Over 1 million tech questions and answers.

Help with trojan-downloader-zlob

Q: Help with trojan-downloader-zlob

Heres my Hijack This Log:Logfile of HijackThis v1.99.1Scan saved at 12:30:01 AM, on 10/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\MMediaCodec\isamonitor.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\zHotkey.exeC:\Program Files\Digital Media Reader\readericon45G.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Lexmark 2300 Series\lxcgmon.exeC:\Program Files\Lexmark 2300 Series\ezprint.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXEC:\Program Files\BigFix\bigfix.exeC:\Program Files\MMediaCodec\isamini.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\iPod\bin\iPodService.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\WINDOWS\system32\lxcgcoms.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Program Files\Internet Explorer\iexplore.exec:\program files\mcafee.com\shared\mghtml.exec:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exeC:\Documents and Settings\Owner\My Documents\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T6532R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T6532R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T6532R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T6532R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunchR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\MMediaCodec\isaddon.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\MMediaCodec\iesplugin.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installO4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [CHotkey] zHotkey.exeO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exeO4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startupO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exeO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected] - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{9398A34D-2761-42F6-9B89-6DC2DDCB1181}: NameServer = 208.154.236.2,206.53.160.2O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeO23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

RELEVANCY SCORE 200
Preferred Solution: Help with trojan-downloader-zlob

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Help with trojan-downloader-zlob

This is my hijack this logplease tell me what to do.Here is a link i guess with the description of it . http://research.spysweeper.com/search.php?...0Horse&rc=1 Logfile of HijackThis v1.99.1Scan saved at 4:30:05 PM, on 10/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\MMediaCodec\isamonitor.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\zHotkey.exeC:\Program Files\Digital Media Reader\readericon45G.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Lexmark 2300 Series\lxcgmon.exeC:\Program Files\Lexmark 2300 Series\ezprint.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXEC:\Program Files\BigFix\bigfix.exeC:\Program Files\MMediaCodec\isamini.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\iPod\bin\iPodService.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\WINDOWS\system32\lxcgcoms.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Documents and Settings\Owner\My Documents\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T6532R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T6532R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T6532R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T6532R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunchR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\MMediaCodec\isaddon.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\MMediaCodec\iesplugin.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installO4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [CHotkey] zHotkey.exeO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exeO4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startupO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exeO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected] - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{9398A34D-2761-42F6-9B89-6DC2DDCB1181}: NameServer = 208.154.236.2,206.53.160.2O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeO23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Read other 3 answers
RELEVANCY SCORE 82

Recently I started having Norton finding a lot of these infections. I suspect somekind of spyware is on my machine but both spybot and adaware haven't found anything to stop it. Here is my HijackThisLog.This morning as AdAware was scanning my C:/WINDOWS/ directory it triggered a few more of these being set off which Norton immediately found. Am looking for the root cause. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:08:06 AM, on 4/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Aclient\AClient.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXEC:\WINDOWS\SMINST\Scheduler.exeC:\Program File... Read more

A:Trojan.zlob, Trojan.vundo, Downloader.zlob!gen.2, Downloader.misleadapp

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

Read other 5 answers
RELEVANCY SCORE 79.2

I've used SpyHunter3, but I don't have the license so I can't remove these infections. Please help me to clean my computer. The HJT log is here:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:36, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Security Task Manager\taskman.exe
C:\Arquivos de programas\Enigma Software Group\SpyHunter\Sp... Read more

A:Zlob Trojan, Zlob Video Access and Trojan Downloader Contravirus

Read other 5 answers
RELEVANCY SCORE 76.4

I appreciate all the help anyone can provide me in cleaning up my computer!I'm running WinXP SP2 with AVG Anti-Virus. With-in AVG's Vault I currently have 22 various Trojan Horse viruses, of three types:Trojan Horse Clicker.SXT with Path = C:\WINDOWS\system32\23lbM227.dllTrojan Horse Downloader.Generic8.ENX with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeTrojan Horse Downloader.Zlob.AGWB with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeLogfile of random's system information tool 1.04 (written by random/random)Run by Elliot at 2008-11-28 10:37:56Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (5%) free of 95 GBTotal RAM: 511 MB (14% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:06 AM, on 28/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\AVG�... Read more

A:Infected with Trojan Horse Clicker.SXT, Downloader.Generic8.ENX and Downloader.Zlob.AGWB

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 8 answers
RELEVANCY SCORE 72.8

I have gotten Trojan.Ertfor ,Trojan.Zlob.H ,Trojan.Downloader ,and Malware.Trace and I just cant seem to get rid of these Trojans I have ran Malwarebytes'Anti-Malware program(did not get rid of these,and came back) I also did a manual deletion of these Trojans(They came back and didn't stay deleted) I will also add the Malwarebytes'Anti-Malware program Log of these Trojans. Can i get help on what to do to get rid of these annoying Trojans?
Here is the Malawarebytes'Anti-malware Log:

Malwarebytes' Anti-Malware 1.38
Database version: 2335
Windows 5.1.2600 Service Pack 3

6/25/2009 4:33:11 PM
mbam-log-2009-06-25 (16-33-07).txt

Scan type: Quick Scan
Objects scanned: 104801
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sdjee3inf.dll (Trojan.Ertfor) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion ... Read more

A:Trojan.Ertfor, Trojan.Zlob.H, Trojan.Downloader, Malware.Trace, OhMY!

Hello and welcome.. Let's do 2 things next,I think we can clear this up.Run part 1 of S!Ri's SmitfraudFixPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmYou have a good amount of files here. We should do a full scan.....Rerun MBAM like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 7 answers
RELEVANCY SCORE 72.8

I have an annoying little pop-up telling me that I am infected with the PSW.X-Vir trojan and when I ran BIT SCAN it said that it detected the following Viruses
Trojan. Downloader. VB.AWJ
Trojan.Downloader.Zlob.ZWU
I really don't know what I am doing here, HELP!
 

A:Trojan.Downloader.VB.AWJ and Trojan.Downloader.Zlob.ZWU detected

Click here to download HJTsetup.exe:

http://www.thespykiller.co.uk/index.php?action=tpmod;dl=item5

Scroll down to the download section where the download button is

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 70.8

WOW! I need help badly! I can't get rid of these nasties!!
I tried to post this a couple of minutes ago, but I'm a senior and not too familiar with forums. If this was just posted, please forgive me for the duplication.

ComboScan v20070221.16 run by Jim on 2007-02-23 at 07:57:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jim.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:57:42 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
... Read more

A:Can't eliminate nasties! Trojan'VUNDO';Trojan'DOWNLOADER.ZLOB.FC;Worm'W32.SPYBOT';++

Hello scroller and welcome to TSF,

You posted this just fine.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Let's go after the main, active infection first, then we'll take care of the rest in the next round.

Please download and save VundoFix to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to your forum thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


--------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool. Select opt... Read more

Read other 19 answers
RELEVANCY SCORE 70.4

My computer is being redirected when I click on one of my searches on google to advertising companies and when I try to delete the viruses I have on my AVG it won't allow me to open my virus vault. I have windows xp. It won't allow me to open spywall, spybot or other antispyware. AVG said I have trojan horse downloader. zlob.AOKR, tracking cookie. Yadro, tracking cookie. 207, tracking cookie.Revsc. I started a scan with an antivirus called paretologic on all of my computer and it took over 2 hrs so I stopped it in the middle as I need to use my computer as I use it for business. It picked up a whole bunch of other viruses and trojans in during that time. Only the scan is free and I am unable to retrieve the history of the scan so I can't post the viruses.

On top of all this my computer has been really slow for months and also takes about 10-15 min to fully reboot. Lately, it freezes almost everyday at least once. I am relatively new at this and am not familiar with posting registers or history or the components of my computer and am not sure what that is so please be patient.

I am in desperate need of help as I use my computer for my business.
Thanks
 

A:Infected with trojan downloader zlob, other trojan, freezing and very slugish etc..

The General Security forum is only for general questions regarding security software and things of that nature but not for actually removing malware as we have qualified helpers who are the only members who are authorized to assist with those matters. You can easily identify them as they have either a gold or blue shield beside their usernames. Please refer to this excerpt from the rules:

http://www.techguy.org/rules.html

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. If you'd like to participate in a training program, please contact a Moderator or see this article.Click to expand...

I'm going to close this thread and ask you to repost in the Malware Removal & HijackThis Logs forum for the proper assistance.
 

Read other 1 answers
RELEVANCY SCORE 70.4

My computer is being redirected when I click on one of my searches on google to advertising companies and when I try to delete the viruses I have on my AVG it won't allow me to open my virus vault. I have windows xp. It won't allow me to open spywall, spybot or other antispyware. AVG said I have trojan horse downloader. zlob.AOKR, tracking cookie. Yadro, tracking cookie. 207, tracking cookie.Revsc.

I downloaded HJT many times and the first time is started scanning and stopped in the middle and when I tried to open it doesn't allow me to open.

I started a scan with an antivirus called paretologic on all of my computer and it took over 2 hrs so I stopped it in the middle as I need to use my computer as I use it for business. It picked up a whole bunch of other viruses and trojans in during that time. Only the scan is free and I am unable to retrieve the history of the scan so I can't post the viruses.

On top of all this my computer has been really slow for months and also takes about 10-15 min to fully reboot. Lately, it freezes almost everyday at least once. I am relatively new at this and am not familiar with posting registers or history or the components of my computer and am not sure what that is so please be patient.

I am in desperate need of help as I use my computer for my business.
Thanks
 

A:Infected with trojan downloader zlob, other trojan, freezing and very slugish etc..

Read other 16 answers
RELEVANCY SCORE 70

I have this stupid thing that keeps coming up no matter how many times i use "Spy Sweeper". It was worse with the fake virus thing that popped up on the bottom right of my screen. I got that pop-up off but everytime i do a spyware sweep the "trojan-downloader-zlob" keeps coming up.Logfile of HijackThis v1.99.1Scan saved at 1:22:45 AM, on 11/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLi... Read more

A:Trojan-downloader-zlob

Hi and welcome. My name is Kairis and I will be helping you.You have some crap there! But don't worry; we'll get you cleaned up!Please follow my steps in the right order...We'll start with this:1)I see you are running SpySweeper.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.Disable SpySweeper:Open it click >Options over to the left then >program options >Uncheck "load at windows startup".Over to the left click "shields" and uncheck all there.Uncheck "home page shield".Uncheck 'automaticly restore default without notifiction". 2)Let's run some cleaning and diagnostic scans:Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...proce... Read more

Read other 7 answers
RELEVANCY SCORE 70

I think I have the Zlob Trojan on my system. I used some protocols to try and clean this off my machine. I used "Spybot: Search & Destroy," I used "Smitfraud" in safe mode and turned off my system restore to stop the Trojan from saving itself. All this and I still have this on my machine. Please take a look at my "Hijackthis Log" to see what else I can do. ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 13:25:00, on 12/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Real\Update_O... Read more

A:Trojan Zlob downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to di... Read more

Read other 2 answers
RELEVANCY SCORE 70

Hi all,

When I start my laptop I kept getting "Generic Host process for Win32 services encountered a problem" message. When I ran AVG antivirus I found the laptop was infected with Trojan Downloader Zlob but its not removed by AVG :

AVG 2011 Anti-Virus command line scanner
Copyright (c) 1992 - 2011 AVG Technologies
Program version 10.0.1388, engine 10.0.1516
Virus Database: Version 1516/3746 2011-07-05

C:\WINDOWS\explorer.exe (1188):\memory_001a0000 Trojan horse Downloader.Zlob.AZVF
C:\WINDOWS\explorer.exe (1188) Trojan horse Downloader.Zlob.AZVF Object was removed.
C:\WINDOWS\system32\svchost.exe (1728):\memory_001a0000 Trojan horse Downloader.Zlob.AZVF
C:\WINDOWS\system32\svchost.exe (1728) Trojan horse Downloader.Zlob.AZVF Object was removed

------------------------------------------------------------
Objects scanned : 1053302
Found infections : 4
Found PUPs : 0
Healed infections : 2
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Following is the Hijackthis log :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:12 AM, on 7/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer... Read more

A:Trojan Downloader Zlob

Read other 14 answers
RELEVANCY SCORE 70

I have windows xp professional. I believe I have been infected with a trojan horse trojan-downloader-zlob. I have one computer with 4 different users. 2 of the users sites the desk top has been hijacked and shows the internet explorer page. I can not access the internet from either of these 2 users sites but am able to from the other 2. I have Norton internet Security for my antivirus. I use Tuneup Utilities, Webroot Spy Sweeper, AdAware, Spybot Search & Destroy, Xoftspy SE, and Regcure to keep my computer clean. I installed the last two after I found the trojan horse. My Hijackthis shows this I was able to download this from one of the user sites that was able to get internet access.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:54 AM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEB... Read more

A:trojan-downloader-zlob

Hi, gizmo1.

Welcome to TSG.

Please install Hijackthis into a permanent folder.

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installatio... Read more

Read other 3 answers
RELEVANCY SCORE 70

This is a long drawn out problem, that just keeps getting worse.Here's the skinny:We were without internet since May '07, and now have our internet through Altell, since the end of Feb '08. It starts with finding out that our AV software is pirated. Had it fixed at a 'reputable' computer repair shop, (who is now out of business) we had multiple trojans and misc other crap infesting our computer (last MARCH). . . only to find out a year later, that they had stolen the AV software that we were using. We found this out when we were in need of some technical assistance with the software. Anyway, we had to get rid of that software, per CA. We did- and dl'd Kaspersky's free thirty day trial to see how we liked it, since people all over were saying that it is the best. This is when the problems started. Kaspersky's installation instructions said we had to uninstall ALL AV and AntiMalware software on our system. I uninstalled CA, spybot, and adaware. The only firewall we had at the time was the one that comes with our Windows XP (We have SP2 and all the appropriate updates- I went to the MS update site, and it said we are up to date as of yesterday)About a week ago, trying to view a video, (I know- bad, bad, bad!) the computer started doing all sorts of crazy things and we had desktop icons that mimicked the Windows Defender icons, not to mention some kind little BHO's. I was able to get rid of the desktop icons and bho's by deleting the MYWAYMYWEBSEARCH folder in C:\ ... Read more

A:Trojan Downloader- Zlob- Won't Go Away.

Hello ComputersHateMe11,Welcome to Bleeping Computer First of all, it really sounds like you've been through it. You have every right to be frustrated out of your mind. You did a splendiferously good thing by getting AVG for your AntiVirus and Comodo Firewall! Those are exactly what I have on my system. I see Spybot on board, with Tea Timer.....good! Everything you see in C:\systeminformation\_restore is benign, and we'll take care of it in a little bit. Now let's fix you up.......I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, al... Read more

Read other 48 answers
RELEVANCY SCORE 70

Hello:
Spy Sweeper has just finished a weekly scan and says have a trojan-downloader-zlob. Isn't this what I had before? See "Paris Hilton infected my computer" thread.

I started a new thread July 8, called "MSN Installer", but as no one responded to it I figured it was not anything serious. Other than that situation - MSN Istaller - I have not had any blocking messages or downloaded anything or installed anything other that NOD32 ?a few weeks ago maybe. I guess NOD32 missed this thing?

I do not know what to do, whether to quarantine it as Spy Sweeper is asking or what. Will run HijackThis and post. Thanks for your help.

SamanthaRed

In the meantime I did decide to quarantine it under Spy Sweeper.
----------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:35:32 PM, on 13/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 70

I RECENTLY BROUGHT MY COMP TO GEEK SQUAD TO BE OPTIMIZED AND THEY TOLD ME I HAVE THE VIRUS TROJAN DOWNLOADER-ZLOB THEY WANTED 200 DOLLARS TO GET RID OF IT WONDERING IF ANYONE COULD HELP ME OUT ON HOW TO GET RID OF IT
 

A:Trojan downloader-zlob

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 70

Ok I am new to all this so bear with me, I have just found a trojan horse on my machine, I have been getting wierd pop ups that are asking me to dowload some type of windows anti spyware software.

I am also getting a message that states I need to remove trojan.killav and asking me to click a link for "spyware" software.

I am also getting a message about windows making unauthorized copies of my files and I need to load this software to prevent it.

Additionally, I am unable to access my control panel, the properties on my computer or my internet properties and when I do I receive a message about contacting my system administrator.

I have seen folks post a hjt, but in the instructions it said not to.

Any help would be appreciated.
 

A:Trojan downloader zlob help!

Read other 16 answers
RELEVANCY SCORE 70

hERE IS my bit defender online scanner report. Does anyone know what this is and how do i get rid of it?
BitDefender Online Scanner



Scan report generated at: Mon, May 01, 2006 - 17:54:43





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
00:29:33

Files
206370

Folders
2912

Boot Sectors
2

Archives
6935

Packed Files
10963




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
372953

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Infected with: Trojan.Downloader.Zlob.IE

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Disinfection failed

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-... Read more

A:Trojan.downloader.zlob.ie

Download and install Ewido Anti-Malware v3.5. DO NOT perform a scan yet..Print out the Ewido Install and Scan Instructions. Go here and follow the instructions for using SmitfraudFix by S!Ri. After using the tool reboot again in "SAFE MODE" and perform a scan with Ewido..

Read other 9 answers
RELEVANCY SCORE 70

I dont know what to say, i was always careful about stuff like this................

i downloaded trial software that i liked and once the trial went out i had to either buy the software of delete it.

my friend told me i could d/l the keygen and get the stuff to work for free (the software in question is worth few grand) and me being poor and wanting to get the stuff badly i followed ill advice and downloaded the keygen and on installation i knew something was wrong.

AVG 8 tried to warn me but my friend told me its ok, all keygens register as Trojans but they arent, what a fool i am sometimes i think i deserve this.......

After downloading it AVG 8 caught more than a few of them but couldnt delete them all, i dont know why.

I got Zone Alarm Security Suite and that detected a lot of stuff that AVG must have overlooked and i set up a firewall for incoming and outgoing traffic. A day after i got a warning from both AVG and Zone Alarm that there was a TrojanDownloader.Zlob in the computer and right after that a lot of my .mp3 files and .WMA files were infected and had to be deleted

I heard that i had to go to the registry at REGEDIT and search for MSSMSGS folder and delete it cause that folder might be where the virus hides. Any thoughts about that one?

I went to msconfig to check it out and lo and behold that program (unknown source) was running and as soon as i stopped the application from running i didnt get much spyware caught and no more Virus warnings, that is until... Read more

A:Trojan Downloader.zlob

Try running the fix given here.

Read other 2 answers
RELEVANCY SCORE 70

Hi
Hope you can help me I suddenly have a trojan on my pc dont know where it came from but keeps popping up.
AVG keeps healing it but more and more keep popping up.
have been running various apps to try and cure it but still pops back.
The following are logs I have kept.

SmitFraudFix v2.144

Scan done at 18:32:13.53, 24/02/2007
Run from D:\Documents and Settings\Bernard\My Documents\Unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

???????????????????????? SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process


???????????????????????? hosts


127.0.0.1 localhost

???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri


???????????????????????? Deleting infected files


???????????????????????? Deleting Temp Files


???????????????????????? Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


???????????????????????? Registry Cleaning

Registry Cleaning done.

???????????????????????? SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
... Read more

Read other answers
RELEVANCY SCORE 70

I've been recieving 3-4 different security alert warnings (pop ups) that opens internet explorer and brings up securepccleaner website. One security alert pop up states trojan.w32.looksky found. Norton also alerts me of attempted home page hijack blocked everytime I change websites on internet explorer. I found an old posting on bleeping computer.com which recommended running:1) Ad ware - several items deleted, but problems continued2) spybot - several items deleted, problems continued3) Bit defender - identified Trojan.Downloader.Zlob.AAGR, unable to delete (attempted House call and panda first but wouldn't work)4) Norton - live update ran and full system scan found nothing4) Mcafee avert stinger - found nothing5) Windows security update - downloaded IE 7I forget which scan identified but Trojan Downloader:Win32/Zlob.gen! was also found, unsure if fixed or notThanks in advance for any suggestions. Below is the note pad log from hijack this:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:29:57 PM, on 9/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program ... Read more

A:Trojan.downloader.zlob

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 9 answers
RELEVANCY SCORE 70

I have tried to remove this thing but it keeps coming back. Can someone please help me.
 

A:trojan downloader zlob

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 70

ok im sorry if this is the wrong place for this thread, i couldnt find anything about a place for viruses, and im new here
ok so im not very technologically smart, so explain it to me like im an idiot. a few days ago, i got an error message, that said your infected with trojan Downloader.Zlob.ABUT . i did a google search, and i get 8 results that are not helpful, and my anti virus software cant get rid of it (AVG Free)

i would greatly apreciate it if someone could help me !
thank you

Jon Loe

PS: and again, if this thread is in the wrong place im sorry
 

A:trojan downloader.Zlob

Read other 12 answers
RELEVANCY SCORE 70

Bit defender detects files infected by Trojan.Downloader.Zlob.YI
Can you please help me to remove this thing?

Thanks
 

A:Please help me: Trojan.Downloader.Zlob.YI

Read other 15 answers
RELEVANCY SCORE 70

I am infected with a trojan I believe, and ran some tests. Below are the results and I could sure use some help.

SmitFraudFix v2.126

Scan done at 8:17:57.65, Sat 12/02/2006
Run from C:\Documents and Settings\Ronald Clevenger\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

???????????????????????? Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process


???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri


???????????????????????? Deleting infected files

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Video ActiveX Object\ Deleted

???????????????????????? Deleting Temp Files


???????????????????????? Registry Cleaning



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 950 AM 12/2/2006

+ Scan result:



:mozilla.23:C:\Documents and Settings\Teresa\Application Data\Mozilla\Firefox\Profiles\6jm1dzxm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Teresa\... Read more

Read other answers
RELEVANCY SCORE 70

Ive run an adaware se scan and found win32 trojandownloader zlob. Can someone check my log and see if it has been removed or if anything else is wrong, Thanks.Logfile of HijackThis v1.99.1Scan saved at 17:18:15, on 12/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Virgin Net Broadband\Dragdiag.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Keyboard Driver\OEMDriver.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\VTTimer.exeC:\Program File... Read more

A:Trojan Downloader Zlob, Please Help Get Rid.

Hi kev25v6 Let's check if there is some remainings from zlob...Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmNOTE: Do not run any other options from SmitfraudFix until I tell you to do so!

Read other 5 answers
RELEVANCY SCORE 70

Ok, I just ran my Spyware protection and this comes up, so I quarantine it. Everytime I scan my computer, it keeps coming up. Any ideas on how to fix it?

A:Trojan-downloader-zlob?

Ok, to clear things up, I am using IE and I have Windows XP.

Read other 2 answers
RELEVANCY SCORE 70

Hello, I was recently infected with the above trojan and I really need your guys help. When I was first infected I noticed a program called SpyDawn was installed on my computer and I removed it using the add/remove programs tool. After that I started getting bombarded with popup messages and my IE would automatically direct me to spyware wesites. I tried the Smitfraud but with no success. I wasn't given an error message of any kind, the program ran exactly how I was told it would but after the restart the trojan was still there. I have Webroot Spy Sweeper but that doesn't work, and I also have Trend Micro Antivirus but that doesn't even find the infection. Please help!Logfile of HijackThis v1.99.1Scan saved at 4:31:45 PM, on 2/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Trend Mi... Read more

A:Trojan-downloader-zlob

Welcome to BC StephenS Please disable SpySweeper,as it may hinder the removal of some entries. You can re-enable it after you're clean.To disable SpySweeper:Open it click >Options over to the left then >program options >Uncheck "Load at windows startup".Over to the left click "shields" and uncheck all there.Uncheck "home page shield".Uncheck "automatically restore default without notification".Reboot when you've done and make sure it's not running at startup in the notification area/tray near the clock.***************************Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.***************************Download DelDomains.zip and extract/unzip it to your desktop:Now right click on Deldomains.inf 'Install'.After right clicking on Deldomains.inf 'Install' it appears nothing has happened... Read more

Read other 4 answers
RELEVANCY SCORE 70

This thing is a pain in the butt. I can't seem to get rid of it. Here's my log from MBAM
Malwarebytes' Anti-Malware 1.17
Database version: 867

8:02:48 AM 6/18/2008
mbam-log-6-18-2008 (08-02-48).txt

Scan type: Quick Scan
Objects scanned: 41428
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{343f7ed5-4f1f-4faf-b9c8-5de9f89df1dd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{371d800c-ea03-4f2a-8225-cd6b9db3f636} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c1971fc-9f5d-41d0-91e7-958ce354e0bb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{52168eaf-394c-476c-8891-4cdd0470fea2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c74062f-bdd2-4bdc-8477-557b8ac66950} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{77c60bc3-bc70-4312-8ab1-6661f623b99d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8... Read more

Read other answers
RELEVANCY SCORE 70

Pasted in contextual information from other topic now closed. ~ OBI dont know what to say, i was always careful about stuff like this................i downloaded trial software that i liked and once the trial went out i had to either buy the software of delete it.my friend told me i could d/l the keygen and get the stuff to work for free (the software in question is worth few grand) and me being poor and wanting to get the stuff badly i followed ill advice and downloaded the keygen and on installation i knew something was wrong.AVG 8 tried to warn me but my friend told me its ok, all keygens register as Trojans but they arent, what a fool i am sometimes i think i deserve this.......After downloading it AVG 8 caught more than a few of them but couldnt delete them all, i dont know why.I got Zone Alarm Security Suite and that detected a lot of stuff that AVG must have overlooked and i set up a firewall for incoming and outgoing traffic. A day after i got a warning from both AVG and Zone Alarm that there was a TrojanDownloader.Zlob in the computer and right after that a lot of my .mp3 files and .WMA files were infected and had to be deletedI heard that i had to go to the registry at REGEDIT and search for MSSMSGS folder and delete it cause that folder might be where the virus hides. Any thoughts about that one?I went to msconfig to check it out and lo and behold that program (unknown source) was running and as soon as i stopped the application from running i didnt get much spywar... Read more

A:Trojan Downloader.zlob

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.

Read other 2 answers
RELEVANCY SCORE 70

how do i delete this. i have webroot spy sweeper but all it does it locate it and quarantine it. now what do i do. thanks

A:Please Help *trojan-downloader-zlob*

I have split your HJT log away from this thread and moved it into the HJT forum.You can find it here: http://www.bleepingcomputer.com/forums/t/69315/help-with-trojan-downloader-zlob/Now that your log is posted there, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Read other 1 answers
RELEVANCY SCORE 70

Hello, I am using Windows XP Home, Windows IE 7.On Sunday, Feb. 18, I was trying to download codecs to view a movie. This triggered warnings to my Webroot SpySweeper program to allow or block the changes for isadd.dll. I thought I had blocked them. I then had SpyDawn Ver 3.1 appear on my screen and other advertisements for anti-spyware programs. My homepage was hijacked sending me to hxxp://asafetynotice.com. I received popup messages at the system tray of System Alert: [email protected]: Spyware/TrojanVulnerable: Windows 95/98/ME/NT/203/Windows XPDescription: Spyware program that sends confidential information to a remote attackerProtection: Click this baloon to download official security software.Other warnings would popup in the middle of the screenCritical System Warning!Your system is probably infected with latest versionof Spyware.Cyberlog-XType: SpywareInfection Length: 266,129 bytesRisk: HighSystems Affected: Windows 95,98, 2000, NT, 2003 Server, Windows XPBehavior: Spyware.Cyberlog-X is a spyware program that monitors user activity, logs, keystrokes, and tracks websites visitedSymptoms: Low internet connection speeds Low system performance Security Center Alerts Strange popup windowsProte... Read more

A:Can't Rid Pc Of Trojan-downloader-zlob

Go thru thisguideand see whether it will remedy your infection

Read other 3 answers
RELEVANCY SCORE 70

Hi folks, a good friend of mine asked me to get rid of some viruses/trojans of his wife's laptop, he did mention that she may have got it from a friend on MSN msgr but I don't know where it came from. Anyway I started work on the laptop last Saturday 25 Oct I managed to eliminate some remnants of virsues using programs such as Super Spyware, Spybot, Remove IT Pro and so on. But what remained behind kept bugging me, I kept on checking the msconfig file for the start up on XP, 2 files kept rearing their ugly heads algg.exe and bolivar22.exe both of which pertained to the main trojan/virus. I searched everywhere to rid these files for good but it took me a week to find this site and to get rid of algg.exe and bolivar22.exe. I also tried registry cleaners which I thought it worked but when I rebooted they both showed up again, untill I used the SDFix program and tutorial. This got rid of both buried files in the system32 folder of XP thereby helping me to eliminate the 2 files showing up in the start up section of msconfig.Now the laptop is clean with AVG and a host of other spyware cleaners. Moral of this srory is neither my friend nor his wife had any AV's whatsoever on their machines. My friend has Vista home and his wife has Win XP home.I hope I put this topic in the right place ;)Tutorial on SDFix .... http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

Read other answers
RELEVANCY SCORE 70

My laptop became infected today with a Trojan that AVG Antivirus described as Trojan Downloader.zlob and Trojan Clicker.VBE. The trojan caused the PC to crash and reboot after it first appeared, added two porn web site shortcuts to my desktop, and made both IE and Firefox begin popping up a website for "AntiVirus 2009", which I learned from a quick search via my desktop (which is not networked to the laptop) was some sort of scam. The malware also did something that kept me from accessing this web site, the site for Ad Aware, and several other web sites related to Malware removal. I ran a full scan with AVG and it found several files which it quarantined, including "prrunnet.exe" and "msiconf.exe". After that, I cleared all caches and temporary internet files for both browsers, but the pop-ups continued. I then ran Malwarebyte's Anti-Malware and that found and removed 16 additional files. I then rebooted and the pop-ups and web site blocking are gone. I'm still having an with the "DCOM Server Process Launcher" crashing, which forces the computer to reboot. I'm also not sure all the malware has been removed, so I'm hoping someone can take a look at my DDS logs. Here is my DDS.txt report, and the Attach.txt file is attached.Thank you in advance.* * * * * * * * * *DDS (Version 1.1.0) - NTFSx86 Run by Patrick Toman at 21:57:58.67 on Fri 01/02/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Ho... Read more

A:Infected with Trojan Downloader.zlob, Trojan Clicker.VSE

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled.Since AVG is outdated, please uninstall it using Add/Remove Programs. Reboot after the uninstall.Download and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is f... Read more

Read other 11 answers
RELEVANCY SCORE 69.2

Hello! I will first say I am Not Terribly Computer Literate. That said, I have been infected with the Trojan Downloader.Zlob Virus. Apparently it can be a Falcon or Axe varient. I do not know which one I have. I have done all the things you have reccomended, to no avail. I also bought Spyware Doctor Software because my infections were multiplying before my eyes and I got a little freaked. It has removed so far over 600 infections, and everytime I scan more infections are found.
Do you think this Spyware Doctor is at all usefull?
Can you help me???

A:Infected With Trojan Downloader.zlob

Just thought I'd add my newest scan results...maybe helpful? It seems to never really get rid of the actual Trojan Downloader.

Spyware Doctor Activity Report
Generated on 5/2/2006 6:47:29 PM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 5/2/2006 6:48:04 PM
scan stop: 5/2/2006 6:53:43 PM
scanned items: 66670
found items: 28
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Trojan.Popuper iexplore.exe (C:\WINDOWS\system32\hpD76D.tmp) High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta## High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{b0398eca-0bcd-4645-8261-5e9dc70248d0} High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{b0398eca-0bcd-4645-8261-5e9dc70248d0}## High
Trojan.Popuper HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run##wininet.dll High ... Read more

Read other 2 answers
RELEVANCY SCORE 69.2

I have an HP Pavilion zd8000 running XP

I was on Facebook and got a video message from a friend (or so I thought). When trying to view the video, I got a message saying to upgrade my flash player. Downhill from there.

Now, when I log in to Yahoo, Facebook, or the likes, the page is incomplete and garbled.

I have the free version of AVG and it found the Trojan "Downloader.Zlob.AGFO"

When I try to download any removal tool or any other type of file, it won't let me run it. I get an error about the file not supporting Win32, or something to that effect.

Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:36 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.... Read more

A:Trojan Downloader.Zlob.AGFO

It is also interfering with this site because I have logged in on it. Occasionally I can refresh a few times to clear up the garble, but not always.
 

Read other 2 answers
RELEVANCY SCORE 69.2

hello, i'm new to the site, and i recently followed the instructions that were given from these forums about how to handle this situation. i used smitfraudfix and i went into safe mode, cleaned, and went back in. my background is gone, but everything else seems to be here. also, the computer is running much faster. however, i just ran an adware software (ad-aware 2007, the free version) and so far it tells me i have 57 "infections" detected. is everything ok? or did i miss something in this process?
 

A:trojan downloader Zlob problem...

bump
 

Read other 1 answers
RELEVANCY SCORE 69.2

My PC is infected with Trojan Downloade Zlob.. and i cant find anything to get rid of it..
alot of scans to point it out but nothing tio get rid of it. I scanned with adaware and found it and deleted it, then I scanned with kaspersky and it was still there

can u help.. again..

thank you in advanced!
 

A:Trojan Downloader win32 Zlob.

Read other 16 answers
RELEVANCY SCORE 69.2

Logfile of HijackThis v1.99.1Scan saved at 1:59:06 PM, on 11/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\... Read more

A:Infected With Trojan Downloader-zlob

Add remove programs - remove logitech desktop messengerYou should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen,... Read more

Read other 3 answers
RELEVANCY SCORE 69.2

Anybody know anything about trojan horse downloader .Zlob.WEN? What kind of information can it steal off a computer? How does it get on somebody's computer? It was detected by AVG free edition 7.5 during a virus check I did recently. It was put into quarantine in the virus vault. I deleted the file it had infected, since it couldn't be repaired, and after running the scan again it came up as not being on my computer any longer. The stupid thing is that even though AVG originally detected the trojan, it couldn't tell me anything about it when I tried to research it with their malware encyclopedia. Thanks for any help anybody can give me.
 

Read other answers
RELEVANCY SCORE 69.2

For a while I have been dumb and have been running my computer without any virus protection. I finally gave in a got the best (according to various reviews), but that's another story. I scanned my computer using Kaspersky, and it found the Trojan-Downloader.Win32.Zlob.zrh virus, but will not get rid of it. I have looked around online and have not been able to find a sufficient way of deleting it. I found on the forums here that someone posted their HiJack This log file and was able to get some help from one of the moderators. I am hoping someone will be able to help me too. Here is a link to the specs for my computer as well as my HiJack This log file. Please let me know what other information I need to provide, and thank you in advance for the help!

My Computer
OS: Microsoft Windows 7 (6.1) Home Premium Edition (Build 7600)
Motherboard: ASUS P5N-D
CPU: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Graphics: nVidia GeForce 9600GT
RAM: 8GB (4x2GB) nVidia SLI
HDD: 500GB Western Digital Caviar Black WD5001AALS 500GB 7200 RPM 32MB Cache SATA 3.0Gb/s 3.5

HiJack This Log File
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:56:16 PM, on 2/12/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Co... Read more

Read other answers
RELEVANCY SCORE 69.2

I'm running Vista and have the Trojn downloader Zlob and need some help. tThe Smitfraud Fix isn't an option with Vista and I've search everywhere and can't seem to get a straight answer about exactly what I should do. I've read a couple of posts here about fixes with xp but nothing I can find about what to do with Vista.

Thanks,

Lee
 

A:Vista Trojan downloader Zlob Help!

Read other 16 answers
RELEVANCY SCORE 69.2

Please help me! My computer has developed a trojan and I can not find it to manually delete it. This is what the pop up exactly says:

Your computer is infected!

Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent
data loss. Windows will now download and install the most
up-to-date antispyware for you.

Click here to protect your computer from spyware!

----------End of Popup-------------
This popup has been on my computer for about four days.
I really need your help. My computer just came out of the shop not too long ago. I paid a lot of money to get it fixed.
 

Read other answers
RELEVANCY SCORE 69.2

my operating system is xp pro i keep getting a message from norton that i have been protected from a trojan but after many of these warnings the infection manages too spawn itself again, taking over my desktop with warning page & taking over my home page and constant pop ups saying that i'm infected & i should proceed to this website where all will be cured it all so place three short cuts on my desktop "privacy protector" "error cleaner" & "spyware&malaware protection" the combined forces of norton, AVG, AD-Aware & spybot search & destroy are only slowing this nasty piece of work down! if there is a way of removing this infection without having too re-format i would be most gratefull
 

Read other answers
RELEVANCY SCORE 69.2

Hi:Several weeks ago I started having problems accessing certain websites, verizonwireless.com being one, and keep getting the message "Firefox can't establish a connection to the server at www.verizonwireless.com. My laptop is five months old so I went to HP online support and had them check things. There conclusion was that my laptop is infected and that I should do a system recovery to remedy the situation.I have tried all the antivirus software that I have.....Norton, Norton Power Eraser, SuperAntispyware, Spybot, Malwarebytes, MS Malicious Removal Tool in normal mode and safe mode but nothing seems to remove anything.While using Spybot I noticed that it scanned a Zlob.Downloader folder and I found from online research that this is a trojan. I did another scan using Spybot and noticed other things it scans that seem to be trojans as well (didn't write them down though). Spybot scans these items but does not remove them.  I downloaded Hijack This and ran a scan however when it first started, the scan paused and I got the following message:For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.If that happens, you need to edit the file yourself. To do this, click Start, Run and type:notepad C:\Windows\System32\drivers\etc\hostsAnd press Enter. Find the line(s) Hijack This reports and delete the. Save the file as ‘hosts’. (with quotes, and reboot.I clicked OK a... Read more

A:Trojan Problems......Zlob.Downloader and more.....HELP!!!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===HijackThis is not ready for your Operating system.Use this tool from now on.Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same d... Read more

Read other 2 answers
RELEVANCY SCORE 69.2

Logfile of random's system information tool 1.04 (written by random/random)
Run by Josh at 2008-11-02 11:31:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (62%) free of 62 GB
Total RAM: 1022 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:07 AM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synapt... Read more

A:Malware: Trojan-downloader-zlob

Hello slade1.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, ... Read more

Read other 11 answers