Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2456 Views 8 Replies Latest reply: Oct 1, 2011 2:58 PM by Cativo RSS
Cativo Newcomer 19 posts since
Dec 9, 2007
Currently Being Moderated

Sep 26, 2011 4:09 PM

Zentom System Guard has biten me

Hi,

 

I never thought I would get bit by this, but I did.  I was surfing a few sites this morning and looked at a video and BAM.  The Zentom System Malware/Virus is on my laptop.  I guess it turned off my McAfee live sanning??  Anyways, how can I get rid of it?

 

I have tried various Free Malware removal software, but this dang thing blocks them or turns them off in midst scan.  HELP!!!!!

 

 

When I run Mcafee scan it gets about 4% into it and it pops up with an error.  If I run the scan in "Safe Mode", it runs through and comes up with a couple viruses and seems to clean them, but when I restart, I am back to where I was before.  Any ideas???

 

I have McAfee Internet Security 2011. 

 

Thanks,

 

J

  • sameer172006 Champion 410 posts since
    Nov 4, 2009
    Currently Being Moderated
    1. Sep 26, 2011 5:27 PM (in response to Cativo)
    Re: Zentom System Guard has biten me

    Hi Cativo,

     

    Have you tried disabling the said file/process from auto starting itself ?

     

    Please get into "msconfig" and then go to startup, look for and find the file pertaining to the malware and disable it from auto starting itself. Also, I would straightaway download the latest copy of malwarebytes ( you can get it here :- http://www.filehippo.com/download_malwarebytes_anti_malware/).

     

    Update it and then run a quick scan. You might be asked to do a reboot. Please do it and then just to be sure, you can also run a full scan.

     

    Hope this helps.

     

    cheers

     

     

    Sameer

  • Hayton Volunteer Moderator 4,616 posts since
    Sep 27, 2010
    Currently Being Moderated
    3. Sep 26, 2011 8:14 PM (in response to Cativo)
    Re: Zentom System Guard has biten me

    If you ran Malwarebytes in Safe Mode it wouldn't have been completely effective. It needs to run in normal Windows mode. Also, the default for Malwarebytes is Quick Scan, but for this infection the instructions are to run a Full Scan.

    There are removal instructions that involve the use of Malwarebytes at http://www.bleepingcomputer.com/virus-removal/remove-zentom-system-guard

     

    My advice would be to run a Full Scan from Windows, and let the program remove the files associated with this infection.

     

    Alternatively, you could run McAfee's FakeAlert Stinger first, since this Zentom infection is just another fake antivirus program and should by now be in the Stinger database.

     

    Then make sure you've got the latest updates for your OS, AV and browsers, also Flash and Java if you run those.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • vinod_r2 McAfee Mentor 3,126 posts since
    Feb 15, 2008
    Currently Being Moderated
    5. Sep 29, 2011 3:32 AM (in response to Cativo)
    Re: Zentom System Guard has biten me

    Ok-

     

    Sorry for jumpng on to the thread but try these steps.

     

    Download the Rkill in Safe mode with networkng and run it.

    Download the Stigner application adn allow it to run on the machine.

    Finally download - install and Scan using that application (Malwarebytes)

    reboot

    Copy paste the Malwarebytes log file and report if the issue persists.

     

    we may need furhter steps to be performed based on the issue identified /symptoms.

     

    Remove StopZilla and other things- You may allow McAfee to Scan the machine however not when removal is in progress.


    Regards
    VR
  • vinod_r2 McAfee Mentor 3,126 posts since
    Feb 15, 2008
    Currently Being Moderated
    7. Sep 29, 2011 11:00 AM (in response to Cativo)
    Re: Zentom System Guard has biten me

    Thanks for posting-

     

    Frm what you just indicated I suspect a possible Rookit activity on the machine and would need some additional logs to confirm the same--- could you please perform the below steps

     

    Running a Rookit scan using -----

     

    Rootkits are programs that try to hide themselves or other programs so that   they are not easily removed. As rootkits have become such a common problem,   it is important to run a utility that will show rootkits that may reside on   your computer. Please note that if you are running a 64-bit version of Windows   you will not be able to run GMER and should skip to the next step.

     

     

    1. To start this process, download GMER from the following location and save it   to your desktop.
    2. GMER   Download Link 1
    3. GMER   Download Link 2 (Only use if the previous link does not work)
    4. When you click on the above link you will see a download prompt
    5. Click on the Save button. You will now be presented with a screen asking where you would like to save the file.
    6. Click once on the Desktop button, designated by the red arrow in the figure above, to save the file to your Desktop and then press the Save button. Your computer will now download the file to your computer and save it on your Desktop. When it is done downloading you will now find an icon on your desktop.
    7. Right-click on the gmer.zip icon and select the Extract all... from menu option
    8. You will be shown a screen asking how you would like to extract the file. Just keep pressing the Next button until you geto the last screen and then press the Finish button to finish the extraction process. The GMER folder should automatically open and you will see that it contains the file called gmer.exe. Please double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run button to allow GMER to start. If no warning appeared then you should just continue with the guide.
    9. You will now see the main GMER window. If it gives you a warning about rootkit activity and asks if you want to run a full scan, please click on the NO button. We now need to configure GMER to not use some settings. Please uncheck the following settings that we do not want in our scan.

    Modules

    Process

    Threads

    Show all ( critical do not miss)

    Files.

     

    After ensuring the above 5 items are unchecked- Right click on the White screen of Gmer  and Select - Options

    You would see few more options getting listed there.

    Select the following Two Alone

     

    IRP Hooks

    NTAPI Registry Scan

     

    One these are selected-

    Click on the Scan button to scan your computer for rootkits. This may take a while, so please be patient. When it has finished you will be back at the main screen

     

    You now need to save the rootkit scan report to your Desktop by clicking on   the Save ... . A screen will open asking where you would like to save the report.   Click once on the Desktop button to change to the Desktop folder   and then in the File name: field enter ark.txt.   Finally, press the Save button to save the report to your desktop.   Please do not act on any of the information you find in this report as many   legitimate programs could be listed in it.

     

    Attach the Log file thus created in your next post for verification by an expert here.


    Regards
    VR

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points