Hi, it's OT but I know there are some very smart people here.
I was surfing and got a pop up warning that my computer was infected with zeus. I know that those pop-up warnings are usually false, and can be dangerous, so I closed the browser with Alt+F4
But one cannot be too safe so I called my bank, checked the balance (OK) and turned online banking off. I did the same for other accounts like PayPal.
I did a full scan with my AV software, it didn't find anything, I did another with MalwareBytes, and a third one with an AVG downloaded scanner. All three showed that my system is clean with no trojans or other nasties.
Is this definitive enough to be sure I don't have zBot?
Is there any 100% way to be sure before I turn my online banking back on?
I don't have much money in the bank, but what I do have I'd like to keep.
Thanks,
Notes
Try websearching on the zbot topic with an eye towards what has proven to be successful from people who have solved the problem. Look for things like Registry entries and then look in your Registry and see if that rogue entry is there. It likely is not, since you did the right thing and did not Click on that webpage warning.
I don't like using the keyboard to shut down the browser like you did when encountering those false flag website "alerts" because some day a bad boy is going to include those keystrokes as being the click needed to install the baddie. There are plenty of those warnings that purport to look like a Windows message box and have two buttons, one marked Cancel or No -- but clicking on ANY button on the onscreen popup results in the same thing as clicking on Yes.
I take the long path, hold down the Power button for 5 secs or so and just force a total Shutdown. Then reboot, of course.
--Mac
Add Super Antispyware and you have the trifecta. between the 2 you used and SAS, you will get everything.
There ARE indeed exceptions that require a specific removal tool. 98% of the time, boot in safe mode, run the tools, reboot...
ZLOB was a nasty one that had a removal tool. Most of those removal tools are online at Norton's site.
Thanks to all for your advice.
Quote:
<...>
I don't like using the keyboard to shut down the browser like you did when encountering those false flag website "alerts" because some day a bad boy is going to include those keystrokes as being the click needed to install the baddie. <...>
I take the long path, hold down the Power button for 5 secs or so and just force a total Shutdown. Then reboot, of course.
--Mac
Mac, it looks like that day has arrived.
I've been computing since the 1980s, I made my first website in 1996 and have been on-line at least 350 days per year since then, and I just got my very first piece of malware 
I guess it had to happen sooner or later.
I noticed my computer being sluggish when typing. The shift key was slow to react so capitalized words came out like tHis. So I booted in the safe mode, ran my AV and MalwareBytes again and MB found a trojan, but not any of the zBot signatures I found on the net. Deleted it, rebooted and noticed the same thing happening. Safe mode - scan - same thing.
So I took my notes from MBytes and my computer to my favorite computer shop. I hadn't been there in 6 years when they did warranty work on my ThinkPad (stuck pixels on the screen). They moved since then. The tech called and said there is malware on the system. It isn't zBot but something else (he rattled off a alphanumeric string). He said it is designed to turn the computer into a doorstop, fortunately I caught it in time and he doesn't think he will have to re-install the OS.
I have all my file data backed up on an external drive (I use SyncToy from MS) so nothing is lost. If any software apps need to be removed, I have the installation disks ---- somewhere.
I do not keep customer information on my computer so none of my customers are harmed (I don't even D/L the C.C. numbers anymore, I let the shop cart company just send the details with the number stripped, and then every few weeks I delete the orders from the shopping cart server).
So the Mac method is obviously the way to go. It's too bad I didn't know about it sooner or figure that one out myself.
I'm also thinking about changing my AV software. I'll go to PCWorld and others to read the comparison reviews (PC World does that about once per year).
So I'm on an old computer that hasn't been on the net in a long time. The AV and Windows took a while to update, and I'm not going to do much with this one (I basically use it as a MIDI sequencer), but I did want to get on and thank you all for your help and give you an update.
So I'll be off line (except for my phone) for another day or two.
Thanks again for the advice.
Notes
As an extra security precaution I always use a separate Partition for banking, why oh why do banks not insist on something like that such as a linux on a live cd for that extra piece of mind, both to the customer and themselves?
Means restarting the computer again in my case but its worth it for that extra piece of mind, though its not 100% security proof I know.
When you think of the risks involved doing your banking and surfing on same windows partition its really scary, I think if most people realised how insecure banking online really is they wouldn't touch it at all.
I think a live cd for banking would be a good idea, just wondering would one of the linux live cd's aavailabe be any good for this?
Would the bank website load ok and would it be virtually 100% secure?
Musiclover
Switching platforms, switching OS's, only works as long as the user base is not large enough to become attractive to the baddies.
Once a certain threshold in terms of number of users is passed, expect the baddies to notice that and start working towards compromising that particular system as well.
If banks were to issue linux CDs, etc. -- linux would simply become another target for the baddies.
The cost of freedom is indeed eternal vigilance.
--Mac
Another option would be to do banking on an iPhone or iPad, they seem secure. Especially if there is a dedicated banking app that you are using. Some banks have guarantees about that.
It's always a good idea to have a Live CD around. That way, if you machine has issues, you can still can use it for various recovery operations, even if it's been turned into a doorstop.
That's how I was able to research a problem, and even install some AV software when my computer got a nasty virus a while back. And when my kids' computer's hard drive went out, they were still able to use it to get to the internet until we repaired the computer.
Computer is back from the shop. One hour labor, money well spent.
Final diagnosis was that MalwareBytes got rid of the virus, and thus the repairman didn't know exactly what it was. He doubts it was zbot, but says that so many viruses use similar components and they mutate so quickly that any guess would only be a guess. The malware corrupted 23 files on my HD, mostly INI and DLL files, which he restored. He said it was a good thing I noticed it so quickly, as it seemed that it was intent on corrupting the entire hard drive.
I asked him about the Alt+F4 and he said that it was possible. So from now on, I will do as Mac suggested (thanks Mac) and take the long way around.
I've been computing since the mid 1980s and have been first on AOL and then the web for as long as it has been available here (remember those slow 14.4k modems). I also have had a website since 1996 and since then have been on the Internet every day (except for an annual vacation). This was the first piece of malware that got through.
I'm thinking about changing my AV software. I know that any brand can let things through, but some are better at blocking sites that aren't on the blacklist yet using heuristic analysis. I have the current edition of PC World, and it includes it's annual rating AV software, but as an advertisement based publication, I suspect the ratings could be biased, perhaps unintentionally.
So the question here is, does anyone know of a good, reliable, non-biased site that compares various Anti-Virus/Anti-Malware apps?
If I switch, I'll want to switch to whatever is currently best, knowing that next year it might not be best again.
I've read stories about Linux and Mac OS hacking, so I don't think that is a fail-safe solution, so I'll stay with Windows, but I want to stay as safe as possible.
I've also read that I should create another non-administrator account on my computer, and do all my surfing there except for critical issues like banking which will be done from my administrator account. Is this good advice or just one of those false things that fly around the 'net?
I also read that if I copy and paste my passwords into the fields instead of typing them that it keeps them safe from keyloggers. Makes sense on the surface, but does it really?
Thanks to all the help and advice you all have provided.
Computer viruses don't mutate all on their own.
That requires dastardly human intervention.
--Mac
Computer malware is created by dastardly humans in the first place
It's good to be safe again. And thanks again for your advice.
Notes
A few questions to answer here, first a good and well known independent security software testing organisation here=
http://www.av-test.org/en/tests/home-user/windows-7/novdec-2012/There is at least one other, but you may have to use Google to find it, I have lost their address.
Secondly, next time any one gets lumbered with one of the many lousy malware out there, there are several computer help forums where specialist help can be found in removing this junk if you get afflicted by it.
Here are a few I know of where specialist help can be obtained.
First is the top training group where specialists get their training in the first place.
http://www.malwareremoval.com/forum/http://www.bleepingcomputer.com/forums/I am part of staff on this next one=
http://www.freepchelp.co.uk/forum.phpHope that can be of help not just for you Notes, but anyone else having malware problems.
Nev.
Thanks a lot. Yes this can be a help to me and hopefully others.
For close to 30 years I have been able to avoid all malware, so I haven't had a need to investigate any of this. It's good to have generous people on the forum to help me learn some new things.
I don't know whether I should be proud for all the years of safety or embarrassed that one finally got me.
Fortunately no harm was done that couldn't be fixed. I will be changing my AV suite soon.
Thanks again,
Notes