1 Reply Latest reply on Jun 28, 2012 4:26 AM by Peter M

    Zeus bot not detected

      Hello,

       

      On our corparate network we use mcafee enterpise 8.8 with epo 4.6.1 fully updated but we discovered that  computers are infected with a zeus bot which mcafee doesn not recognize.

      When people have the bot thay can't use special characters on their computer like ë even if the language settings are good.

      Is their any way to get a new dat or do i have to chaneg some settings to detect this virus we now install antimallwarebytes to remove it but this is a lot of work

       

      Malwarebytes Anti-Malware 1.61.0.1400

      www.malwarebytes.org

       

      Database version: v2012.04.04.08

       

      Windows XP Service Pack 3 x86 NTFS

      Internet Explorer 8.0.6001.18702

      e.vreeling :: DT0196 [limited]

       

      26-6-2012 9:49:10

      mbam-log-2012-06-26 (09-49-10).txt

       

      Scan type: Quick scan

      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

      Scan options disabled: P2P

      Objects scanned: 202644

      Time elapsed: 6 minute(s), 29 second(s)

       

      Memory Processes Detected: 0

      (No malicious items detected)

       

      Memory Modules Detected: 0

      (No malicious items detected)

       

      Registry Keys Detected: 0

      (No malicious items detected)

       

      Registry Values Detected: 2

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yzfiiqo (Heuristics.Shuriken) -> Data: "C:\Documents and Settings\e.vreeling\Application Data\Vubyyb\nipi.exe" -> Quarantined and deleted successfully.

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicCon trolPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.

       

      Registry Data Items Detected: 1

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoPropertiesMyC omputer (PUM.Disable.MCProperties) -> Bad: (1) Good: (0) -> Delete on reboot.

       

      Folders Detected: 0

      (No malicious items detected)

       

      Files Detected: 1

      C:\Documents and Settings\e.vreeling\Application Data\Vubyyb\nipi.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

       

      (end)