1 Reply Latest reply on Jun 28, 2012 4:26 AM by exbrit

    Zeus bot not detected



      On our corparate network we use mcafee enterpise 8.8 with epo 4.6.1 fully updated but we discovered that  computers are infected with a zeus bot which mcafee doesn not recognize.

      When people have the bot thay can't use special characters on their computer like ë even if the language settings are good.

      Is their any way to get a new dat or do i have to chaneg some settings to detect this virus we now install antimallwarebytes to remove it but this is a lot of work


      Malwarebytes Anti-Malware



      Database version: v2012.04.04.08


      Windows XP Service Pack 3 x86 NTFS

      Internet Explorer 8.0.6001.18702

      e.vreeling :: DT0196 [limited]


      26-6-2012 9:49:10

      mbam-log-2012-06-26 (09-49-10).txt


      Scan type: Quick scan

      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

      Scan options disabled: P2P

      Objects scanned: 202644

      Time elapsed: 6 minute(s), 29 second(s)


      Memory Processes Detected: 0

      (No malicious items detected)


      Memory Modules Detected: 0

      (No malicious items detected)


      Registry Keys Detected: 0

      (No malicious items detected)


      Registry Values Detected: 2

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yzfiiqo (Heuristics.Shuriken) -> Data: "C:\Documents and Settings\e.vreeling\Application Data\Vubyyb\nipi.exe" -> Quarantined and deleted successfully.

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicCon trolPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.


      Registry Data Items Detected: 1

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoPropertiesMyC omputer (PUM.Disable.MCProperties) -> Bad: (1) Good: (0) -> Delete on reboot.


      Folders Detected: 0

      (No malicious items detected)


      Files Detected: 1

      C:\Documents and Settings\e.vreeling\Application Data\Vubyyb\nipi.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.