Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Help with virus named ztorsftdgh.vbs and remove others
New Posts  All Forums:Forum Nav:

Help with virus named ztorsftdgh.vbs and remove others

post #1 of 26
Thread Starter 
I can see it in the system configuration on the startup and disabled it,but still, my pc is lagging frequently and my former ~15 seconds boot time went close to 40 seconds.Also there has a been a lot of viruses scanned which kept coming back.I used spybots ,yac , superantispyware , rogue killer and tdss killer and they removed close to 20 but still everytime i run a new antivirus program its scans another one which was latter not detected by anything.


I'm new here so pardon me if my post seems a little bit out the normal format and a little desperate
Edited by Azjul - 4/15/14 at 5:09am
post #2 of 26
It sounds like you might be reinfecting your system through a device such as a USB storage pen. Would that be a possibility do you think?
If I was you, honestly....I'd reformat windows to ensure your safety.
X79-GCN
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel 3930K 4.5GHz HT GIGABYTE GA-X79-UP4 AMD R9-290X GEil Evo Potenza DDR3 2400MHz CL10 (4x4GB) 
Hard DriveCoolingCoolingCooling
Samsung 840 Pro 120GB EK Supremacy (CPU) NF F12's P/P (360 Rad)  NF A14's (420 Rad)  
CoolingCoolingCoolingCooling
XSPC Chrome Compression Fittings EK RES X3 150 Primochill PremoFlex Advanced LRT Clear 1/2 ID EK-FC (R9 290X) 
CoolingCoolingCoolingOS
EK D5 Vario Top-X  Phobya G-Changer V2 360mm Phobya G-Changer V2 420mm Win 10 x64 Pro 
MonitorKeyboardPowerCase
BenQ XR3501 35" Curved Corsair Vengeance K90 Seasonic X-1250 Gold (v2) Corsair 900D 
MouseAudio
Logitech G400s Senn HD 598 
  hide details  
Reply
X79-GCN
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel 3930K 4.5GHz HT GIGABYTE GA-X79-UP4 AMD R9-290X GEil Evo Potenza DDR3 2400MHz CL10 (4x4GB) 
Hard DriveCoolingCoolingCooling
Samsung 840 Pro 120GB EK Supremacy (CPU) NF F12's P/P (360 Rad)  NF A14's (420 Rad)  
CoolingCoolingCoolingCooling
XSPC Chrome Compression Fittings EK RES X3 150 Primochill PremoFlex Advanced LRT Clear 1/2 ID EK-FC (R9 290X) 
CoolingCoolingCoolingOS
EK D5 Vario Top-X  Phobya G-Changer V2 360mm Phobya G-Changer V2 420mm Win 10 x64 Pro 
MonitorKeyboardPowerCase
BenQ XR3501 35" Curved Corsair Vengeance K90 Seasonic X-1250 Gold (v2) Corsair 900D 
MouseAudio
Logitech G400s Senn HD 598 
  hide details  
Reply
post #3 of 26
I find the best scanners are Malwarebytes anti malware and ADWcleaner. Together they do a good job.
Failing that, a reinstall of windows is always the best way of removing viruses.
STORMTIDE
(23 items)
 
   
CPUMotherboardGraphicsRAM
Intel i5 3570k 4.5GHz @1.272v MSI Z77A-GD55 EVGA GTX780Ti ACX 8GB Corsair Vengance LP 
Hard DriveHard DriveHard DriveCooling
64GB Crucial M4 x2 RAID0 500GB Seagate Barracuda 2TB Samsung Spinpoint EK Supremacy Plexi CSQ CPU Block 
CoolingCoolingCoolingCooling
EK FC-670GTX Plexi CSQ GPU Block x2 EK XT240 EK X3 250 Res Laing D5 Vario 
CoolingOSMonitorKeyboard
EK D5 Pump Top Plexi Windows 7 Ultimate 64bit 24" BenQ XL2420T CM Quickfire TK MX Browns 
PowerCaseMouseMouse Pad
Seasonic G Series 600W CM storm trooper Saitek R.A.T 5 Razer Goliathus Control Edition 
AudioAudioOther
Beyerdynamic DT990 Pro Schiit Modi/Magni Razer Naga Molten Edition 
CPUGraphicsRAMHard Drive
i5 3317U 640M 4GB DDR3 128gb crucial m4 
OSMouse
Windows 8 Pro 64bit Razer Naga Molten 
  hide details  
Reply
STORMTIDE
(23 items)
 
   
CPUMotherboardGraphicsRAM
Intel i5 3570k 4.5GHz @1.272v MSI Z77A-GD55 EVGA GTX780Ti ACX 8GB Corsair Vengance LP 
Hard DriveHard DriveHard DriveCooling
64GB Crucial M4 x2 RAID0 500GB Seagate Barracuda 2TB Samsung Spinpoint EK Supremacy Plexi CSQ CPU Block 
CoolingCoolingCoolingCooling
EK FC-670GTX Plexi CSQ GPU Block x2 EK XT240 EK X3 250 Res Laing D5 Vario 
CoolingOSMonitorKeyboard
EK D5 Pump Top Plexi Windows 7 Ultimate 64bit 24" BenQ XL2420T CM Quickfire TK MX Browns 
PowerCaseMouseMouse Pad
Seasonic G Series 600W CM storm trooper Saitek R.A.T 5 Razer Goliathus Control Edition 
AudioAudioOther
Beyerdynamic DT990 Pro Schiit Modi/Magni Razer Naga Molten Edition 
CPUGraphicsRAMHard Drive
i5 3317U 640M 4GB DDR3 128gb crucial m4 
OSMouse
Windows 8 Pro 64bit Razer Naga Molten 
  hide details  
Reply
post #4 of 26
Thread Starter 
sorry for the late reply guys and thanks for your comments. It might be my brothers usb stick, i dont want to reinstall windows because we have a lot of files there that we need.
post #5 of 26
1. Boot into safe mode
2. Run Rkill from Bleeping Computer
3. Run Malwarebytes Full System Scan - Reboot back into Safe Mode
4. Run Malwarebytes Anti Rootkit
5. Start Menu Search > Run > %temp% > Delete files in Temp folder
6. Run Autoruns and delete/disable inactive or file not found keys
7. Reboot to regular mode + run Rkill again if you want
8. ADW Cleaner or a variant
9. Clean Browsers of hijacks and Add/Remove Programs of rogue software (Conduit Search Protect, etc)
10. Check windows update

Report back thumb.gif

Protip: Its old school, but I would stay disconnected from the internet as much as possible during this process
Micro Mule
(11 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k MSI Z170I Gaming Pro AC Gigabyte GTX 1070 G1 Gaming 16GB GSkill Ripjaws V DDR4 3200 
Hard DriveCoolingMonitorPower
250GB Crucial MX200, 960GB Adata , 1TB WD Black Noctua NH-L12 LG 27UD68 4k Seasonic M12II 620W 
CaseMouseAudio
Corsair Obsidian 250D Logitech Performance Mouse MX Topping TP-30 Mk2, 2x Polk M10, Sony MDR-7506 
  hide details  
Reply
Micro Mule
(11 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k MSI Z170I Gaming Pro AC Gigabyte GTX 1070 G1 Gaming 16GB GSkill Ripjaws V DDR4 3200 
Hard DriveCoolingMonitorPower
250GB Crucial MX200, 960GB Adata , 1TB WD Black Noctua NH-L12 LG 27UD68 4k Seasonic M12II 620W 
CaseMouseAudio
Corsair Obsidian 250D Logitech Performance Mouse MX Topping TP-30 Mk2, 2x Polk M10, Sony MDR-7506 
  hide details  
Reply
post #6 of 26
If you can access the executable, PM me a sample and I might be able to take a look at it and see what it does and how it remains persistent.
post #7 of 26
Thread Starter 
I did all of it but sadly i found nothing,thanks for the advise though. Cheers !! smile.gif
post #8 of 26
Thread Starter 
I dont think i can get a sample of it because its embedded in the files or i'm just doing it wrong. biggrin.gif
post #9 of 26
Check these out:
https://www.youtube.com/watch?v=LGBA46y49YU
https://www.youtube.com/watch?v=1yLJUSeWlEs
https://www.youtube.com/watch?v=Yf6Xz3OJaXY
He has other good videos too I suggest you watch them. Don't bother with formatting, even the most nasty of infections can be removed. I think it's silly when people just format and reinstall when its something they can fix themselves.
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
post #10 of 26
Quote:
Originally Posted by PhilWrir View Post

1. Boot into safe mode
2. Run Rkill from Bleeping Computer
3. Run Malwarebytes Full System Scan - Reboot back into Safe Mode
4. Run Malwarebytes Anti Rootkit
5. Start Menu Search > Run > %temp% > Delete files in Temp folder
6. Run Autoruns and delete/disable inactive or file not found keys
7. Reboot to regular mode + run Rkill again if you want
8. ADW Cleaner or a variant
9. Clean Browsers of hijacks and Add/Remove Programs of rogue software (Conduit Search Protect, etc)
10. Check windows update

Report back thumb.gif

Protip: Its old school, but I would stay disconnected from the internet as much as possible during this process

I like this process, but I usually boot into UBCD or Hiren's and then proceed.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Help with virus named ztorsftdgh.vbs and remove others