Results 1 to 2 of 2

Thread: Did SpyBot remove the infection?

  1. 2009-09-02, 09:13 #1
    Paul2008
    Paul2008 is offline
    Junior Member
    Join Date
    Sep 2009
    Posts
    1

    Default Did SpyBot remove the infection?

    Hi.
    Another new member in a slightly strange world!
    I have just picked up Win32.Agent.pz and Win32.zbot. As far as I know I got them from a hotel wireless network accessing my normal online email account or towns to visit - I was on holiday in France.
    Spybot scan showed I have 3 of both and "Did I want to remove them?" - YES!
    I haven't seen any untoward activity on my notebook - Dell Vostro 1510, XP Pro SP3, Spybot, AdAware, AVG Free (no indication here at all).
    In the registry I find I have userinit.exe and other entries that I understand are related to these worms.
    My questions are:
    1. Did Spybot remove everything connected to these or is there something that I have to do.
    2. How did I get them?
    3. What do they do/are they doing?
    4. Should I try one of the programmes that come up in a Google search to remove these?
    Look forward to some help!
    Thanks
    Paul2008
    Reply With Quote Reply With Quote
  2. 2009-09-02, 18:12 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello Paul2008,
    Quote Originally Posted by Paul2008 View Post
    I haven't seen any untoward activity on my notebook - Dell Vostro 1510, XP Pro SP3, Spybot, AdAware, AVG Free (no indication here at all).
    In the registry I find I have userinit.exe and other entries that I understand are related to these worms.
    Userinit.exe
    Specifies the programs that Winlogon runs when a user logs on. By default, Winlogon runs Userinit.exe, which runs logon scripts, reestablishes network connections, and then starts Explorer.exe, the Windows user interface..
    http://technet.microsoft.com/en-us/l.../cc939862.aspx
    Best to leave it alone.

    Quote Originally Posted by Paul2008 View Post
    My questions are:
    1. Did Spybot remove everything connected to these or is there something that I have to do.
    Did you run another scan to see if Spybot-S&D flagged the same items?
    Quote Originally Posted by Paul2008 View Post
    2. How did I get them?
    3. What do they do/are they doing?
    Where you got them from would need insight as to where you were surfing or if you were using an insecure connection, etc. " hotel wireless network" could be one indicator.
    Quote Originally Posted by Paul2008 View Post
    4. Should I try one of the programmes that come up in a Google search to remove these?
    I wouldn't recommend that no. There are lots of scare-ware programs that try to convince users their computers are compromised and ask for money to remove the fake infections found. That in itself is malware.

    Hope that helps.
    Last edited by tashi; 2009-09-02 at 18:15. Reason: Correction
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules