PDA

View Full Version : Did SpyBot remove the infection?


Paul2008
2009-09-02, 09:13
Hi.
Another new member in a slightly strange world!
I have just picked up Win32.Agent.pz and Win32.zbot. As far as I know I got them from a hotel wireless network accessing my normal online email account or towns to visit - I was on holiday in France.
Spybot scan showed I have 3 of both and "Did I want to remove them?" - YES!
I haven't seen any untoward activity on my notebook - Dell Vostro 1510, XP Pro SP3, Spybot, AdAware, AVG Free (no indication here at all).
In the registry I find I have userinit.exe and other entries that I understand are related to these worms.
My questions are:
1. Did Spybot remove everything connected to these or is there something that I have to do.
2. How did I get them?
3. What do they do/are they doing?
4. Should I try one of the programmes that come up in a Google search to remove these?
Look forward to some help!
Thanks
Paul2008
tashi
2009-09-02, 18:12
Hello Paul2008,


I haven't seen any untoward activity on my notebook - Dell Vostro 1510, XP Pro SP3, Spybot, AdAware, AVG Free (no indication here at all).
In the registry I find I have userinit.exe and other entries that I understand are related to these worms.
Userinit.exe

Specifies the programs that Winlogon runs when a user logs on. By default, Winlogon runs Userinit.exe, which runs logon scripts, reestablishes network connections, and then starts Explorer.exe, the Windows user interface.. http://technet.microsoft.com/en-us/library/cc939862.aspx
Best to leave it alone. ;)



My questions are:
1. Did Spybot remove everything connected to these or is there something that I have to do.

Did you run another scan to see if Spybot-S&D flagged the same items?


2. How did I get them?
3. What do they do/are they doing?
Where you got them from would need insight as to where you were surfing or if you were using an insecure connection, etc. " hotel wireless network" could be one indicator.


4. Should I try one of the programmes that come up in a Google search to remove these?

I wouldn't recommend that no. There are lots of scare-ware programs that try to convince users their computers are compromised and ask for money to remove the fake infections found. That in itself is malware.

Hope that helps.