Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Desktop infected with PWS:Win32/Zbot.DW

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 08-01-2010
Member
 
Join Date: Nov 2009
Posts: 859
Desktop infected with PWS:Win32/Zbot.DW
  

I am using Windows Vista operating system with Avira antivirus and my browser is IE8. My desktop has been infected with PWS:Win32/Zbot.DW and the the antivirus that I am using in my system alerted me about this a couple of days ago. The problem is that I am not able to remove this infection with the help of the antivirus. So, I need a method for its removal from the system. Is there any technique to stop them from entering the system? Kindly reply with suitable suggestions.

Reply With Quote
  #2  
Old 08-01-2010
Member
 
Join Date: Jan 2006
Posts: 3,780
Format the system

I advice you to format the system if your desktop has been infected with PWS:Win32/Zbot.DW. This is a very harsh method because there is a possibility of loosing the applications that you have installed in the system. You will ultimately have to use this method, since the infection seems to have taken control over the antivirus and the rest of the programs in the system. This may be the reason why you may not be able to delete the infection using the antivirus. If it keeps going like this, there is also a possibility of a system crash.
Reply With Quote
  #3  
Old 08-01-2010
Member
 
Join Date: Apr 2008
Posts: 3,344
Manually delete the infection

If the desktop is infected with PWS:Win32/Zbot.DW, then I suggest you to manually delete the infection, rather than formatting the system. Here are the files that you need to search for and to be deleted:
  • %ProgramFiles%\linkedtricks\linkedtricks.exe
  • %System%\sdra64.exe
  • %Temp%\6_ldr3.exe
  • %Temp%\adv.exe
  • %Temp%\tmp.exe
  • %Temp%\tmp1.exe
This may probably solve your problem.
Reply With Quote
  #4  
Old 08-01-2010
Member
 
Join Date: Apr 2008
Posts: 3,426
PWS:Win32/Zbot.DW modifies the registry values

PWS:Win32/Zbot.DW modifies the registry values and I recommend that you should also delete the modified registry values to permanently eradicate them from the system. Here are the registry values that are modified and that requires deletion:
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider
Just dont forget to get into the safe mode before you do the deletion of the above values.
Reply With Quote
  #5  
Old 08-01-2010
Member
 
Join Date: Jan 2006
Posts: 4,230
Methods to avoid infections from entering into the system

Since your desktop is infected with PWS:Win32/Zbot.DW, you need to know the methods to avoid infections from entering into the system:
  1. Always keep a firewall running in the system.
  2. Keep the system well updated.
  3. The antivirus database has to be kept updated.
  4. Do not accept file transfers from unknown users.
  5. Do not open email attachments from unknown users.
  6. Do not download pirated softwares.
  7. Beware of social engineering.
  8. Protect your Windows account with strong passwords.
Reply With Quote
  #6  
Old 08-01-2010
Member
 
Join Date: Feb 2008
Posts: 2,636
Description about PWS:Win32/Zbot.DW

If the desktop is infected with PWS:Win32/Zbot.DW, then you need to use some good antivirus like AVG to scan your system and then remove all the infections that are found during the scan. Here is some description about PWS:Win32/Zbot.DW:
  1. All the keystrokes like username, password, credit card number, etc. are captured by this infection and given to the attacker.
  2. This malicious content possesses a great risk factor when the system in on the network.
  3. It acts as a backdoor, that allows other infections to enter into the system.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Desktop infected with PWS:Win32/Zbot.DW"
Thread Thread Starter Forum Replies Last Post
How to delete Trojan-Spy.Win32.Zbot.zcd Kallol Networking & Security 5 05-02-2010 11:21 PM
Help to delete PWS:Win32/Zbot.PG Common Networking & Security 8 02-02-2010 07:09 PM
Infected by PWS-Zbot.gen.ab trojan Techno Guru Networking & Security 5 11-01-2010 12:14 PM
How to get rid of this Trojan.Spy.Win32.Zbot.Otb? DEWITT Networking & Security 5 01-01-2010 04:03 PM
Dell Desktop infected by Win32/Renos.JW Jesus-Ernesto Networking & Security 5 23-12-2009 11:17 PM


All times are GMT +5.5. The time now is 06:09 AM.