Trojan.Zbot Activity 15
Posted on 2015-02-02
A customer is having a problem with Trojan.Zbot Activity 15 and intrusion attempts from IP address 126.96.36.199, which is apparently in Russia. Symantec EndPoint Antivirus reports these problems regularly - several times a day.
I have swept the computer with Malwarebytes, Superantispyware, ESET Online Scanner, and TDSSKiller. These utilities find no problem, but the problem persists. And, his latest report is that the virus definitions have disappeared. We went through the missing definitions a month ago, and Live Update corrected any problem with the AV.
My guess is that the intrusion attempt is a sniffer that is looking at a range of IP addresses. This user may or may not have gone to a web site that would have been better left alone.
The OS is Windows 7 Home Premium, and the browser is IE11. The customer does use AOL as his email, but I have convinced him to use IE instead of the AOL software.
What is Trojan.Zbot Activity 15? What can I do to stop the intrusion attempt before it gets to his computer? What should I tell the user to do or not do to keep this from happening?