[phreakmi]

I turned on my computer this morning and windows malware said I had a trojan in the win32/zonebac.gen!f and that it could not remove this I have ran adware spybot ad mcafee and none seem to be able to remove it. Going onto mcafee's website and I couldn't even find this threat listed in their database, unless there is another name for it. I was wondering what should my next step be in trying to remove this from my computer. Thanks in advance for any help.

[Howard]

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Also, please post a HJT log.

Regards Howard

[phreakmi]

[Howard]

Have HJT fix this entry.

O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Post the Combofix log as well as a fresh HJT log.

Regards Howard

[phreakmi]

[Howard]

Unless you know for a fact that this is safe, I suggest you uninstall it and have HJT fix the entry: O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll

Then delete the following directory.

C:\Program Files\eSoftware

Other than that, your logfiles look clean.

Rename HijackThis.exe as follows.

You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

You can now close the HJT directory.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard

[phreakmi]

[Howard]

That`s clean mate.

I did ask you to let me know if you were still having problems.

Regards Howard

[phreakmi]

I just ran another scan on the windows malicious removal tool and it is still detecting the zonebac backdoor trojan.:frown:

[Howard]

Ok, can you give me the exact file path to where the WMRT is finding the infection?

I also suggest you run the AVG Antispyware programme as per steps $, 11, 12. Then, post the AVG Antispyware log.

Regards Howard

[phreakmi]

I just found the file path C:\Program Files\Synaptics\SynTP\SynTPLpr.exe I will run AVG antispyware in the mean time

[Howard]

The SynTPLpr.exe should be a legit file, though it`s possible it has been infected.

Uninstall and reinstall the Synaptics software and see if the WMRT still finds it. If it does, I would suggest this is a false positive.

Edit: You can also have the file scanned over at Jotti`s.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
* Click Open
* Please let me know the results.

Regards Howard

[phreakmi]

jotti.org said that it was infected malware. So the best bet now is to unistall and reinstall the software then?


avg report attached although really nothing there i guess just tracking cookies

[Howard]

Yes, please do the following.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Synaptics

Close control panel.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

SynTPLpr.exe

Close task manager.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Synaptics

Reboot into normal mode and rehide your protected OS files.

Reinstall the software if you need it, but make sure you get it from a legit source.

Let me know how it goes.

Regards Howard

[phreakmi]

everything went well and the wmrt did not find anything with the new scan, Thank you soo much for all your help again howard. It is much appreciated!

[Howard]

No problem mate.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

You may want to have a read of this thread HERE.



If you have any further virus/spyware problems, please post in this thread.

Regards Howard