Applies To:
Duema
Had this question 6
Question
Duema asked on

My Computer is infected with the Zwangi Virus.

Hey Guys. Recently, I downloaded a free sound recording program a few days ago, and now a virus, called Zwangi, is on my computer. It started when my AVG free popped up with like 6 virus notifications. I tried to quarantine and remove them, and when I restarted my computer, AVG was not working. I downloaded ClamWin Antivirus, and while scanning with that, deleted Zwangi from my program files.

Recently, I did a system restore to before I downloaded the program, but I still have the same problems...
A) Whenever i try and open my "Documents and Settings" folder (which, I might add, has disapeared from my C Drive, it's location), I get an error box saying "Not acessable. Access is denied"
B) I scaned for viruses with ClamWin and got this...

c:\\windows\ehome\tk-TM\ehepgres.dll.mui: Trojan.Swizzor.Gen FOUND
c:\\windows\Installer\44a3b.msi Trojan.Bagle-703 FOUND

ClamWin said it removed them, but I don't notice a difference.

C) Now, whenever firefox runs, I get a pop up box saying something about Chrome registration (which I don't have installed), then boots up, and under addons, I see a Zwangi addon which says it will be uninstalled upon restart. The same thing happens every restart.
D) Now, windows defender is turned off.
E) There are three processes running on the task manager, csrss.exe, winlogon.exe, and atieclxx.exe that have no user or description, and when I try to end them, it gives me "access denied"

Aside from wiping the drive (which I am prepared to do), is there anything I can do to save my computer?
THE C.
Found this helpful 6
Answer
THE C. replied on
Hello Duema,



You may need to scan in safe mode to remove this tough infection, see below:


Try to boot your system into Safe mode:

 

  1. Restart your computer if it is powered on.
  2. Press and hold F8 key after your computer initially powers on.
  3. Once you see the Advanced Boot Options menu (or hear a beep) you can stop.
  4. Use the up/down arrow keys to highlight your selection.
  5. Select Safe Mode with Networking and press Enter.
  6. You should see drivers loading, this may take a few moments.
  7. You should then be at the Welcome Screen.
  8. Logon to your computer using an account with Administrator privileges.
  9. Now you should download (free) MalwareBytes from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol install, update then do a scan of your system in safe mode, to make sure it is indeed clean! Once the scan is done delete anything it finds. Then simply reboot your PC to see if your issue has been resolved!



Hope this helps you. Let us know either way. Make it a great day!






"And In The End The Love You Take, Is Equal To The Love You Make" (The Beatles last song from thier last album, Abbey Road.)
"In the End The Love You Take, Is Equal To The Love You Make"
SpiritX MS MVP
Found this helpful 0
Answer
SpiritX MS MVP replied on
MVP Community Moderator Community Star
Hi,

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free
http://www.malwarebytes.org/

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can download it here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove. 
http://www.prevx.com/

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

--------------------------------------------------------

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/


http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------------------

Also do these to cleanup general corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228

Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-----------------------------------------------------------------------

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

Hope this helps.

Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
THE C.
Found this helpful 6
Answer
THE C. replied on
Hello Duema,



You may need to scan in safe mode to remove this tough infection, see below:


Try to boot your system into Safe mode:

 

  1. Restart your computer if it is powered on.
  2. Press and hold F8 key after your computer initially powers on.
  3. Once you see the Advanced Boot Options menu (or hear a beep) you can stop.
  4. Use the up/down arrow keys to highlight your selection.
  5. Select Safe Mode with Networking and press Enter.
  6. You should see drivers loading, this may take a few moments.
  7. You should then be at the Welcome Screen.
  8. Logon to your computer using an account with Administrator privileges.
  9. Now you should download (free) MalwareBytes from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol install, update then do a scan of your system in safe mode, to make sure it is indeed clean! Once the scan is done delete anything it finds. Then simply reboot your PC to see if your issue has been resolved!



Hope this helps you. Let us know either way. Make it a great day!






"And In The End The Love You Take, Is Equal To The Love You Make" (The Beatles last song from thier last album, Abbey Road.)
"In the End The Love You Take, Is Equal To The Love You Make"
SpiritX MS MVP
Found this helpful 0
Answer
SpiritX MS MVP replied on
MVP Community Moderator Community Star
Hi,

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free
http://www.malwarebytes.org/

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can download it here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove. 
http://www.prevx.com/

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

--------------------------------------------------------

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/


http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------------------

Also do these to cleanup general corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228

Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-----------------------------------------------------------------------

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

Hope this helps.

Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
gosuv25
Found this helpful 0
gosuv25 replied on

I just had a virus today so i restored and recvovered computer back to factory settings. It worked fine. I backed everything up in about 1 hour and restored (10 mins) and started up set all user controll settings and popped backup disks in and ran them and installed everything was up and running aobut 2 and a hlaf hours after i detected virus. Its alot quicker then doing a whole computer scan that takes 5-10 hours. Good luck Please someone try to help me on my question i posted it look at my profile to see it bye :)
SpiritX MS MVP
Found this helpful 0
SpiritX MS MVP replied on
MVP Community Moderator Community Star

Hi,

A Prevx scan takes minutes and has exceptional detection ability.
Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Expert - Consumer : Bicycle - Mark Twain said it right.
DavidParkison
Found this helpful 0
DavidParkison replied on

Thanks!!!! All probs fixed.
windylason
Found this helpful 0
windylason replied on

 it is useful, i followed the tips here and this topic:

http://www.spywareremovalhelp.org/virus-removal-help/how-to-fix-atieclxx-exe-error-how-to-get-rid-of-atieclxx-exe-virus.html to fix my problems successfully.

Benjamin Wright
Found this helpful 0
Benjamin Wright replied on
Microsoft surcuity Essentials can pick it out and delete it, I`m not sure if the virus restricts that action but this is a free program developed by the microsoft company and is one of the best anti virus protections out there. Whenever you can download it and install and your computer shouldnt have a virus problem.

Again i`m not sure if you have solved it already or if you are able to install this but the program pick it out doing a daily scan and deleted straight away.