F-Secure and many others can do that (if I normal understand your words... it's not really most trouble).
And also can not do that.
Related with "sample" and "other background" :) It's can be different now.
Also detect/remove not always can be totally helpful. What about "clean/treat" - I not sure.. that know any proteciton-software, which can be "greatest" on current time.
That MBAM can not to detect it- not surprise and logical. MBAM ignored a lot of malware, viruses and trojans.
About other protection-software - it's, of course, strange - but they also time to time ignored most "dangerous" samples.. which already all other detected.
But current... words.... can be with a lot of "background"-settings, which will be more important for any "words" around.
"Little added" - does it mean that systems still need help?! If yes - here can be a lot of steps to checking system.
And also about "background"-settings... I not just mean "indeed background for current situations", but also... with another points around - when "detection" can be already just like "generic" (and it's close to "often");
And like "common adition about main-theme" - one of reason for any multi-layers protections and pro-active technologies... and with cloud-reputation-based (which still not really "best);
MBAM and current "big brand" AV close to situation, when any malware can to "be hidden" for them.
when it's close to "high-skilled" malware or based on current-theme... it's more close to "can be".
Here just one point can be "close" to safe and not infected... current "information" comes by IPS. They can be detect that situation time to time by "generic"-descriptions, when it's not really like that.
But if it's comes - system can to have troubles - which already can be missing.. after PUPs removed (other).
Current "trouble" - some kind of "big". It's can be various of "samples"/"examples" - and already current information will be related... how many companies.. can be "tricked" by that.
The machine has now been scanned with:
Kaspersky Internet Security
MalwareBytes Anti Malware
Nothing has been detected except for a few tracking cookies, and an Incredimail toolbar, all of which have been removed.
I'm finding it hard to believe that the machine can still be infected after all this, but they do have another laptop still to scan, plus about 4 tablets (2 Andoid and 2 iPads). I think it's unlikely that the infection is on any of the tablets, but apparently there is a version of Zeus which can attack Android devices.
Oh, and sorry to be posting this here, as I know it's not strictly an F-Secure issue, but I'm not a member on the KIS forums.
you seem to have used the major recommended scanners.
Some more choices listed in this post; http://malwaretips.com/blogs/zeus-trojan-virus/
Even if a false detection, worth suggesting they think about changing any passwords for online accounts and checking their bank accounts for any unusual activity of late.
EDIT; NoVirusThanks has a specific Zeus Trojan Remover, "which detects and remove all known variants of the very dangerous ZeuS banking trojan". Worth a shot, as the developer has a range of very useful anti-malware programs.
Potentially.. if system with troubles... normal malware can to "prevent" any actions by current software or scanners.
But it's just potentially. For my opinion... if here without "I'm sure... all OK" - able to use any Rescue CD (Live CD with scanners inside) - potentially current step without "bonuses", but why not.
If IPS alerted about situation... maybe it's just proxy-settings or around start be broken. Maybe it's related with any other software. Anyway - re-check any default settings/place like "drivers/etc/hosts" and settings around proxy;
Setting around network connection (DNS-settings - maybe here will be added something wrong);
Most of that places.. current protection-software ignored in some situations.
Also.... if it's outdate machines (I mean - operation systems) - here also can be hidden suprises :)
Another things.. was in reply by Blackcat :)
Since it appears that the "infection" is not on the system as such but on the server / ISP or parent IP address level, you will not be able to fix it.
Their service provider will probably blacklist their IP address, if they have not done so already, so they need to talk with their ISP to get their IP('s) cleared.
They can use the CBL Lookup Utility; http://cbl.abuseat.org/lookup.cgi?ip=XX.XX.XX.12&.pubmit=Lookup
Inform their ISP that their systems are clean, according to all the tools you have ran.
The IP address is not listed in the CBL.
In addition to the above, they have now also scanned with AdwCleaner and Junkware Removal Tool (JRT), neither of which found anything. With regards their two Android tablets, they have installed and scanned both with Bitdefender Mobile Antivirus and Malwarebytes Mobile Anti Malware, all of which came up clean.
The only other computer on their network is a laptop which hasn't been used since last October, so I can't see that as being the culprit, which leads me to the conclusion that either you are correct, and the "infection" is at the parent IP address level, or the ISP have simply made an error.
I will be contacting the ISP, on my friend's behalf, after the Bank Holiday, to see what they have to say, but as the alert came from the Managing Director, who I know personally, I considered that it should be taken seriously.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions