Find the perfect gift for everyone
Spyware, viruses, & security : Win32.Zafi.B - I think Trojan fake - PLEASE HELP
Win32.Zafi.B - I think Trojan fake - PLEASE HELP
by Bashaga1 - 1/12/09 11:17 AMHi,
Today I've been infected with this thing ( bug,trojan,trojan.fake .. god only knows )
I the beginig I thought it's a normal virus or trjoan so I scnaed with Norton, Kaspersky & Avast - they haven't found anything. Later on I've scnanned with Spybot and SuperAntiSpyware - no results neither. Going through different forums I've came accross an idea that this might be a fake trjoan ( few posts by Marianne )
What's wrong:
1. Every 10-15 min window pops up: "Windows Security Alert", Windows firewall has detected unauthorized activity, but unforunately it cannot help you to remove viruses, keyloggers and other spyware etc..
Name: Win32.zafi.B
Risk Level: High
Description: This Trojan has a keyboard logging function, which is intended to steal information from users of a range of online payment systems.
2. Internet Explorer crashes everytime first displaying follwing massage:
"Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended). "
I've used all my knowledge - PLEASE HELP!!!!
Thanks,
Did you try.....
by Marianna Schmudlach
- 1/12/09 12:13 PM
In reply to: Win32.Zafi.B - I think Trojan fake - PLEASE HELP by Bashaga1
Bitdefender's Removal tool?
http://www.bitdefender.com/VIRUS-33771-en--Win32.Zafi.B@mm.html
Did you try MalwareBytesAntiMalware?
Please download Malwarebytes Anti-Malwareand save it to your desktop.
alternate download link 1
alternate download link 2
* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates,
manually download them from here
and just double-click on mbam-rules.exe to install.
Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top.
It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully.
Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.
Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Kaspersky also has a removal tool:
http://www.kaspersky.nl/en/virus-removal-tools/email-worm.win32.zafi.b.html
WOW it worked! :)
by Bashaga1 - 1/12/09 12:51 PM In reply to: Did you try..... by Marianna Schmudlach
Malwarebytes Anti-Malware worked, I've installed it but initally didn't want to run. After 4-5 try eventually it started and right after 1st scan it has found fake trojan.
Log has showed:
C:\Users\Olo\AppData\Roaming\Google\mjkspc.dll (Trojan.FakeAlert)
C:\Users\Olo\AppData\Roaming\Google\wclock.exe (Trojan.FakeAlert)
It's amazing, it was 10th ot 11th program I've used and first one to actually work.
Thanks a million I must say Marianna you're the best!
Cheers,
Peter
Win32.Zafi.B
by beefyalby - 4/20/09 1:48 AM In reply to: WOW it worked! :) by Bashaga1Went to safe mode....
found 2 files very similar to:
C:\Users\Olo\AppData\Roaming\Google\mjkspc.dll (Trojan.FakeAlert)
C:\Users\Olo\AppData\Roaming\Google\wclock.exe (Trojan.FakeAlert)
deleted them both, restarted, and virus gone.
This of course after uninstalling Norton
Norton uninstaller available via symantec web site
very simple
Thank you so much!
by jccone - 1/14/09 5:54 AM In reply to: Did you try..... by Marianna Schmudlach
Just wanted to also thank you Marianna. This solution worked for me as well. I'm running Vista and I was getting the fake security popups. It was also crashing firefox (I couldn't even open it), and IE7 would crash after being open for a few minutes or going to more than one page.
This solution worked for me, after several other scans didn't work.
Thank you so much for this information!
(NT) Great Job - Thanks for letting us know :)
by Marianna Schmudlach - 1/14/09 9:08 AM
In reply to: Thank you so much! by jccone
too late?
by compbaka - 1/17/09 10:34 PM In reply to: Did you try..... by Marianna Schmudlach
I tried saving the file to my thumbdrive from my desktop (which I am currently on) because the morning after the "error message" popped up, I was no longer able to fully boot my laptop in anything but safe mode; alas, I cannot download the file in safe mode *sadness* and can now not delete the icon off the desktop. My error message said almost the same thing with slightly different wording. It's very frustrating when I know almost nothing about computers. I'm at the point of wanting to throw my laptop out the window and tell Dell it fell so maybe they'd just replace it since it's still under warranty haha.
Is there anyway to get any program to scan and remove when I can't boot in anything but safe mode? All of my schoolwork is on there heh, it's a rather important laptop as much as I get frustrated with it.
Thanks,
compbaka
IF you are not able to download these tools on your machine
by Marianna Schmudlach - 1/17/09 10:53 PM
In reply to: too late? by compbaka
please use a friend's or family member's computer and download the Malwarebytes tool and it's manual update from the link below.. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "Your Name.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Your Name.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe
Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe
SuperAntispyware
http://www.superantispyware.com/
SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
Superantispyware
by derbythedog - 1/19/09 5:15 AM In reply to: IF you are not able to download these tools on your machine by Marianna Schmudlach
I got superantispyware to work using the alternate start from the programs menu. It took me two days to finally get rid of this but am glad I finally did.
Thanks for all the suggestions.
(NT) Super - Great Job ! Thanks for letting us know :)
by Marianna Schmudlach - 1/19/09 9:42 AM
In reply to: Superantispyware by derbythedog
re fake trojan
by compbaka - 1/27/09 3:40 PM In reply to: IF you are not able to download these tools on your machine by Marianna Schmudlach
my dad burned me a disc with mcafee stinger, mbam, and spybot on it and i only needed to use the stinger..it got everything off. of course now my harddrive is going so i still have to send it in to be repaired and probably have the whole thing wiped anyways....sigh such is life
Thanks
by rrhyne - 2/3/09 6:01 PM In reply to: IF you are not able to download these tools on your machine by Marianna Schmudlach
Thanks very much. This virus made it through McAfee and went undetected by Spybot and Hijack This.
After 3 hours of trying to fix this on my own, Malwarebyte took care of things in 5 minutes, including moving from one PC to another since I could not get to the Internet on the one with the problem.
Saved my day and week since I am working from home this week.
(NT) Super ! Keep MBAM updated :)
by Marianna Schmudlach - 2/3/09 6:07 PM
In reply to: Thanks by rrhyne
Possible log ins
by CharlesAlanRichardson - 2/5/09 10:52 AM In reply to: too late? by compbakaWhen logging in safe mode, you have the option to select different configurations. At initial boot press F8 a few times to get the safe mode menu up. Select log in with networking. This will allow your network connections to funtion.
I'm fighting the same worm on a customer's machine remotely, it's not fun.
MALWARE ANTI MALWARE
by KC1113 - 1/19/09 2:25 PM In reply to: Did you try..... by Marianna Schmudlach
Hi THANK YOU SOOO MUCH everyone who has posted on here about this. (((especially Marianna Schmudlach))) This "thing" wouldnt let me go online to download the Malware anti malware so I put it on a disc and ran it FULL SCAN after installing and it took a little while to check but WOW!!!!!!!! It worked awesome. I highly recommend anyone else with this same problem to do the same thing because the pop up is gone - I searched all the former files and they have been deleted.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
