Jump to content

How do I get rid of ZeuS.Zbot.aoaq

Recommended Posts

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.




Link to post
Share on other sites

Before we begin, I want to let you know what I've done so far so you are aware of the steps I've taken. 


1. I performed a Microsoft Security Essentials "Full Scan" and nothing was found. 

2. I updated MalwareBytes and ran a scan that found 11 files that I ended up quarantining. Most of the files were PUP's.


So far, that's what I've done. I will not install the recommended Farbar Recovery Scan Tool until you let me know to do so. 


Thanks for your assistance.

Link to post
Share on other sites



I didn't notice any traces of Zbot on your computer.

Can you post a screenshot of the message you get?

Also go ahead and uninstall the following programs from the Control Panel:


Ask Toolbar
Update for Zip Opener


Also it's a good idea to run the following fixit to resolve some of the issues in your Event Viewer log:






Link to post
Share on other sites

I have attempted to remove the AskToolbar previously and my system seems to not allow me to do so. 


In addition, since after the Zeus.Zbot alert and after cleaning the PUP files off of my machine, it seems booting up the computer has become slower and now I cannot open things like the control panel and other programs.


I attached a photo of what the original alert was. We had taken picture of it when it first occurred.




Link to post
Share on other sites



This look like SCAM more than a real infection related to Google Chrome.


If some of the programs refuse to be uninstalled then try to remove them with the following tool:



or download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select the program you want to uninstall.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

Next continue with the rest of the instructions from my previous post.


Keep in mind that the the free version of Revo has limited compatibility with 64 bit systems.

If Revo failed to list a program then you can try GeekUninstaller or Wise Program Uninstaller instead.


Next please run a new scan with FRST (make sure that Addition.txt is checked before you proceed with the scan) and then post both logs in your next reply.

Btw do you receive any warning message when you are trying to open Control Panel?





Link to post
Share on other sites



Thank you for the logs. Before I proceed with a fix please run the following tools for me and post back the results:





  • Launch Malwarebytes Anti-Malware
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.





1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.





Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.