Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3875 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

manual cleanup of memory infection?

grazzer

Hi there,

Whilst Sophos is able to quarantine and "cleanup" infections such as .exe's, .dll's and .htm i've unfortunately been infected with a Troj/ZbotMem-A that resides within my memory. Sophos suggests a manual removal, and whilst i've managed to manually remove items Sophos has not been able to remove itself before, I am not entirely sure how to clean my memory or the infected "explorer.exe" in my system files without causing collateral damage.

As a university student using sophos on a desktop i don't exactly have a system administrator to turn to.

Sophos lists this as a low threat, but symantec lists the damage as high, and currently sophos is running well into over 2 thousand cleaned/removed infected files.

Also what worried me is that the virus/trojan has gotten to my registry as well so i imagine it's going to perform some nasty business on startup too. What was also worrying was that Windows Firewall blocked an attempting breach of security that tried to come through my media player. I suppose it still got onto my system though...

I guess i should end this post already so i can get some responses about this little devil.

Grahame.

:5376


This thread was automatically locked due to age.
Parents
  • 0

    Hello Grahame,

    I don't know whether you've read Further steps when removing problem files. It hasn't been updated for Win7 (what's your Windows version, btw?) and it finishes with a chapter on reinstalling Windows but it lists a number of actions step by step.

    Memory is usually volatile and "cleanup" is performed by switching off the computer. An infection "survives" by either storing code on disk or non-volatile memory (USB sticks) or by tweaking the registry so that the code is downloaded again on start. It's not possible to tell which steps you have to perform as Troj/ZbotMem-A is a more general detection.

    Maybe your university's IT-department offers some help. If you are "on your own" follow the advice in the article as far as you can and post your findings here.

    Christian

    :5377
Reply
  • 0

    Hello Grahame,

    I don't know whether you've read Further steps when removing problem files. It hasn't been updated for Win7 (what's your Windows version, btw?) and it finishes with a chapter on reinstalling Windows but it lists a number of actions step by step.

    Memory is usually volatile and "cleanup" is performed by switching off the computer. An infection "survives" by either storing code on disk or non-volatile memory (USB sticks) or by tweaking the registry so that the code is downloaded again on start. It's not possible to tell which steps you have to perform as Troj/ZbotMem-A is a more general detection.

    Maybe your university's IT-department offers some help. If you are "on your own" follow the advice in the article as far as you can and post your findings here.

    Christian

    :5377
Children
No Data