displayed in your account. Copy the Direct Link to the image and post it back here.

    If you run into any problems just come back and let me know
    Proud Graduate of the WTT Classroom

  5. #45
    Member
    Join Date
    Oct 2008
    Posts
    95

    Default

    Yes please suggest an alternative to Avira.

    I am loving the pic windirstat produced. Have discovered a chunk of the colours is ERDNT back up everyday for a number of days: says ERDNT/autobackup... Dont think I have the space to be backing so much up so often?

    WinDirStat is hopefully at:

    https://protectedenvironment.files.w...-computer.jpeg

    you're an

  6. #46
    Security Expert JonTom's Avatar
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Yes please suggest an alternative to Avira
    I will once we have taken care of the remaining issues. Until then, please keep your browsing to an absolute minimum.

    WinDirStat is hopefully at
    It is. Good job

    Have discovered a chunk of the colours is ERDNT back up everyday for a number of days: says ERDNT/autobackup...

    Dont think I have the space to be backing so much up so often?
    Aha, you have ERUNT configured to make daily backups. That may very well be it.

    ERUNT is a tool that is used to create backups of your system registry. Once created, the backup are usually stored at %WINDIR%\ERDNT\AutoBackup in the forum of a folder named YYYY-MM-DD.

    I cannot see how much space is being taken up by the backups from the screenshot you have posted.

    How many backups are present and how much space are they taking up?
    Proud Graduate of the WTT Classroom

  7. #47
    Member
    Join Date
    Oct 2008
    Posts
    95

    Default

    Hi JonTom,

    7 folders, with dates as you say, 58.8mb per folder when I hover over the folder of each date. 17 and 18 march, then 25th onwards to today.

    best wishes,
    sarah

  8. #48
    Security Expert JonTom's Avatar
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    The majority of file space appears to be taken up by Documents and Settings. It may be worthwhile taking a look in there to see if there are any things that are not required, or that look suspicious.

    Lets configure erunt to save a smaller number of backups:


    • By default ERUNT will save the last 30 copies of the registry.
    • Go to your Start button > Programs > Startup > Shortcut to AUTOBACK.EXE
    • Right click on > Shortcut to AUTOBACK.EXE and click on properties
    • The Target should already be highlighted
    • Right click on it and choose Copy
    • Paste it into Notepad or Word, it should look something like this: (the path may be different on your computer)

      Code:
      "C:\Program Files\ERUNT\AUTOBACK.EXE" %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow
    • Now add this to the end: /days:3 (after noprogresswindow - note the space between the "w" and the "/).
    • The number indicates the number of backups being saved, you can set it to what ever you want, 3 is reasonable but you can make it more or less if you wish.
    • The edited code should now look like this:

      Code:
      "C:\Program Files\ERUNT\AUTOBACK.EXE" %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow /days:3
    • Go back to the Shortcut to AUTOBACK.EXE, the Target should already be highlighted > hit your delete key > now copy and paste in the new target you created.
    • Make sure the Run: box says Minimized > click Apply and OK to close it out.
    • These automatic backups are stored in the C:\WINDOWS\ERDNT\AutoBackup folder.


    Once you have adjusted Erunt to save the number of backups you require, navigate to (and delete) the older ones.

    Once deleted empty the recycle bin.

    If the above does not help matters let me know in your next reply.
    Proud Graduate of the WTT Classroom

  9. #49
    Member
    Join Date
    Oct 2008
    Posts
    95

    Default

    Hello,
    have done as suggested. Cannot run defrag as this requires 15% space and I now have 4% space!

    Could you tell me where we have got with the Trojan?: I have not been using the computer except to try to ascertain how it is working to answer your questions, as I don't want to take any risks.

    I could try running combofix to see if it will run now? Or is there another test you can suggest.

    Have looked at docs and settings, have no idea how to tell if something is suspicious. The figures on the files add up to the total: eg music 7.6; pics 3.7; ebooks &vids 1; and other bits and pieces which could make up to 14.7. Then thunderbird is 2.6 (is that high??); all users .5; IBM tools 1; so this could come to 18.7 with the bits and pieces.

    Lower down is a folder called 1386 with 462mb, dont know what this is?

    thanks very much for all your help,

    sarah

  10. #50
    Security Expert JonTom's Avatar
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Lower down is a folder called 1386 with 462mb, dont know what this is?
    The i386 folder is a required directory and can be left where it is.


    Although we have dealt with all of the detections made by ESET, lets try the following:

    Please delete the copy of Combofix on your desktop by dragging it to the recycle bin, then empty the bin.

    1. Please make file extensions Visible:


      • Click "Start" Go to My Computer-> Tools-> Folder Options-> View tab:
      • Un check "Hide extensions for known file types" boxes.
      • Close the window with "OK".


      Download a new copy of Combofix from the link below and rename it to jontom.com


      Link


      • Disable all of your security programs and run the renamed Combofix.
      • If the scan completes, please post the log in your next reply.
      • If the scan causes the machine to crash let me know.
    Proud Graduate of the WTT Classroom

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •