Win.Trojan.Zbot-10374

Viruses and worms
1

History: The computer was becoming slower. Avast wasn’t picking up anything except the following (and only during a thorough scan).
Process 2372 [explorer.exe], memory block 0x0000000001000000, block
size 1044480 (Explorer. EXE)
but would not allow any action to be taken.

About a week ago, my MS Word documents started denying me permission to save, then turned them into temporary files which are not retrievable, I used ClamWinPortable to see if I could find the problem. It found 23 instances of Win.Trojan.Zbot-10374, about 1/2 of which were in Systems volume restore and the other 1/2 Adobe (which I had updated a few days before through the Avast updater).

At one point during the scan, Avast (which had been disabled until restart) had become enabled and popped up a window that said it found ClamWin as a virus. I sent a report to Avast stating that was a false positive. Yes, I clicked the little box that said I knew what I was doing. At this point, I’m not certain that is the case.

I did the following:

  1. Removed Adobe reader from add/remove program
  2. Moved files from Temp and Temporary Internet to Recycle
  3. Emptied recycle file
  4. Downloaded a different PDF reader (which I like better).

Present: The computer was running faster until I shut it down and rebooted last night. Then it started running slower again so I used ClamWin. If I’m reading this right, it looks as though the trojan replicated itself in Clam Win Portable:

C:\ClamWinPortable\Data\quarantine\A0101902.exe.infected: Win.Trojan.Zbot-10374 FOUND

I immediately moved the entire ClamWin file to recycling and emptied the recycle folder.

Does anyone know how to get rid of Win.Trojan.Zbot-10374?

Additional Information: The following is the full report aft the ClamWin scan this morning:

Scan Started Mon Mar 11 20:38:26 2013

WARNING: Can’t open file C:\pagefile.sys: Permission denied

WARNING: Can’t open file C:\WINDOWS\system32\config\DEFAULT: Permission denied

WARNING: Can’t open file C:\WINDOWS\system32\config\SECURITY: Permission denied

WARNING: Can’t open file C:\WINDOWS\system32\config\SOFTWARE: Permission denied

WARNING: Can’t open file C:\WINDOWS\system32\config\SYSTEM: Permission denied

WARNING: Can’t open file C:\WINDOWS\system32\config\SAM: Permission denied

WARNING: Can’t open file C:\Documents and Settings\JD\Local Settings\Temp\nswC2.tmp: Permission denied

C:\ClamWinPortable\Data\quarantine\AdobeARMHelper.exe.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\ARM.msi.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\AdobeARM.bin.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\AcrobatUpdater.exe.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\ReaderUpdater.exe.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\A0101902.exe.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\A0101904.msi.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\A0101905.exe.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\A0101906.exe.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\A0101907.exe.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\AdobeARMHelper.exe.infected.000.infected not moved/copied since already in quarantine

C:\ClamWinPortable\Data\quarantine\AdobeARMHelper.exe.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\ARM.msi.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\AdobeARM.bin.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\AcrobatUpdater.exe.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\ReaderUpdater.exe.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\A0101902.exe.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\A0101904.msi.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\A0101905.exe.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\A0101906.exe.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\A0101907.exe.infected: Win.Trojan.Zbot-10374 FOUND

C:\ClamWinPortable\Data\quarantine\AdobeARMHelper.exe.infected.000.infected: Win.Trojan.Zbot-10374 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 1954421

Engine version: 0.97.3

Scanned directories: 10115

Scanned files: 77439

Infected files: 11

Not copied: 11

Data scanned: 14824.83 MB

Data read: 24911.18 MB (ratio 0.60:1)

Time: 34525.640 sec (575 m 25 s)

Completed

2

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

3
Process 2372 [explorer.exe], memory block 0x0000000001000000, block size 1044480 (Explorer. EXE) but would not allow any action to be taken.
did you change the default scan settings by selecting "scan memory" ? scan memory will give some veird scan results....posted a million times in here so lots of info if you search and since it it not a file, no actions can be taken

also running two AV (clamwin and avast) may give false detections

follow the guide Asyn gave you