Zbot.gen!AP and Fraud.Fedexword

Status
Not open for further replies.
Hi Maureen,

Thank you for the log and report. Does your Action Center still display the warning mentioned earlier?

Anyway, the computer boots a bit slower than usual and I still find that the icons in the Notification Area are not consistently loading. Not an issue with me, unless it is an issue with you. I just find it odd.
Once I have confirmation on the above question, we can look into troubleshoothing these issues.

Ok, so I was looking through my documents to find a medication file for my mother and saw that within My Documents Library folder I have My Pictures, My Videos, and My Music. I now have a shortcut listed for each, along with the original folder, but the original folders are all locked and I am told Access Denied.
Please take a screenshot and post or attach in your next reply.

I came onto the computer to check to see if there was something in my email. I get a blank page when I click on the email icon.
Which browser were you using? Please confirm if you experience the same issue with other browsers on your computer.
 
Hi, Adam,

* No, there is no warning from the Action Center now.

* I am attaching the screen shot you asked for.

* I am using IE 11 and I can go to some websites but not others. I use Google a lot and I can't get it to open. Also, I use Comcast Xfinity to get my email and I can open the home page but the email page won't open.

* I also use Mozilla Firefox for all my ancestry work and that seems to be working fine. Duh, never thought to check it for my email yesterday!

Thank you! :)
 

Attachments

  • document folder screen shot.jpg
    document folder screen shot.jpg
    98.6 KB · Views: 2
Hi Maureen,

We will troubleshoot your slow boot after the following issues are resolved. Please carry out the following steps, and answer the 3 questions (in STEP 4) once completed.

STEP 1
nSymGHK.png
Folder Options (Reset)
  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders:
  • Place a checkmark next to Don't show hidden files, folders and drives.
  • Place a checkmark next to Hide extensions for known file types.
  • Place a checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.

STEP 2
MgeHyNE.png
Rebuilding Icon Cache
  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the quotebox below and paste into the Notepad document.
    @echo off
    attrib -a -r -h -s %LocalAppData%\IconCache.db
    del /a %LocalAppData%\IconCache.db
    type NUL > %LocalAppData%\IconCache.db
    attrib +r +h %LocalAppData%\IconCache.db
    shutdown /r /f /t 10
    del %0
  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file icon.bat.
  • Select All Files as the Save as type.
  • Save the file to your desktop.
  • Locate icon.bat
    iKKSwsh.png
    (W8/7/Vista) on your desktop. Right-click the icon and select Run as Administrator.
  • Your computer will reboot in 10 seconds after the completion of the command.
  • Once your computer has rebooted, check the situation with your Notification Area icons. You may wish to reboot several times.

STEP 3
ehzOq95.png
Clear Internet Explorer Cache and Cookies
  • Open Internet Explorer. Click the Settings gear icon in the top right corner.
  • Click Safety, followed by Delete Browsing History.
  • Check the following boxes:
    • Temporary Internet Files
    • Cookies
    • History
    • Download History
    • Form Data
  • Uncheck Preserve Favorites.
  • Click Delete, and wait until complete.
  • Close Internet Explorer.
  • Re-open Internet Explorer. Can you access your website?

======================================================

STEP 4
pfNZP4A.png
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • Are you still experiencing the issue with your My Documents folder?
  • Are you still experiencing the issue with your Notification Area icons?
  • Are you still experiencing the issue with Internet Explorer and accessing your website?
 
Hi, Adam,

There are no logs to post here.

Are you still experiencing the issue with your My Documents folder?
No, that seems to be cleared up.


Are you still experiencing the issue with your Notification Area icons?
No, for now the icons seem ok and no "white flag" notification that there is a problem.


Are you still experiencing the issue with Internet Explorer and accessing your website?
Yes, it seems I am still having issues with IE. I still cannot access Google, Yahoo, or get my email from my Xfinity provider. I can, however, get to these places on Firefox.

How do you do that quote? lol I don't know how so just bulleted each item. Thanks so much!
 
Hi Maureen,

How do you do that quote?
Copy and paste the desired quotation into the text field. Highlight the text and press the quotation button
LuXeMOg.png
. :)

Yes, it seems I am still having issues with IE.
Please do this, and see if you can access your websites on Internet Explorer.


MgeHyNE.png
Internet Flush
  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the quotebox below and paste into the Notepad document (do not include the word "Quote").
    @echo off
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file flush.bat.
  • Select All Files as the Save as type.
  • Save the file to your desktop.
  • Locate flush.bat
    iKKSwsh.png
    (W8/7/Vista) on your desktop. Right-click the icon and select Run as Administrator.
  • Your computer should reboot. If not, please manually reboot.
  • Try out Internet Explorer.
 
Hi, Adam,
Let's give this quote thing a whirl! lol

Copy and paste the desired quotation into the text field. Highlight the text and press the quotation button

Ok, so still having issues with IE. IE will not let me access Google, my email on Xfinity by Comcast (my provider) and I can't get into Ancestry.com. Went through a lot of the sites in my Favorites and those are fine.

Firefox seems to be fine.

Any suggestions? Where do you think we are with the bug issue? Do you think the Zbot and other bugs are gone? Do you think this IE issue is caused by a bug or is it something else? Is it safe to use the computer yet?

Thanks so much! :)
 
One more thing, Adam.

I just noticed that I am getting a msg at the bottom of a webpage that ar.voicefive.com is a pop up being blocked. Have not seen this before. Just did a quick search and after seeing the search results thought I better tell you. MSE has not picked it up and none of the Spybot or Malwarebyte scans have picked it up. Could this be causing a problem?
 
Hi Maureen,

Where do you think we are with the bug issue? Do you think the Zbot and other bugs are gone? Do you think this IE issue is caused by a bug or is it something else? Is it safe to use the computer yet?
I do not believe malware is present on your computer. This issue is most likely unrelated to malware.

Please backup your Internet Explorer favourites by following this guide. Proceed by following this article on how to reset Internet Explorer settings. Any Browser Help Objects (BHOs), toolbars, etc will be removed. However, these can be redownloaded later. You may wish to make a note of any custom IE settings or additions prior to resetting the browser.

After resetting Internet Explorer, close and reopen the programme. Check for issues, and let me know.
 
Hi, Adam,

IE seems to be working fine now. I am able to get into the websites and my email without issue. Do you have any idea how it got messed up? Just curious! You have also provided me with more reading material! I am always up for learning new things!

As far as the ar.voicefive.com pop up - is that something I should keep my eyes open for or is it not anything to worry about?

Thank you for giving me back my computer! I enjoy doing the homework but definitely do not have the knowledge to do it without guidance so thank you for your patience and help! You did a great job walking me through everything!

Got another question that I asked way back when about the old laptop with Windows XP and the old desktop, also with XP. I don't think either are worth upgrading as they are probably 8 yrs old or so but worth keeping around for a bit longer. I uninstalled MSE on the laptop and installed Norton Security Suite Free, available through my provider. It is fine but as part of that, there was a System Check so I ran it. Oh boy, over 600 registry issues, among other things and now I know why the computer is SOOOO slow! However, the fix is not free. It is an ad to sell the fix program. I know there are free registry cleaners out there but am afraid of the consequences, especially since I don't know what I am doing. Any suggestions? Should I try one? Is it not worth the time and brain cells to do it? I have already taken off the documents and pictures that I want and there is nothing else on the computer that I have to have. As for the desktop, I still have a lot of stuff I need to get off. I am going to do the same, uninstalling MSE and installing Norton, then transferring stuff onto an external hard drive. The desktop has had issues for quite some time, including a "low battery" msg that I get, even though I have changed the battery several times. I have not even turned the computer on in months and would like to just get it taken care of.

Sorry for the rambling. Any advice you could share with me would be much appreciated! Thanks again for doing such a great job helping me with the bugs on this computer!:)
 
Hi, Adam,

I decided to run my regular scans. MSE was fine, Malwarebytes was fine. Spybot is gone! I will download it again but I see there are two to choose from. Which one should I get? Spybot 2.4 or what I had before which was Spybot Search and Destroy 1.6.2?

Also, all the stuff I downloaded to my desktop in this clean up process and all the log/text files - do I delete them all? Do I keep any of the programs? I would not know what to do with any of the results even if I ran any of them! lol

Thanks!:)
 
Hi Maureen,

Please hold back with making any changes for now. Remember, we uninstalled Spybot earlier as it was outdated and may interfere with this process.

I will return shortly with instructions. We are almost done.
 
Ok, Adam, we did so much that I did not remember uninstalling Spybot! I will hold off with anything until I hear from you. Thanks!
 
Hi Maureen,

Are you still experiencing a slow boot (or any other issues). Would you like to troubleshoot your boot time?

Do you have any idea how it got messed up?
It's difficult to say. It could be any number of reasons. I take it was resetting Internet Explorer that resolved the issue?

As far as the ar.voicefive.com pop up - is that something I should keep my eyes open for or is it not anything to worry about?
Read about VoiceFive on Wikipedia, here (don't click on any external links to VoiceFive.com). Clearing your Internet Explorer cookies/cache should have stopped this. Please let me know if you are still experiencing this issue.

Thank you for giving me back my computer! I enjoy doing the homework but definitely do not have the knowledge to do it without guidance so thank you for your patience and help! You did a great job walking me through everything!
You are more than welcome. We still have a little left to do, so please don't go just yet!

Oh boy, over 600 registry issues, among other things and now I know why the computer is SOOOO slow!
Slowness on your other computers is unlikely caused by "registry issues". Programmes that purport to optimization or "registry cleaning" are snake oil at best; and will generally do more harm than good. By running a registry cleaner, you may find your computer performs worse... or in some cases, fails to boot. Please read the following article (by quietman7, MVP) on Why you should not use Registry Cleaners.

However, the fix is not free. It is an ad to sell the fix program.
This isn't surprising. It is not uncommon for these types of companies to try and sell you software you don't need. I suggest you stay clear of paid AND free registry cleaners.

I am going to do the same, uninstalling MSE and installing Norton
Symantec has certainly improved it's products (Norton 360 being a good example). When suggesting an anti-virus for users without one, I will post the following.

Please download and install ONE of the anti-virus products below.
  • 8fj6i2U.png
    avast! Free Anti-Virus (free)
  • mjT6qIs.png
    Avira Free Anti-Virus (free)
  • GzlsbnV.png
    ESET NOD32 Anti-Virus (paid)
  • YARWD1t.png
    Kaspersky Anti-Virus (paid)
  • 7D2ig3K.png
    Emsisoft Internet Security (paid)

For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus.

The desktop has had issues for quite some time, including a "low battery" msg that I get, even though I have changed the battery several times.
This sounds like a hardware issue, perhaps caused by the age of the computer.

I will download it again but I see there are two to choose from. Which one should I get? Spybot 2.4 or what I had before which was Spybot Search and Destroy 1.6.2?
I will provide a download link for the version I recommend once we are done here.

Also, all the stuff I downloaded to my desktop in this clean up process and all the log/text files - do I delete them all?
As part of this process, I will also provide instructions on how to remove these files, as well as information on staying safe, and preventative measures you can take to ensure you do not become reinfected.

Please follow the steps in the post below.
 
STEP 1
CXrghb6.png
Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.
  • xGIhUGR.png
    Adobe Reader (Uncheck "Yes, install McAfee Security Scan Plus - optional")
  • iTeOzi7.png
    Adobe Air
  • j8JVMVP.jpg
    Java (Uncheck any additional software offers)
  • u9DsAVv.png
    Follow these instructions to check for and download the latest Windows Updates.

STEP 2
EtQetiM.png
Remove Outdated Software
  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe AIR
    • Adobe Reader X (10.1.10)
    • Java 7 Update 51
    • Java™ 6 Update 27
  • Follow the prompts and reboot if necessary.

STEP 3
zANS9oB.png
Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).
  • Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar.
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes.
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.

STEP 4
oxliOQk.png
Security Check
  • Please download SecurityCheck and save the file to your desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your desktop.
  • Copy the contents of the log and paste in your next reply.

======================================================

STEP 5
pfNZP4A.png
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • Confirmation you had no issues with the instructions.
  • checkup.txt
  • Confirmation you have no outstanding issues.
Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".
 
Hi, Adam,

* As per your initial reply today, I don't seem to be having any issues with the computer. It is booting up just as it used to, without delays.
* Thanks for the info on VoiceFive. I am not getting that pop up anymore. Thank you.
* I am not going anywhere yet. Lol. I will wait to see about a link you will send me for Spybot when we are done with everything else here.
* Thank you for the registry cleaner info as well. It is just as well I do not try to get into that as I know not what I am doing! I think I will be unloading what I can from both the laptop and old desktop and wiping them clean. Then either recycling them or donating them. Not sure there is a need for such old computers but I will look into it.
* Thank you for the antivirus suggestions. If I use the Norton made available to me for free through my provider, am I assuming correctly that I would not be able to also use avast! as they would be in each other's way?

* As per your second reply with "homework", I did not have any trouble with completing the instructions. I do, however, have some questions. Bear with me while I pick your brain!

STEP 1
Why did I install Adobe Air only to uninstall it in STEP 2? Or am I misunderstanding something?

STEP 3
Java - Why do I need Java on the computer if I have disabled it? I am showing my ignorance but am eager to understand better.

STEP 4
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Adobe Flash Player 13.0.0.214 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Thanks again for your help. I am not planning on signing out of this thread until you kick me out! Ha ha! I will wait to hear back from you to see what's next!
 
Hi Maureen,

If I use the Norton made available to me for free through my provider, am I assuming correctly that I would not be able to also use avast! as they would be in each other's way?
Correct.

It is inadvisable to have more than one anti-virus software installed on your computer at the same time. Doing so may:
  • Cause conflicts, negatively impacting the effectiveness of each anti-virus installed.
  • Trigger false-positives.
  • Cause system instability/performance issues. Your system may lock up or slow down due to both products attempting to access the same file.

Why did I install Adobe Air only to uninstall it in STEP 2? Or am I misunderstanding something?
You had an outdated version of Adobe Air on your system. The steps were to install the latest version and uninstall the outdated version. However, it is possible the outdated version was automatically removed as part of the installation of the latest version. If you find you do not have Adobe Air currently installed, and you use the software, then I suggest visiting the download site and redownloading.


Java - Why do I need Java on the computer if I have disabled it? I am showing my ignorance but am eager to understand better.
Java is mainly used for programming applications. The main purpose of Java does not require the browser plugin enabled.

Judging by your comment, I assume you have no reason for Java. In which case, I would recommend uninstalling the programme. Using Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications. According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.
- You don't need Java

Other reading material:
To Uninstall Java:
  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Java, right-click any associated programmes and click Uninstall.
  • Follow the prompts.

Adobe Flash Player 13.0.0.214 Flash Player out of Date!
It appears a new version has recently been released. Please visit the download site to download and install the latest version. Ensure you uncheck the Optional Offer.

Please visit this page to download and install the latest version of Spybot if you so wish. Click the Download button, and follow the prompts.
 
STEP 1
9SN2ePL.png
ComboFix Uninstall
  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Press OK.
  • Note: It may appear as if ComboFix is installing. This is not the case; it is uninstalling. Please allow the programme to run its course.

STEP 2
Z2qgMOy.png
OTL
  • Please download OTL and save the file to your desktop.
  • Double-click OTL.exe to run the programme. Ensure all other windows are closed.
  • Copy the entire contents of the codebox below and paste into the
    1wDyQ2v.png
    textbox.
    :OTL

    :Commands
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
  • Click the
    j7yFJut.png
    button.
  • Let the programme run and reboot your computer if prompted.

STEP 3
AFZxnZc.jpg
DelFix
  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Reset System Settings
  • Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key
pdKOQKY.png
+ r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
All Clean!
Congratulations, your computer appears clean!
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. Below I have compiled a list of resources you may find useful. The articles document information on computer security/maintenance, common infection vectors and how you can stay safe on the Internet.

The following security/maintenance programmes come highly recommended in the security community.
  • JEP5iWI.png
    Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website.
  • 6YRrgUC.png
    Malwarebytes Anti-Malware Premium incorporates real-time protection and is designed to run alongside your anti-virus.
  • j1OLIec.png
    SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • A5RLVbX.png
    CCleaner (portable) is a handy temp file cleaner. Avoid the built-in registry cleaner => see this article for information.
  • DgW1XL2.png
    Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • jv4nhMJ.png
    NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • KsUqI5A.png
    AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.

Wary of a particular file/website? Need a second opinion? Scan the file/URL using these free online scanner services:
-- Should you have any questions on the above tools, or computer security in general, please feel free to ask.


======================================================

Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread.

Thank you for using Spybot.

Safe Surfing.
Adam (LiquidTension).
 
Hi, Adam,

Wow, thank you for the indepth information and reading links you have suggested. I will read a bit at a time and hope to understand even a fraction of it!
A few things -

* Do I even need Adobe Air? I will reinstall it if you think I should have it.

* I updated Adobe Flash Player.

* I uninstalled Java. Less to worry about!

* I downloaded the new version of Spybot - Search and Destroy. The "face page" is bit different but I am familiar enough with the program that I'm sure I will figure it out!

* I also sent a donation, just as I did last time I was here. I know the money is much appreciated and goes to a great cause!

As for clean up...please see next reply. I am doing that now. Thanks!
 
Hi, Adam,

I uninstalled ComboFix, d/l OTL and ran it, d/l Delfix and ran it, rebooted and all the desktop icons are now gone. I can't thank you enough for helping me with all the issues. The computer seems to be fine, sounds like its old self! When you close this thread, will I still have access to it for all the reading material you provided within the replies? I will be digging in a bit to educate myself!

You did a great job walking me through everything and explaining everything along the way. I appreciate it so much! Hope your teachers know that! Thanks again!;)
 
Status
Not open for further replies.
Back
Top