Results 1 to 4 of 4
  1. #1

    Trojan.Zonebac removal help

    My PC has suddenly started acting a bit oddly - certain programs wouldn't run - but a virus scan didn't find anything wrong.

    On investigation I found that the programs which weren't loading had been replaced by a hidden IE window leading to an IP address. A bit of Googling confirmed this was caused by the virus 'Trojan.Zonebac'.

    I've restored the programs and deleted the .pid file the virus had created in the Temp folder, but I don't know if there's any other parts to the virus that need removing. Since the virus scan (Symantec, no less) came up with nothing, I can't scan to check my system is clean.

    Does anyone else have any experience removing this virus? I've read that it can infect the lsass.exe file, but of course I can't just go and delete that without breaking my PC...

    Any help would be really appreciated

  2. #2
    Join Date
    Oct 2002
    Under Your Skin
    Hate to say it... I know you are going to say, "I don't want to do that," but I would reformat windows asap.

    That is the only 100% way to rid yourself of spyware/malware, etc... then watch what you install and ensure you have the latest downloads/updates.
    Windows 10 to Linux and Mac OSX: I'm PARSECs better than you. Eat my dust!!!

  3. #3
    Join Date
    Feb 2004
    Merville BC
    Try avg anti-spyware (ewido) its pretty good at killing multiple process infections. Download and update ewido. Goto msconfig and remove any suspicious startup items. Restart in safe mode and do a full system scan.

    I remove this crap daily, and 9/10 times this works well.


    Last edited by askthexperts; 10-06-2006 at 09:23 PM. Reason: meant antispyware
    Three out of four people make up 75 percent of the population

  4. #4
    Join Date
    Nov 2003
    Shouldn't be too hard to remove. It doesn't actually infect lsass.exe, just creates a file called lsasss.exe which you can delete if it's still present.

    It can also replace files listed in these registry keys with a copy of itself:
    It creates a backup copy of the files it replaces, so you restore them and delete the infected copies.

    It can drop a couple files in your temp folder, and lower IE's security settings.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts