Hello greatly admired boffins,

I noticed that Windows Security Update KB981852 has apparently updated successfully 10 times but won’t go away. I ran Malwarebytes today, this is the result:

Adware.Zugo … Registry Key … HKEY_CURRENT_USER\Software\Zugo

I haven’t yet tried to remove it because I don’t know how serious it is & intend to nuke the f*cker properly first go - hopefully with your sage words : )

Unsure if this is also relevant, but Spyware Terminator Tracking Flash Shared Objects (Tracking Cookie).

Why can’t everyone be nice & kind & good…?

I have Windows Vista SP2 32 bit Dell. Avast AV (version 5.0.677) & Comodo firewall, Spyware Terminator runs a daily scan, plus I have Malwarebytes which I utilise for a full scan every couple of months.

Many thanks in advance for any advice given : )

Remeber to always update Malwarbytes before you run it, Latest program version is 1.50.1 and database 5396
Let it remove/quarantine what it find (click the remove selected button)

you don`t ned Spywareterminator when you have Malwarebytes, the only thing it will find and remove that MBAM does not, is tracking cookies

Post the MBAM scan log here

Hi Pondus,

Thank you kindly for your prompt response : ) Here is the scan log:

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4320

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

26/12/2010 7:47:28 PM
mbam-log-2010-12-26 (19-47-28).txt

Scan type: Full scan (C:|D:|)
Objects scanned: 317401
Time elapsed: 5 hour(s), 30 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am updating my Malwarebytes version now + also running a full system scan with avast! I’m afraid this horrid Zugo thing is a backdoor Trojan, as has been suggested when I’ve searched for infomation to solve this. So far, the avast! scan has detected 1 infected file so perhaps the old version of Malwarebytes didn’t remove it after all?

Thanks again : )

Yes, I see you were using the older version of MBAM. Please do update it to the newer version and then update the definitions again, then re-scan.

With Avast scan, is anything in your Virus Chest? If so, can you give a screen shot? Thank you.

and you only have to do a quick scan, this will take care of 99% of what mbam detect

Greetings!

I couldn’t figure out how to attach a screen shot of my avast! virus chest but the infected file picked up by today’s scan is located in C:\Users\VerySplendid\Downloads\flash_player.45199.exe which avast! - bless its cotton cyber socks - first detected back in September. Do I need to reformat my precious again? How can I tell where I knowingly downloaded this bad boy from? Have all my passwords/online banking details been compromised…?

Thank you for your patience & consideration : )

PS - I forgot to mention it also stated Threat: Win32:MalOb.BX[Cryp]

Ther are lots of these fake flash players files out there

Have all my passwords/online banking details been compromised..?

Did you do a new Malwarebytes scan ? post the log

Hello again,

I performed a Malwarebytes quick scan (database version: 5363) & no malicious items were found. Hurrah! : )

Oops forgot to post the log, here t’is:

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

27/12/2010 12:12:48 AM
mbam-log-2010-12-27 (00-12-48).txt

Scan type: Quick scan
Objects scanned: 129917
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Many thanks : )

Sorry, I forgot to ask… should I leave flash_player.45199.exe in the virus chest or delete it? And should I leave Zugo in quarantine?

If you are still not sure you are clean you can let Essexboy have a look inside!..
if so follow this guide and post the logs here, then Essexboy will the check the logs when he enters the forum

http://forum.avast.com/index.php?topic=53253.0

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. )

Sorry, I forgot to ask... should I leave flash_player.45199.exe in the virus chest or delete it? And should I leave Zugo in quarantine?

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

Thank you so much for everything! I’m going to follow the instructions for Essexboy to cast his expert eye over.

Many thanks & big smiles all round