December 21, 2011 17:20 [SOLVED] Zbot.G #185315
Top
moejoe88

Avatar

Novice
Join Date: 21.12.2011
Posts: 4
Hi there,
I have searched for related threads but have only seen ones regarding infected systems.
Having acquired Zbot.G (ramnit virus?) i reformatted my system as a fresh install was well overdue, however obviously my external harddrive with all of the good stuff (media etc) is still completely infected (AVG picked up 152 instances). Will running rmzbot.exe from a clean system clear the harddrive of any infection?

my apologies if this seems like a poor question, but having read a bit about it online, alot of people say you cannot completely remove the virus. I just wish to double check before i hook it back up and start using files as me and my computer are not the best of friends as it is.

Many Thanks,
Karl
December 22, 2011 15:05 Re: Zbot.G #185433
Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello moejoe88,

Please follow this thread for more information.

Zbot remover is able to heal all infected files.

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
December 23, 2011 15:12 Re: Zbot.G #185537
Top
moejoe88

Avatar

Novice
Join Date: 21.12.2011
Posts: 4
Thank you for the reply,

I Ran the rmxbot.exe, rebooted the computer to let it scan but it pauses on c:\windows\system32\en-US\imapi.dll.mui then just powers off. Upon restart I just get a blank black screen which does nothing. At this point i have to manually reboot it where i either have to run startup recovery/repair which fails to work or starts windows normally and it just starts the scan again. Safe mode doesn't work either now. The only way i can boot normally is using last known good configuration every time.
This is a clean system, does this mean that this dll is corrupt and should be replaced? How do I stop the scan from starting upon boot? I'm just a little bit confused as to why im having problems before the infected drive even comes into play.

Again thank you for your time, it is greatly appreciated, I would normally fiddle a bit more before asking but im borrowing this laptop in order to clear my harddrive, so being a bit more cautious :smile:

Karl,
December 27, 2011 08:04 Re: Zbot.G #185719
Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello moejoe88,

Please confirm that you need to use last known working configuration every time you try to boot to windows? Even right after when you boot to last known configuration, doing nothing (do not try to run remover again ) just reboot your computer once again?

Also please provide us with Gmer scan results Msinfo output and AVG Anti-virus scan results for further analysis.

Thank you.

___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
January 1, 2012 20:09 Re: Zbot.G #186273
Top
moejoe88

Avatar

Novice
Join Date: 21.12.2011
Posts: 4
Hi there, thank you for the help.

The scan started several times upon boot, but all is back to normal now. The scan results you requested are attached, avg scan was clear (waiting to get rmzbot.exe working correctly before connecting the infected hard drive.)

Kind Regards,
Karl
January 2, 2012 11:16 Re: Zbot.G #186309
Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello moejoe88,

According to scan logs, you provided us with, your computer appears to be clean.

If you need to scan another drive, please run the Zbot remover from command line with rmzbot *: (* is a drive letter, for example rmzbot D: ).

Have a nice day.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
January 2, 2012 18:37 Re: Zbot.G #186351
Top
moejoe88

Avatar

Novice
Join Date: 21.12.2011
Posts: 4
Hello again,

Ok so i figured out what the problem was with the scan... The laptop would go into sleep mode half way through the scan and could not re-activate itself (hence upon powering up it would just be a blank screen). Bit of a rookie error but i dont use laptops :smile: and atleast it was something simple.
The scan removed many infections, there were a few that it said it could not open but have done an AVG scan which revealed a stray trojan but clear otherwise.

Again thank you for the time and help it is greatly appreciated, keep up the good work,
Kind regards