Page 7 of 9 FirstFirst ... 3456789 LastLast
Results 61 to 70 of 88

Thread: PWS:win32/zbot.gen!AC after downloading Free File Opener

  1. #61
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Hi,
    dont recognise that file, tried what you suggested and got "there was an error attempting to upload the file". Tried twice.

    Am trying to upload pics of windirstat of docs and settings: having trouble, dont know why.

    thanks,
    sarah

  2. #62
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    "there was an error attempting to upload the file"
    Odd. Please make sure that you disable your security programs before scanning the file. try again with Virus Total and if the file does not scan try this scanner instead:

    1. Jotti

      Please scan the files using Jotti's Malware File Scanner by clicking here

      • Click on the "Browse" button located at the top of the screen.
      • Navigate to the requested file ().
      • Click on the file you want to be analysed and then click "open".
      • You will see your file appear in the text box on the Jotti site.
      • Click the "Submit" button and wait for your file to be analysed.

        Once the file has been analysed, a log will be created. Please post the log for each file that you have scanned in your next reply.


    2. Please download SystemLook by JPShortstuff


      • Please download SystemLook by JPShortstuff by clicking here or here and save the file (called SystemLook.exe) to your desktop.
      • Double click SystemLook.exe to run the program.
      • Copy the content of the following codebox into the main textfield:


      Code:
      :file
      c:\program files\PA082.exe
      • Click the Look button to start the scan.
      • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
      • Note: The log can also be found on your Desktop entitled SystemLook.txt


      You mentioned that you uninstalled AVG but there are some leftovers showing in your system log.

    3. Please work through the following steps


      • Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
      • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
      • Copy and Paste the text in the quotebox below into the open Notepad window:

        SecCenter::
        AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

        FileLook::
        c:\program files\PA082.exe

        Skipfix::
      • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
      • Close any open browsers.
      • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Refering to the picture below, drag CFScript.txt into ComboFix.exe




      • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
      • Once the log is produced, re-engage your resident anti virus.


      Please post the scan results along with the Systemlook log and the Combofix log in your next reply.
    Proud Graduate of the WTT Classroom

  3. #63
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    hi JonTom,

    Uploaded settings and docs to photobucket. Password is JonTom. URL...

    Dont seem to have uploaded...cant find it.... so frustrating...will have to keep trying...

    Before I got rid of Avira, it updated and has had no more messages: wonder if it was malware problem, cos it struck me as strange to suddenly say Avira had a newer version and that the old one was no longer protecting. Usually I get warnings for a while, that I need to update newer version.

    Joti is taking for ever to upload file: when I browsed for it, it had the symbol of a zip file next to it.

    [ArcaVir]
    2012-04-04 Found nothing
    [Frisk F-Prot Antivirus]
    2012-04-04 Found nothing
    [Avast! antivirus]
    2012-04-04 Found nothing
    [F-Secure Anti-Virus]
    2012-04-04 Found nothing
    [Grisoft AVG Anti-Virus]
    2012-04-04 Found nothing
    [G DATA]
    2012-04-04 Found nothing
    [Avira AntiVir]
    2012-04-04 Found nothing
    [Ikarus]
    2012-04-04 Found nothing
    [Softwin BitDefender]
    2012-04-04 Found nothing
    [Kaspersky Anti-Virus]
    2012-04-04 Found nothing
    [ClamAV]
    2012-04-04 Found nothing
    [Panda Antivirus]
    2012-04-04 Found nothing
    [CPsecure]
    2012-04-04 Found nothing
    [Quick Heal]
    2012-04-04 Found nothing
    [Dr.Web]
    2012-04-04 Found nothing
    [Sophos]
    2012-04-04 Found nothing
    [Emsisoft Anti-Malware]
    2012-04-04 Found nothing
    [VirusBlokAda VBA32]
    2012-04-04 Found nothing
    [ESET]
    2012-04-04 Found nothing
    [VirusBuster]
    2012-04-04 Found nothing

    File size: 1148416 bytes
    Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5: 3f0bdc06fbe6fdbe48870d6f40fbfb35
    SHA1: b30195452ae378f931a5162a85aba55d5cb8f813


    Filename: PA082.exe
    Status:
    Scan finished. 0 out of 20 scanners reported malware.
    Scan taken on: Wed 4 Apr 2012 22:25:21 (CET) Permalink

    Wasn't sure what to post, so posted all of Jotti

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:22 on 04/04/2012 by 1 Sarah
    Administrator - Elevation successful

    ========== file ==========

    c:\program files\PA082.exe - File found and opened.
    MD5: 3F0BDC06FBE6FDBE48870D6F40FBFB35
    Created at 12:12 on 01/11/2005
    Modified at 12:14 on 01/11/2005
    Size: 1148416 bytes
    Attributes: -----c-
    No version information available.

    -= EOF =-

    thanks!!

  4. #64
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    settings and docs are here:
    http://s760.photobucket.com/albums/xx245/eco-sarah/

    password JonTom

    will do combo fix now

  5. #65
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Hi JonTom,

    Combofix seems to be up to its old tricks, and although the clock is still going, the thing appears stuck with no light on the hd.

    Also, can you let me know when I can remove the photos from photobucket, as I am wanting to post some photos of a vehicle for another forum, and dont want ppl seeing my computer contents!

    thanks

  6. #66
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    can you let me know when I can remove the photos from photobucket
    You can remove them now. Your hard drive appears to be full with pictures and music files. The drive itself is quite small, which is the most likely explanation as to why it is full.

    Drive C: | 33.29 Gb Total Space | 1.09 Gb Free Space | 3.27% Space Free | Partition Type: NTFS
    1GB of free drive space. Windows needs around 10% of HD space completely free for performance reasons.

    If you have many music files and picture you need to keep it may be worthwhile investing in a new hard drive or an external storage device.


    One short term way or releasing a little space would be to check to see if the hibernation facility is enabled on your machine and disable it (your hiberfil.sys file is currently very large).

    If you would like to try this:


    • Click on "Start" then on "Control Panel" then double-click on Power Options.
    • Click the Hibernate tab, de-select the 'Enable hibernate support' check box, and then click Apply.
    • Restart your computer and hiberfil.sys should be automatically deleted.
    • If you change your mind in the future and would like to use hibernation, go back to the Hibernate tab as described in the first three steps and check the box 'enable hibernation'.


    Wasn't sure what to post, so posted all of Jotti
    You did the right thing

    Although the file appears to be clean, it is still my belief that it is slightly unusual/suspicious. Were it me I would move the file to my recycle bin and leave it there for a week or so. If there are no ill effects after that time it could then be removed.


    1. Security Check


      • Please download Security Check by screen317 from here or here and save the file (called securitycheck.exe) to your desktop.
      • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box (NOTE: If you are running Vista or Win7 please Right click and select "Run as Administrator"..
      • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.


      Please post the security check log and a new OTL scan log in your next reply.
    Proud Graduate of the WTT Classroom

  7. #67
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Hi,
    I use hybinate, so reluctant to remove: Yes, there is only 1Gb free on HD, and you say it is cos of the size of my music and pictures? I dont understand as they only add up to 7.6 and 2.6 Gig = 10.4Gb, and thunderbird is next biggest at 2.5 Gig. That is not that big compared to 32Gb. Although there is obviously lots of other stuff, the whole of my docs is 14 Gb if I remember correctly, and with progs, 17? what I am puzzled by is why I only have 1 Gb free.

    Results of screen317's Security Check version 0.99.32
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Avira AntiVir Personal - Free Antivirus
    ESET Online Scanner v3
    ZoneAlarm Firewall
    ZoneAlarm Free
    ZoneAlarm Toolbar
    ZoneAlarm Spy Blocker
    ZoneAlarm Security
    Antivirus out of date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    WinPatrol 2008 (Outdated! Latest version is WinPatrol 2011)
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Java(TM) 6 Update 24
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Java version out of date!
    Adobe Flash Player 11.1.102.55
    Adobe Reader X (10.1.2)
    Mozilla Firefox (9.0.1)
    Mozilla Thunderbird (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    WinPatrol winpatrol.exe is disabled!
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    CheckPoint ZoneAlarm vsmon.exe
    CheckPoint ZoneAlarm zatray.exe
    ``````````End of Log````````````


    thanks

  8. #68
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Please post another OTL scan log as requested.

    Also, let me know if you are still getting the PWS:win32/zbot.gen!AC warning, and if there are any remaining symptoms (popups, redirects, error messages etc).
    Proud Graduate of the WTT Classroom

  9. #69
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Hi JonTom,

    Didn't have a warning about the Zbot more than the time I told u about. I didn't have any more symptoms except the strange thing with Avira that h told u about. However, I haven't been using the computer except to do what u'v asked, cos I presumed its not safe. RU suggesting I use it now?

    I didn't notice the request for The OLT log! WIll do it when next xIth computer- am probably away til Tue now.

    Thanks, Sarah

  10. #70
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Browse to a small number of trusted sites to see how things are running.

    Let me know how it goes and post the OTL log in your next reply.
    Proud Graduate of the WTT Classroom

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •