Results 1 to 6 of 6

Thread: Removal solution for TSPY_ZBOT.AXU virus

  1. 10-02-2010 #1
    Eber
    Eber is offline Member
    Join Date
    Nov 2009
    Posts
    752

    Removal solution for TSPY_ZBOT.AXU virus

    Hi everybody, I am having personal computer with Windows Vista operating system. But system was infected TSPY_ZBOT.AXU virus. This idiot virus makes many of the unwanted files each drive and also creates a autorun file each drive of a hard disk. After deleting this file then this recreates again. I want some strong solution for removing this virus. Can any one please help me?
    Reply With Quote Reply With Quote
  2. 10-02-2010 #2
    Steve123
    Steve123 is offline Member
    Join Date
    Feb 2008
    Posts
    2,635

    Re: Removal solution for TSPY_ZBOT.AXU virus

    TSPY_ZBOT.AXU virus is depends upon execution, this virus create a replica of its own in the system folder. It alos makes a folder with attributes System and Hidden, where it makes a non-malicious files. This virus makes changes in registry entries to make it enable its automatic execution at system every start. This virus pushed into the ruled WINLOGON.EXE and SVCHOST.EXE processes as component of its memory residency routine.
    Reply With Quote Reply With Quote
  3. 10-02-2010 #3
    Shen
    Shen is offline Member
    Join Date
    May 2008
    Posts
    2,945

    Re: Removal solution for TSPY_ZBOT.AXU virus

    Deleting autorun entries from the registry entries:
    * First Open Registry Editor.
    *Click Start then Run, type REGEDIT, now press Enter.
    *In the left panel, do the double-click on
    HKEY_LOCAL_MACHINE>Software>Microsoft>Windows NT>
    CurrentVersion>Winlogon
    *In the right panel, find the entry:
    Userinit = "%System\Userinit.exe,%System%\ntos.exe,"

    * Now Right-click on the value name and select Modify. modify the value data of enttry:
    %System%\userinit.exe,
    Reply With Quote Reply With Quote
  4. 10-02-2010 #4
    Big Fish
    Big Fish is offline Member
    Join Date
    Jan 2006
    Posts
    3,792

    Re: Removal solution for TSPY_ZBOT.AXU virus

    Deleting several other malware entries in the registry.

    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>
    CurrentVersion>Network

    UID = "{computer name}_{random numbers}"
    Reply With Quote Reply With Quote
  5. 10-02-2010 #5
    Zachary
    Zachary is offline Member
    Join Date
    Jan 2006
    Posts
    4,221

    Re: Removal solution for TSPY_ZBOT.AXU virus

    TSPY_ZBOT.AXU virus
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
    CurrentVersion\Winlogon

    Userinit = "%System%\Userinit.exe,%System%\ntos.exe,"
    Reply With Quote Reply With Quote
  6. 10-02-2010 #6
    Big Fish
    Big Fish is offline Member
    Join Date
    Jan 2006
    Posts
    3,792

    Re: Removal solution for TSPY_ZBOT.AXU virus

    TSPY_ZBOT.AXU grayware tries to fetch the information from the given list of banking company:
    Alliance & Leicester
    BBVA
    BG Net Plus
    Banca Intesa
    Banco Popular
    Banesto
    Banif
    Caixa Girona
    Caixa Ontinyent
    Caixa Tarragona
    Caja Vital
    Caja de Avila
    Caja de Jaen
    Citibank
    Citizens
    Dresdner
    Fiducia
    GAD
    Gruppo Carige
    HSBC
    Halifax
    OSPM
    Openbank
    PayPal
    Procredit
    TD Canada Trust
    US Bank
    Uno-E
    Volksbanken Raiffeisenbanken
    Reply With Quote Reply With Quote
« Avoid Trojan-Spy.Win32.Zbot.zzg from entering the computer | Infection of JS.Spacehero (XSS) worm »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1,751,279,954.49186 seconds with 16 queries