Author Topic: Spyware (Zbot.OUT) found  (Read 30842 times)

0 Members and 1 Guest are viewing this topic.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #75 on: August 17, 2012, 10:37:52 PM »

Did you shutdown/restart and run System File Checker again after receiving this message?

 :grin: Oops. No, I didn't. So... I did that today - ran the System File Checker and then restarted/ran again 3 times after the first time. I got the same corrupt files message each time. Not sure whether that means it keeps fixing the same corrupt files; and if so, why would it keep fixing the same corrupt files over and over again if they've already been fixed?

Here's the whole scannow text:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>sfc /SCANNOW

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

I'll try resetting my IE settings and let you know how it goes. On second thought, I'm able to log in from my own computer tonight, and I haven't had problems with the 'Security Alert' stopping me (with logging on, or previewing my post), so maybe I'll wait a day and see if it's actually resolved itself. Knock on wood, I'll see what happens when I click on 'post'... Thanks. D. *Adding on, I'm modifying my post just so I can tell you that I was able to post w/o the Security Alert blocking me.*  :D

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #76 on: August 17, 2012, 10:53:30 PM »
I spoke too soon. At least I haven't gotten the Security Alert pop-up the last two times I've logged in here at these forums; but I wanted to test it, and tried logging into Photobucket, and I got the Security Alert pop-up. So, I think I'll try the IE reset.

If this new Security Alert message started because of downloading either the Spywareblaster or MSE, maybe I could try uninstalling Spywareblaster to see if it disappears, and if not, uninstall MSE (and download a different antivirus program) and see what happens? I won't do everything all at once, though (ie. the IE reset and uninstalling the programs). Just throwing this out there. I like MSE but I have it scheduled to do a quick scan every morning at 8, and it still hasn't done it automatically. I've had to manually do the updates and scans each day so far.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20883
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Spyware (Zbot.OUT) found
« Reply #77 on: August 18, 2012, 12:22:00 AM »
If anything, you may need to uninstall MSE and reinstall it.   Why don't you try that first.

As to the repeated errors found, please let me know if you are willing to "follow me" to another forum where there is someone who analyzes CBS.logs.   


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #78 on: August 18, 2012, 11:52:21 AM »
 :police:  :wink: I did more searching on the internet last night for the Security Alert that I'm getting. I typed the exact wording into google, and came up with the following. It's a genuine Windows alert, for one thing. I'm imagining it became enabled after downloading either MSE or Spywareblaster. The fix is to go to Internet Explorer/Tools/Internet Options/Advanced/Security, and way down the list is "Warn if changing between secure and not secure mode". It was checked, so I unchecked it. I also restarted the computer to see if it would go back to being checked, but it stayed unchecked. Apparently some people have problems with it being enabled again (against their will, and probably under the influence of some computer protection program they've downloaded). So far so good, but if it keeps coming back on I'm going to have to figure out the program that is causing it to be checked under my IE security settings.

Re: the CBS logs, will that repeated error cause some sort of problem with my computer, do you know? If you think so, I'll follow you to the forum you mentioned. Thanks, Corrine.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20883
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Spyware (Zbot.OUT) found
« Reply #79 on: August 18, 2012, 04:46:52 PM »
Hi, dee_can.

Good job on the Security Alert.  DonnaB and I discussed making that change but wanted to trouble-shoot other things first. 

Yes, I think it would be a good idea to follow through on the repeated errors.  niermiro, the person who analyzes CBS.logs (as well as logs with Windows Update problems) is very good at what  he does.

First, however, let's take care of uninstalling ComboFix.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.




Now, you need to register an account at http://www.sysnative.com.  Don't be surprised by the different look & feel there.  It is a different forum software than here.  :) 

After you have completed registration, please do the following to provide a copy of the CBS.log for niermiro to review:

1.  Navigate to the saved log at C:\Windows\Logs\CBS\CBS.log

2.  Right-click on CBS.log and select Send To, and click Compressed (zipped) Folder.

Note:  When you receive the message,
Quote
Windows cannot create the Compressed (zipped) Folder here. Do you want it to be placed on the desktop instead? Yes/No
select Yes, and then note the name of the zipped file that you saved to the desktop.

3.  With your brand new account at Sysnative, go to the Windows Update forum and create a new topic.  All you need to post is something about me referring you to have your log reviewed.  Although niermiro is expecting you, he is in the U.K.  Between the time difference and analyzing the log, don't be surprised if there is a delay.

4. Important:  After typing your message, before you click the "Submit New Thread" button, scroll down to the "Additional Options" section.  Click Manage Attachments, which will open a new window.
  • Click Add Files in the upper right corner
  • Click Select Files
  • Navigate to your desktop and select the saved zip file (i.e., C:\Users\Owner\Desktop\CBS.zip)
  • The attached file will be highlighted and have a checkmark in the box.  Click Done.
5.  You can now click the Submit New Thread button! 

It sounds more complicated than it really is but don't worry if you have questions or problems.  I'll be both here and at Sysnative. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #80 on: August 18, 2012, 09:51:15 PM »
Good job on the Security Alert.  DonnaB and I discussed making that change but wanted to trouble-shoot other things first.

I hope I didn't jump the gun on that since you may have found another way to get rid of the Security Alert without me unchecking the security warning. Hopefully it won't make my computer vulnerable by me doing that, but in the 3 or 4 years I've had this computer (or any other computer) I've never received an alert telling me I was about to leave a secure connection for an unsecure one. I was a bit nervous about resetting my IE to default though just in case I had to reset anything manually after that, which I was afraid I wouldn't know how to do.

I uninstalled ComboFix as per your instructions. I was wondering about the TDSSKiller, DDS, and Security Check. I just went ahead and typed each one in the Visa Search line, and deleted all the relevant files, etc. from there. Would that be sufficient to uninstall the programs from my computer?

About the CBS logs. I was thinking I might have a problem with those, and I did. I couldn't send the files to a compressed zipped folder on the desktop because I got the message 'file not found or no read permission'. I'm sure the file was found since it's pretty big so it had to be the no read permission. How do I get around that? I tried going into the security settings but didn't really know what to do once I got there, and didn't want to mess up my computer by experimenting. It might be awhile before I get to Sysnative...  :) Thanks, D.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #81 on: August 18, 2012, 10:13:58 PM »
Part II.  I hope you don't mind helping me with this Corrine, but I also have a question about the AVG removal that I did earlier before installing MSE. I was just checking my programs list in my control panel, and I see I still have 2 programs by AVG. One called visual C++8.0 runtime setup package by AVG Technologies CX, s.r.o; and the other is called Visual Studio Redistributables 2008 by AVG Technologies. Should I just uninstall these from the Programs and Features list? They are taking up 2.23 MB and 11.7 MB respectively. I actually ran the AVG removal tool a few times since I did keep finding avg files. I ended up just deleting some of them manually. 

btw, my computer is running really fast right now. I did a defragmentation this afternoon, which took almost 5 hours, but wow, what a difference it seemed to make. I'll have to do defrags more often. Helps to have no spyware, mainly, though (although I'm cautiously optimistic).  :laugh: With Malwarebytes, Spywareblaster, Superantispyware, MSE, and now WinPatrol (as of today) installed, I hope I'm covered. WinPatrol is a bit of a mystery, but any questions and I'll ask in the WinPatrol part of the forum. Thank you, as always. D.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #82 on: August 19, 2012, 06:17:41 PM »
Corrine, I was able to send the CBS logs to a zipped file. So, I'll go to the other forum and post them. Hopefully there is something in them.  :lol: (See you there.)

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20883
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Spyware (Zbot.OUT) found
« Reply #83 on: August 19, 2012, 07:42:44 PM »
Great news! 

(Meanwhile, I'm dealing with one of my computers that has developed some serious issues -- not malware -- a combination of hardware/software issues.  :( )


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #84 on: August 19, 2012, 08:52:33 PM »
Sorry to hear about your computer issues, Corrine. I hope you can fix it.  :)

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #85 on: August 27, 2012, 12:09:00 PM »
I'm not sure if I should be posting and reopening this thread or not, but I just wanted to say (for anyone who might be curious) that I seem to have the CBS Log issues straightened out. It's a bit of a long story, but in the end I had to uninstall IE9 and 8, and reinstall IE9. Things are looking pretty good right now, and I no longer have the CBS Log errors. Thanks, Corrine, for referring me to Sysnative.  :smiley:

A few posts ago, I said that I had unchecked 'warn if changing between secure and not secure mode'; I checked my settings on the new IE9 install, and it's still unchecked. Should I just leave it unchecked? I'm not sure if it's normally checked or not by default.

Thanks, D.



Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20883
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Spyware (Zbot.OUT) found
« Reply #86 on: August 27, 2012, 01:32:02 PM »
Hi, Dianne.

I'm so glad the problems were resolved with IE at Sysnative. 

Since you uninstalled both IE9 and IE8 and did a fresh install of IE9, you have the default settings.  That said, as you know, the setting provides a  warning that the browser is redirecting from a secure Web site (https) to a non-secure Web site (http) and is more secure.  Since you know how to change the setting, go ahead and check the setting.  If you find it unnecessary or obtrusive, you can always uncheck it later.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline dee_can

  • Full Member
  • ***
  • Posts: 60
    • View Profile
Re: Spyware (Zbot.OUT) found
« Reply #87 on: August 27, 2012, 05:16:44 PM »
I will do that. Thanks. And once again thank you for all of your help with my computer over these past weeks, Corrine.

Dianne