Hello all..I hope dearly that someone here can help me...
I have no idea where it came from, but last week my laptop got caught by that antivirus live fake scanner prog thats out and about...I managed to get shot of it, but its left both win32.zbot and win32.Agent.pz behind.. Spybot S&D detects them, but they come back on reboot..So I have run combofix and SD Fix, but the little blighters are still there... After running SDFix in Safe Mode,ad letting it finish in normal windows, I re-ran Spybot, and they are stil there, this time with more entries. Below is the log that SDfix came up with...Is there any solution other than a re-install?? Theres' nothing I cannot regain on the drive, so it won't break my back, but I haven't really the desire or time for a clean install at the mo...
(My specs BTW are 2.6 GHZ processor, 2GB SDIMM RAM on Asus L58L laptop, XP SP3, Kaspersky Internet Security 9.0 )
I eagerly await your reply !!!
Andy W
HERE'S THE LOG
SDFix: Version 1.240 Run by Mr Woggle on 11/12/2009 at 14:29
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\MRWOGG~1\LOCALS~1\Temp\tmp6.tmp - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-11 15:16:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Sports Interactive\\Football Manager 2010 Demo\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2010 Demo\\fm.exe:*:Enabled:Football Manager 2010 Demo"
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe:*:Enabled:Football Manager 2010"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 4 Nov 2009 1,168,216 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 10 Dec 2009 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Bases\Cache\av1.tmp"
Fri 11 Dec 2009 18,442,529 A..H. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Bases\Cache\av4.tmp"
Finished!
