Help Please!! - ZBot problems

Discussion in 'ESET NOD32 Antivirus' started by ljblee, Feb 11, 2009.

Thread Status:
Not open for further replies.
  1. ljblee

    ljblee Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    22
    A couple of days ago my daughter started experiencing a number of problems on her desktop computer. Upon investigation I found that the Firewall had been disabled. I managed to restore the firewall and ran a full scan using NOD32 (which had been running all the time any way). Everything seemed to be OK.

    Now NOD is reporting that Sky.Zbot.IB (a variant thereof) is running a program rdr.exe (?) from 77.122.133.X. Every time the NOD message appears I terminate the process.

    I assume that the computer has been infected by some kind of Trojan which is 'calling home'. I also assume that it was the Trojan which disabled the firewall.

    I am now running another NOD full scan.

    Will NOD remove whatever is on the computer to stop this from keep happening? If not does any one have any advice as to what I need to do? Can I block the IP range with the Windows XP firewall?

    Thanks in advance for any help offered.
     
    Last edited: Feb 11, 2009
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Try a full scan in safe mode.
     
  3. ljblee

    ljblee Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    22
    I ran a full scan in safe-mode. NOD didn't find any threats.

    Any more suggestions please?
     
  4. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Did you discovered something suspicious after running the SysInspector ?
     
  5. ljblee

    ljblee Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    22
    I have now downloaded SysInspector and run it.

    I am not really sure what I should be looking for though.

    What section/entries should I be looking for?
     
  6. SternMan

    SternMan Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    31
  7. ljblee

    ljblee Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    22
    Thanks

    Malwarebytes identified a few problems which it has now cleared/deleted.

    I will see if that has resolved the problem.
     
Thread Status:
Not open for further replies.