Home > Help > Help - Trojan.zonebac

Help - Trojan.zonebac

Please post the information back in this thread. Connects to one of these remote Web sites or IP addresses to retrieve a command instruction data file that Win32/Zonebac will act upon. Forgot your password? I'm not seeing much from your logs either. check over here

Davetoo (IS/IT--Management) 25 Feb 08 13:14 Honestly? Save it to your desktop, call it Reg BU & add date to it. For more information, see 'What is social engineering?'. button at the lower right & verify that there's a ?

Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Help Trojan, Zonebac Started by ndutyme , Feb 08 2008 03:22 PM This topic is locked 3 replies to this topic #1 ndutyme ndutyme Members 20 posts OFFLINE Local time:08:13 Use caution when clicking on links to web pages.

shaolin77 (Programmer) (OP) 26 Feb 08 11:16 yes restore was turned off.I removed it safe mode mode and when booted the PC in normal mode Norton kicked in indicating that it A bit of Googling confirmed this was caused by the virus 'Trojan.Zonebac'. I don't see any Security updates or Hotfixes. 0 OptionsEdit jc29ems Jan 2007 edited Jan 2007 Here are the results. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 -

Click "OK".* Make sure everything has a checkmark next to it and click "Next".* A notification will appear that "Quarantine and Removal is Complete". linney (TechnicalUser) 25 Feb 08 23:08 "checked for lasss.exe"Do you mean you checked for "lSasss.exe" as per this lineIn the right pane, delete the value:"Lexmark_X79-55" = "%System%\lsasss.exe"Removing adware & spyware FAQ608-4650: Similar Topics Help with trojan.zonebac Nov 19, 2007 Stupid viruses. http://www.bleepingcomputer.com/forums/t/130119/help-trojan-zonebac/ A red dot shows which drives have been chosen.* Click the green arrow at the right, and the scan will start.* Click 'Yes to all' if it asks if you want

It doesn't actually infect lsass.exe, just creates a file called lsasss.exe which you can delete if it's still present. Limit user privileges on the computer Starting with Windows Vista and Windows 7, Microsoft introduced User Account Control (UAC), which, when enabled, allowed users to run with least user privileges. I've tried running Adware, Spybot, and I've update my Spyware Blaster. Alternate Streams Check: C:\WINDOWS\system32 No streams found.

All Rights Reserved. Register now! Below is the hijackthis log, anyone that can help i'd really apprechiate it!!!! Avoid downloading pirated software.

I'm not too fimular with running programs on different computers like that. check my blog Are you looking for the solution to your computer problem? Login now. Save it to the desktop or to a folder in a permanent directory.

C:\WINDOWS\SiSUSBrg.exe is infected with Trojan.Zonebac C:\WINDOWS\system32\keyhook.exe is infected with Trojan.Zonebac C:\WINDOWS\system32\NeroCheck.exe is infected with Trojan.Zonebac C:\Program Files\Winamp\winampa.exe is infected with Trojan.Zonebac C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe is infected with Trojan.Zonebac C:\Program Files\McAfee.com\VSO\mcvsshld.exe is infected When an attacker attempts to take advantage of human behavior to persuade the affected user to perform an action of the attacker's choice, it is known as 'social engineering'. I have been having problems with the trojan.zonebac. http://zuneuser.com/help/help-trojan-isamini-exe.php Under Possibly unwanted software all boxes should be selected.

The time now is 03:13 PM. I cannot log into AIM also my Systantec Antivirus and Norton Personal Firewall are not showing up in the task window on my toolbar. By joining you are opting in to receive e-mail.

Western Australia.

I don't know how to remove it please help. Close and then re-open Internet Explorer. Reboot back to normal mode. Click on scanner at top of AVG antispyware sceen.

Sonic Update Manager Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 Symantec AntiVirus Viewpoint Media Player Windows Defender Windows Defender Signatures Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media In my origional post, I included the first hijack log, not sure if there is going to be any difference. Also are the results of SDFix and also a new hijackthis log. have a peek at these guys Copy/paste it here, please. (If your antivirus queries the script, allow it to run.

If you're still around, please let me know so we can get this finished. Remember, if you can't stand behind our troops, feel free to stand in front of them!Bob RE: Trojan.zonebac HELP!!! TechSpot is a registered trademark. Top Threat behavior Win32/Zonebac is a family of backdoor Trojans that allows a remote attacker to download and run arbitrary programs, and which may upload computer configuration information and other potentially sensitive data to

Create a new folder only for HijackThis (Example : C:\HJT).But don't let it on your desktop or in a temp folder! Join over 733,556 other people just like you! JC 0 Crunchie Mandurah. Advertisement Web Hosting News Trump Ties at Oracle, IBM Could Pose Recruitment Challenge Oracle to Settle Lawsuit with Former Cloud Finance Manager Shopify CEO Defends Right to Host Controversial Client Breitbart

Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now Web Hosting Talk Newsletters Subscribe Now & Get The WHT Quick Start Guide! Join Us! *Tek-Tips's functionality depends on members receiving e-mail. Join UsClose Icrontic › All Discussions › Spyware & Virus Removal If geeks love it, we’re on it What’s happening on Icrontic UPSLynx Top EA shill, The Dean of Computer Graphics

Read this before Cleaning or Formatting If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. I am also unable to perform a system restore and some websites I cannot visit, I get an unable to connect to that site window. Under How to scan all boxes should be selected. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage

It will open up a report in notepad. For self-help options: Frequently Asked Questions Find Solutions Windows Update Newsgroup For assisted support options: Microsoft Online Assisted Support (no-cost for update-related issues) VirusTotal Log VirusTotalVirusTotal is a free file analisys Advertisement Recent Posts Can add files to microSD card... :z: replied Feb 10, 2017 at 9:10 AM NET Runtime version... Try our mobile theme.

Let me know what else we could try. Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 1 user(s) are reading this topic 0 members, 1 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com