Desktop infected with PWS:Win32/Zbot.DW

I am using Windows Vista operating system with Avira antivirus and my browser is IE8. My desktop has been infected with PWS:Win32/Zbot.DW and the the antivirus that I am using in my system alerted me about this a couple of days ago. The problem is that I am not able to remove this infection with the help of the antivirus. So, I need a method for its removal from the system. Is there any technique to stop them from entering the system? Kindly reply with suitable suggestions.

I advice you to format the system if your desktop has been infected with PWS:Win32/Zbot.DW. This is a very harsh method because there is a possibility of loosing the applications that you have installed in the system. You will ultimately have to use this method, since the infection seems to have taken control over the antivirus and the rest of the programs in the system. This may be the reason why you may not be able to delete the infection using the antivirus. If it keeps going like this, there is also a possibility of a system crash.

If the desktop is infected with PWS:Win32/Zbot.DW, then I suggest you to manually delete the infection, rather than formatting the system. Here are the files that you need to search for and to be deleted:

• %ProgramFiles%\linkedtricks\linkedtricks.exe
• %System%\sdra64.exe
• %Temp%\6_ldr3.exe
• %Temp%\adv.exe
• %Temp%\tmp.exe
• %Temp%\tmp1.exe

This may probably solve your problem.

PWS:Win32/Zbot.DW modifies the registry values and I recommend that you should also delete the modified registry values to permanently eradicate them from the system. Here are the registry values that are modified and that requires deletion:

• HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}
• HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
• HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider

Just dont forget to get into the safe mode before you do the deletion of the above values.

Since your desktop is infected with PWS:Win32/Zbot.DW, you need to know the methods to avoid infections from entering into the system:

1. Always keep a firewall running in the system.
2. Keep the system well updated.
3. The antivirus database has to be kept updated.
4. Do not accept file transfers from unknown users.
5. Do not open email attachments from unknown users.
6. Do not download pirated softwares.
7. Beware of social engineering.
8. Protect your Windows account with strong passwords.

If the desktop is infected with PWS:Win32/Zbot.DW, then you need to use some good antivirus like AVG to scan your system and then remove all the infections that are found during the scan. Here is some description about PWS:Win32/Zbot.DW:

1. All the keystrokes like username, password, credit card number, etc. are captured by this infection and given to the attacker.
2. This malicious content possesses a great risk factor when the system in on the network.
3. It acts as a backdoor, that allows other infections to enter into the system.