Results 1 to 3 of 3
2014-01-29, 05:33 #1
- Join Date
- Jan 2002
- Thanked 1 Time in 1 Post
Question on deletion of Trojan.Zbot
Windows 8 system.
A couple days ago Norton 360 found Trojan.Zbot on my office PC. 360 said it could not remove the virus. I immediately did multiple scans and it found it repeatedly, each time with 360 saying it could not make the repair.
Following Norton's instructions I first updated my 360 the current version and ran the scan. Again Norton fournd it but could not make the repair.
Following instructions on the Symantec website I next downloaded and ran Norton Power Eraser which said there were no viruses on the PC. However a subsequent running of a 360 scan again found the virus and could not do the removal.
Again following Symantec instructions I downloaded and ran Norton Bootable Recovery Tool. It had the exact same results as Power Eraser, not finding anything wrong. But again 360 found and could not fix the virus.
At that point I did a chat with Symantec and they ran some remote scans that had the same result. In reality they just reran the 360 scan and then the Power Eraser scan. They said the virus had to be manually removed with special tools and wanted $99 to fix the problem.
Before paying Norton I did some more investigation on my own. I found that 360 was locating the Trojan.Zbot virus in one of my Thunderbird INBOX folders (multiple email addresses). I emptied the inbox of all messages and did another 360 scan. The virus was still in the INBOX.
Then I deleted the INBOX completely and let Thunderbird create a new one on next startup. This made a difference and 360 found the virus in the Recycle Bin. I emptied the Recycle Bin and 360 scans repeatedly say the computer is clean. It seems the virus had imbedded itself in the structure of the INBOX.
So ....... my question. Having deleted the INBOX from the Recycle Bin with the emptying process did I completely remove the virus from the hard drive? Or in just removing the indexing of those hard drive sectors is the virus still lurking there where it might again raise its ugly head? I fear I may have totally screwed this up by emptying the Recycle Bin.
Last edited by bhdavis; 2014-01-29 at 05:37.
2014-01-29, 08:09 #2
- Join Date
- Dec 2009
- Cardiff, UK
- Thanked 609 Times in 508 Posts
Hmm, as this trojan does not seem to have been activated, had you compacted all folders in Thunderbird after emptying the trash/deleting any unnecessary emails, etc., you might have been able to save the Inbox. Until the folders are compacted, the emails still reside in the folder, the folder size does not reduce, etc. The deleted files are simply marked as deleted.
If you're uncertain of whether your PC is clean or not, I'd advise seeking help from one of the Malware forums, Majorgeeks, BleepingComputer, TechSuppotForum, Sysnative.com, ... follow their instructions carefully, post the required scan logs, etc. in the format required and wait for their expert feedback.
The Following User Says Thank You to satrow For This Useful Post:
2014-01-29, 12:22 #3
- Join Date
- Dec 2013
- Thanked 4 Times in 4 Posts
Sorry for the trouble. I am Vineeth and I am from the Norton Support team.
I believe the reason why Norton detected the file and not removed is because it was residing in your inbox and deleting the whole inbox is not a good idea. Good to see that you were able to locate the file and remove it. You do not have to worry about as the file is already removed and the Norton scan came up clean.
I'd also recommend that you delete the Windows temp files and Internet Temp files. And then run a scan using the Norton product in Safe Mode with Networking, with all other applications closed.
Let me know if you have any questions.
The Following User Says Thank You to NortonSupport For This Useful Post: