Results 1 to 3 of 3
  1. #1
    3 Star Lounger
    Join Date
    Jan 2002
    Location
    CT
    Posts
    361
    Thanks
    0
    Thanked 1 Time in 1 Post

    Question on deletion of Trojan.Zbot

    Windows 8 system.

    A couple days ago Norton 360 found Trojan.Zbot on my office PC. 360 said it could not remove the virus. I immediately did multiple scans and it found it repeatedly, each time with 360 saying it could not make the repair.

    Following Norton's instructions I first updated my 360 the current version and ran the scan. Again Norton fournd it but could not make the repair.

    Following instructions on the Symantec website I next downloaded and ran Norton Power Eraser which said there were no viruses on the PC. However a subsequent running of a 360 scan again found the virus and could not do the removal.

    Again following Symantec instructions I downloaded and ran Norton Bootable Recovery Tool. It had the exact same results as Power Eraser, not finding anything wrong. But again 360 found and could not fix the virus.

    At that point I did a chat with Symantec and they ran some remote scans that had the same result. In reality they just reran the 360 scan and then the Power Eraser scan. They said the virus had to be manually removed with special tools and wanted $99 to fix the problem.

    Before paying Norton I did some more investigation on my own. I found that 360 was locating the Trojan.Zbot virus in one of my Thunderbird INBOX folders (multiple email addresses). I emptied the inbox of all messages and did another 360 scan. The virus was still in the INBOX.

    Then I deleted the INBOX completely and let Thunderbird create a new one on next startup. This made a difference and 360 found the virus in the Recycle Bin. I emptied the Recycle Bin and 360 scans repeatedly say the computer is clean. It seems the virus had imbedded itself in the structure of the INBOX.

    So ....... my question. Having deleted the INBOX from the Recycle Bin with the emptying process did I completely remove the virus from the hard drive? Or in just removing the indexing of those hard drive sectors is the virus still lurking there where it might again raise its ugly head? I fear I may have totally screwed this up by emptying the Recycle Bin.

    Thanks,
    BH
    Last edited by bhdavis; 2014-01-29 at 06:37.

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    283
    Thanked 574 Times in 478 Posts
    Hmm, as this trojan does not seem to have been activated, had you compacted all folders in Thunderbird after emptying the trash/deleting any unnecessary emails, etc., you might have been able to save the Inbox. Until the folders are compacted, the emails still reside in the folder, the folder size does not reduce, etc. The deleted files are simply marked as deleted.

    If you're uncertain of whether your PC is clean or not, I'd advise seeking help from one of the Malware forums, Majorgeeks, BleepingComputer, TechSuppotForum, Sysnative.com, ... follow their instructions carefully, post the required scan logs, etc. in the format required and wait for their expert feedback.

  3. The Following User Says Thank You to satrow For This Useful Post:

    brino (2014-01-30)

  4. #3
    New Lounger
    Join Date
    Dec 2013
    Posts
    8
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Hello,

    Sorry for the trouble. I am Vineeth and I am from the Norton Support team.

    I believe the reason why Norton detected the file and not removed is because it was residing in your inbox and deleting the whole inbox is not a good idea. Good to see that you were able to locate the file and remove it. You do not have to worry about as the file is already removed and the Norton scan came up clean.

    I'd also recommend that you delete the Windows temp files and Internet Temp files. And then run a scan using the Norton product in Safe Mode with Networking, with all other applications closed.

    Let me know if you have any questions.

    Thanks!

    Vineeth
    Norton Support

  5. The Following User Says Thank You to NortonSupport For This Useful Post:

    BruceR (2014-01-29)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •