Over 1 million tech questions and answers.

Infected With Trojandownloader.win32.zlob.ci And Trojan.win32.startpage.adh And Spywarequake 2.0

Q: Infected With Trojandownloader.win32.zlob.ci And Trojan.win32.startpage.adh And Spywarequake 2.0

I have already scanned and fixed my notebook for spywares using ad aware se and sbc yahoo! anti-spy. But i still got pop ups and system alerts saying that i have spywares on my computer and my internet explorer browser is still internet security. And everytime i run sbc yahoo! anti-spy, i always get the same spywares and when i click on remove all, it is removed but when i run it again, the scaan results is the same. Please help me. Attached is the copy of the log created using HijackThis. Thank you.Logfile of HijackThis v1.99.1Scan saved at 12:02:06 AM, on 7/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dcomcfg.exeC:\WINDOWS\system32\atmclk.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exeC:\Program Files\Yahoo!\Antivirus\CAVTray.exeC:\Program Files\Yahoo!\Antivirus\CAVRID.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Yahoo!\Antivirus\ISafe.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Yahoo!\Antivirus\VetMsg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\WINZIP\wzqkpick.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dslR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dslR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunchR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmpO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [ShowLOMControl] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exeO4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Bluetooth Manager.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Forget Me Not.lnk = ?O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm029YYPHO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXEO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

RELEVANCY SCORE 200
Preferred Solution: Infected With Trojandownloader.win32.zlob.ci And Trojan.win32.startpage.adh And Spywarequake 2.0

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected With Trojandownloader.win32.zlob.ci And Trojan.win32.startpage.adh And Spywarequake 2.0

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.The report can also be found at the root of the system drive, usually at C:\rapport.txtWarning: running option #2 on a non infected computer will remove your Desktop background.====================Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)? Install ewido.? Run the application? Click on scanner? Click Complete System Scan and the scan will begin.? When the scan is finished, Set all items to delete? Apply all actions? look at the bottom of the screen and click the Save report button.? Save the report to your C: DriveThis will take some time to run!RE-BootPost that log and a new HiJack log

Read other 5 answers
RELEVANCY SCORE 211.2

a friend of mine isnt that computer oriented and was on my computer and clicked on everything that popped up pretty much. ever since then my homepage has been coming up as blank and have been getting a little bubble at the bottom of my screen saying that i have spyware on my pc along with a numerous amount of pop ups (which i never got before, at all) and i did the scans described in my description and still no luck removing them. never had this kind of problem before at least of this im a very big noob when it comes to this so bear with me thanks in advance for any tips or ideas!!!!!!Logfile of HijackThis v1.99.1Scan saved at 8:49:22 PM, on 7/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\cox\applications\app\CurtainsSysSvcNt.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Cox\Applications\app\Prism.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system3... Read more

A:Infected With Trojan.win32.startpage.adh, Trojandownloader.win32.zlob.ci, Trojandownloader.win32.zlob.mo, Spywarequake 2.0, Sea...

Hello Gnome86,Welcome to BC. I am sorry to be the bearer of bad news, but you have several infections, the most important of which is a worm, SDBOT.BWV, with backdoor and keylogging capabilities, evidenced by these entries :O4 - HKLM\..\Run: [System Kernal Support] system.exeO4 - HKLM\..\RunServices: [System Kernal Support] system.exeO4 - HKCU\..\Run: [System Kernal Support] system.exe I would recommend you to disconnect this PC from the Internet immediately. If this computer is used for any sensitive transaction like banking or other financial transactions or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would also be wise to contact those same institutions to alert them to the possibility of identity theft. Though it is identified and can be killed, because of it's backdoor functionality, it is very likely that your computer is compromised and there is no way to be sure that it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Here are some informative links to help you decide:When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063 How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451 Securi... Read more

Read other 10 answers
RELEVANCY SCORE 174.4

Hi, Below is the log of the HijackThis which I ran as per the instructions on your website. I am currently running spydoctor which finds the infected files and apparently fixes them, but then they return almost immediately. I run ZoneAlarm firewall and AVG antivirus along with aol, if that helpsPlease help as this is driving me mad Logfile of HijackThis v1.99.1Scan saved at 20:16:06, on 04/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/2/hi/uk_news/default.stmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpEC05.tmp (file missing)O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files... Read more

A:Infected With Trojandownloader.win32.zlob.ci & Trojan.win32.startpage.adh

Hello,Your previous log is not complete... I am missing the running processes part, so make sure you are running HijackThis from a permanent folder and not from a temp folder.It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpEC05.tmp (file missing)O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files�... Read more

Read other 2 answers
RELEVANCY SCORE 129.6

Hey there , greetings all :)

I have a couple of probs really, unsure if they are linked.

I randomly get IE7 locking up , freezing (spinning blue circle icon) when I click on links in IE7. Can only close window with ctrl/alt/delete.

But my main problem seems to be that I have on my system the following...

c:\windows\temp\9d5.tmp - a variant of Win32/TrojanDownloader.Zlob.BXN trojan
c:\users\*MY USER ACCOUNT*\AppData\Local\Temp\tmp5AFB.tmp a variant of Win32/AutoRun.ABH worm

I may also have other infections that I am not aware of (unsure really). I have done the following ...


Quote:




1. Double-click gmer.exe. The program will begin to run.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
Click the Scan button and let the program do its work. GMER will produce a log.......




gmer.exe starts scanning but when it gets to \Cdfs I get black screen on my laptop , then a BSOD, memory dump then shutdown.


Quote:




2. Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt. You will be attaching the info.txt.




I have both those files.

Contents of log.txt ....

Logfile of random's system informati... Read more

A:Infected by TrojanDownloader.Zlob.BXN trojan and a variant of Win32/AutoRun.ABH worm

*bump*

Read other 19 answers
RELEVANCY SCORE 129.6

I did my best to follow the pre-posting instructions and there's still the same issues as before.Please help me fix this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:40:00 AM, on 1/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\fpsuqsiw.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svch... Read more

A:Win32.trojan.agent, Win32.trojandownloader.zlob, Pe_trats.a

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 19 answers
RELEVANCY SCORE 124

I have tryed everything to get rid of this trojan. Mcaffee doesn't id it. Pest patrol id's it but won't remove it. I have done a dos scan, adawarese scan, used spybot, mcafee stinger all to no avail. Please help Thanks in advance. Attached is my high jack this scan log. Thank you so much in advance.Logfile of HijackThis v1.99.1Scan saved at 6:30:54 PM, on 6/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\Program Files\DigitalPersona\Bin\DpHost.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Common File... Read more

A:Trojan Downloader.win32.zlob.ci & Trojan Win32.startpage.adh

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 5 answers
RELEVANCY SCORE 119.6

My computer is infected with Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent. I've been trying to remove them with Ad-Aware but they re-install themselves. I've downloaded numorous other malware removers but the malware seems to disrupt / won't allow them to install or work. This includes the root repeal program mentioned in the preparation guide. When I attempt to run root repeal I get the following error:

04:03:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)
04:03:06: DeviceIoControl Error! Error Code = 0x1e7
04:03:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)

The most annoying thing that is happening is when I go to google something, it will redirect me to somewhere else or will throw random pop-ups at me every now and then. Also, I tried to reformat / re-install a fresh copy of Windows Vista but it seems this piece of malware makes it impossible to boot from disk.

Thank you in advance for your assistance!

Attached below is my dds.txt log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Jeff at 3:59:19.84 on Fri 08/28/2009
Internet Explorer: 7.0.6000.16890
Microsoft? Windows Vista???? Home Premium 6.0.6000.0.1252.1.1033.18.2046.1362 [GMT 9:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\... Read more

A:Infected With Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 119.2

HiI seem to have a virus on my computer as Windows Defender keeps coming up with TrojanDownloader:Win32/ZlobMy homepage on the internet has also changed to http://aprotectservice.com and I keep getting popups to download all sorts of Anti-virus and Anti-spyware programs every few seconds.I keep trying to remove the virus through Windows Defender but it doesn't seem to be working as every time I restart the computer when asked to it just tells me the virus is still there. Please can someone tell me how to get rid of this spyware and virus. Many thanks

A:Infected Trojandownloader:win32/zlob

to BCHow To Remove The Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid

Read other 1 answers
RELEVANCY SCORE 119.2

Hello,I have a problem with a nasty virus. A couple weeks ago i suddenly started getting strange popups and my pc was slowing down. After scanning my computer, mcafee told me it's trojandownloader.zlob and zlob/Y. Mcafee said it was deleted but i still get strange popups and crashing programs. After googling it i found a guide on this site with the instructions to deleted this trojan. I followed them but im still stuck with it so im guessing im infected with more malware. I made a dds log and a gmer log, can you please take a look at it and help me?DDS (Ver_10-03-17.01) - NTFSx86 Run by Piet en Alice at 17:04:42,20 on ma 03-05-2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Business 6.0.6002.2.1252.31.1043.18.3069.2006 [GMT 2:00]AV: My Security Engine *On-access scanning enabled* (Updated) {25804AC2-E295-484A-97B4-C65C66DD44EF}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: My Security Engine *enabled* {3F9B6966-CEB2-4DBE-B82D-A645CD02ECE8}============== Running Processes ===============C:\Windows\SYSTEM32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32�... Read more

A:Infected with (probably) win32.trojandownloader.zlob

Hello Victim, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please post the GMER log then proceed with the steps below.2.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This m... Read more

Read other 11 answers
RELEVANCY SCORE 119.2

IWENT THROUGH STEPS 1-9 ON THE PREPARATION GUIDE, MY COMPUTER IS STILL INFECTED AND VERY SLOW. WHAT ELSE CAN I DO TO CLEAN MY COMPUTER OF VIRUSES?? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:45:59 PM, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\G... Read more

A:Infected With Win32.trojandownloader.zlob

Hello and welcome to BC,Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease visit below webpage for instructions for download... Read more

Read other 2 answers
RELEVANCY SCORE 119.2

first in the task bar it showes message " System alert: Malware threats your computer might be infected with a backdoor Trojan ..........click this baloon to download malware removal tool"I tried using smitfraudfix.exe in safe mode, but seems like its not workingautomatically opens antivirus2008 pop up. I had something on the toolbar which i was able to remove using Hijack this. but the popup still comesI am including hijackthis logany help is greatly appreciatedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:41:05, on 11/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv... Read more

A:Infected with trojandownloader win32/Zlob.gen!ck

one more thing when i clicked the message on the task bar it took me to web page "http://www.winavsentry.com/?advid=177"
it is asking me to download "windows antivirus 2008"

Read other 3 answers
RELEVANCY SCORE 118

Hello,
So my computer is infected with Win32.trojandownloader.zlob. I have AVG and Zone-Alarm and Ad-Aware 10. I scan my computer everyday with all 3. I get between 50-200 "infections" with each of these and I try to remove/quarantine the problems BUT I still get a warning from each one saying I am infected with Win32.Trojandownloader.Zlob whenever I do a FULL scan using all 3 software programs. I also tried the Microsoft stinger app. I don't know of any other ways to remove these "Infections/Viruses" other than to keep downloading different programs to delete them. Nothing seems to be able to delete them. I do have the Zone-Alarm firewall and google pop-up blocker. I need to know what other steps I can do to clean my computer. I HATE HOW SLOW IT IS! I recently downloaded Google Chrome browser and it seems to be a little bit quicker than internet explorer so I will be using this from now on. I have not deleted IE though. Any assistance would be greatly appreciated!!!!
THANKS ~~~~~ ~~~~CRYSTAL~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:59 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\... Read more

Read other answers
RELEVANCY SCORE 117.2

I have been having issues with fake system alerts popping up and ultimately the whole thing ending with a frozen computer.The most common reoccuring "system alert" says "You have been infected with a black door trojan virus." It then offers me to click the balloon to go download the necessary tools to remove it. Obviously it is fake, but unfortunately I cannot remove it.I ran Lavasoft's Ad-Aware (With updated definitions as of 11-13-07) and it came back with 2 things:Win32.Trojan.AgentWin32.Trojandownloader.ZlobI chose to remove them and it said it could not until a restart, but it does not start on startup. When I start a new scan, it finds it again. I ran a HiJackThis and here is the log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:30:48 AM, on 11/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxsrvc.exeC:\Documents and Settings\Administrator\Desktop\HiJackThis.exeC:\Program Files\Internet Expl... Read more

A:Trojan-ldcore, Win32.trojandownloader.zlob

Thanks oh so much for the quick response. I'll be SO sure to bring my future problems back here. I solved it with spybot S&D... no thanks to the swift response from this forum.

Unhappily yours,

Nate R

Read other 2 answers
RELEVANCY SCORE 115.6

Community,I am having SERIOUS problems removing a virus. It infected my computer through a website - //www.pcsecuresystem.com -- please look out for it!I need help fixing this problem, please. No matter how many times I try to run AdAware or Spybot, the Vundo virus keeps returning upon startup (my McAfee keeps telling me this) and AdAware locates the Zlob downloader, but doesn't delete it when I click "Remove".Again, I have run AdAware 2007, several times, but it seems to not be able to delete the malware. When it shows me the problem, Adware give this information:===================================================WIN32/Trojandownloader.ZlobRegistry Entry: HKCR Path: clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}Registry Entry: HKCR Path: clsid\{a95b2816-1d73-4561-a202-68c0de02353a}Registry Entry: Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d73-4561-a202-68c0de02353a}File name: File: c:\System Volume Information\tracking.log.===================================================Also, I am posting my Hijackthis Log, as follows:===================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:10:27 PM, on 2/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon... Read more

A:Infected With Win32.trojandownloader.zlob, Zundo, And Unknown Malware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum morehouse96My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the gu... Read more

Read other 13 answers
RELEVANCY SCORE 115.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:54 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHom... Read more

A:Win32.Trojandownloader.Zlob and Win32.Backdoor.Sinowal and possible other infections

Hello and welcome to TSF

==========
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

============
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

Read other 7 answers
RELEVANCY SCORE 109.2

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 108.8

Every time i click to do anything on my computre, this popup appears and says "Your computer has been infected by Trojan.Win32.startpage.fg Click OK to download the antispyware program to clean your computer"When you click OK it takes you to a web site where you can purchase the program to remove it.I have completed all of your "before posting" recommendations and nothing has helped.My Hijackthis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:14:13 AM, on 12/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1... Read more

A:Infected With Trojan.win32.startpage.fg

Hi, Wellcome to Bleeping Computer Forums!My name is Renato Mejias, and I will help you to solve your problems .You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet.The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.

Read other 8 answers
RELEVANCY SCORE 108.8

(DDS log below)I re-installed my AV after running without it for a while and found that I had quite a few bad things going on picked up by Nod32 including (see attachment for more detail):Win32/Olmarik.ZCJava/TrojanDownloader.Agent.NBEa variant of Win32/Olmarik.UL trojanWin32/Cimag.CL trojanI also get multiple outbound connection attempts which are at least partially being blocked by Nod32 to weird .cc .cn and a few .com domain urls, this happens after performing a google search. Also getting some browser redirects going on and homepage changes.I tried setting nod32 to pre-release updates and performing a full scan, this picked up the above and removed them, but after a reboot there are still things going on. Before reading the steps on this site, I ran the latest ComboFix twice which picked up a rootkit in intelide.sys both times, but appears to come back each time. While I disabled nod32 when I ran ComboFix, it re-enabled upon reboot automatically, not sure if that matters.I've also been getting a startup delay of around 1 minute after logon, in this time, nothing appears to be going on (no apparent CPU or disk activity), but wireless, AV and other startup items do not run. Then a minute later, everthing fires up.I've tried running GMER several times but this keeps giving me a BSOD with IRQL_NOT_LESS_OR_EQUALLast scan with nod32 came up clean but still getting outbound connections and browser redirects.Looking to sort this out once and for all!DDS (Ver_10-03-17.... Read more

A:WinXP rootkit? problem + Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE a variant of Win32/Olmarik.UL trojan Win32/Cimag.CL t...

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perfor... Read more

Read other 14 answers
RELEVANCY SCORE 108.8

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 107.6

Hello,
 
I have been experiencing slow PC and slow internet connection, gradually getting worse over 2 - 3 weeks period.
 
Several times over the last three weeks, Google returned a 'Violation' message with the following text:
 
"Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests". I have to enter Captcha to continue. If I reboot the modem, the speed improves for an hour or two, then slows down again. Standard information pages of a website take 30 to 60 seconds to load.
 
I ran a Windows Defender full system scan which located two items:
Trojan: WIN32/startpage.ABB  (severe)
Dialer: WIN32/DlStwoyle (high)
 
I completed the 'remove' function on the Defender scan results.
 
Am I still infected?
 
Thanks
Jane
 
System Description: Desktop: Windows 7 Ultimate 32bit and Latrop Asus 64bit (full description in Signature)

A:Found WIN32/Startpage.ABB Trojan - am I still infected?

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-se... Read more

Read other 13 answers
RELEVANCY SCORE 104.8

My wife's work computer was, and I beleive still is, infected with the Trajan.Gen.2 / win32/TrojanDownloader.Unruy.BNtrojan.

Today I have followed bleepingcomputer's Preparation guide (logs follow)but unfortunately I have made some mistakes in the last ten days:

When the computer was infected it was running Symantec Enpoint Protection (for some reason it wasn't updating it's definitions). I had success in the past with malwarebytes so I tried it thinking it would fix it. Then, unfortunately, I messed up and ran ESET NOD32 without unchecking the 'fix errors'. It found 38 infected files! Now I run the scan and it shows clear but it certainly is not!

So most recently (the way I found bleepingcomputers.com) I was on Malwarebytes.org and found what looked like straightforward instructions here: http://forums.malwarebytes.org/index.php?showtopic=51894 . Unfortunately, I couldn't install the recovery console to complete their reccomended course. When I ran the Dell XP disk it told me I had a later version of XP on the machine so I backed out so I could research if that was a problem (I think the problem was that the disk was SP2 and we are running sp3). When I've gone back to try it again I can't even get that far. I get a run error: "d:\i386 refers to a location that is unavailable. It could be on a hard drive or..."

Most recent symptoms:

I tried to turn the computer on and log in under Normal mode with Networking thi... Read more

A:Infected Trojan.Gen.2 / win32/TrojanDownloader.Unruy.BNtrojan

Hello needingbleepinghelp, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7... Read more

Read other 18 answers
RELEVANCY SCORE 104.8

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 103.6

hi, i have recently been experiencing sudden extreme lagging, unresponsive clicks, and sudden error messages.
i have Norton internet security, spy ware detector, max registry cleaner, mrt (malicious removal tool) from Microsoft, and windows defender.
i ran all these programs, and only windows defender actually picked up this Trojan called trojandownloader:win32/zlob, and it quarantined it, but cant remove it.
I don't know what to do, and it would be really nice to have my computer back again =[.
please help me, anything you recommend ill try, i"m very desperate.
thanks in advance, thunder1336.
 

Read other answers
RELEVANCY SCORE 103.6

Hi, my computer acquired a virus(s)/spyware a couple days ago and I've been searching the net, trying to fix it ever since.

I started getting weird pop-ups, IExplorer pop-ups, even "Security" and "System Alert" pop-ups from the bottom toolbar, all saying I may have virus/spyware, urging me to download a program to remove it. I thought it may be real so I clicked it, but my Avast! Antivirus came on saying it's a "malware".

I ran Ad-aware, which found/deleted a lot of things, except I can't get it to remove/quarantine the Win32.trojandownloader.Zlob that it keeps finding in the scans.

I've ran a thorough Avast Antivirus scan and it found 6 infected files with the Win32:WimAD-l (trj), which I deleted, but it didn't seem to pick up the Win32.trojandownloader.Zlob on my computer. I keep getting the pop-ups.

I've read other posts and have installed the Hijack This program and will send the log below...

Please HELP!! Thanks so much!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:37 PM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\Program Files\Alwil Software\Avast4\aswUp... Read more

A:Win32.trojandownloader.Zlob... Please HELP!!!

Hi Welcome to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool ... Read more

Read other 1 answers
RELEVANCY SCORE 103.6

This is my first post. I've read rules and hope that I'm following them correctly.

I'm using a Dell Laptop w/Vista.

This morning, I clicked a Facebook e-mail link (I really do know better). Looks like I have a nasty virus that will not allow IE7 to run. Windows Defender displays the following file names and offers to remove: TrojanDownloader:Win32/zlob.ANS and TrojanDownloader:Win32/zlob.BAH.

I am redirected to www.kghyt.com/gatevc.php?id=dw02 and www.cbgra.com/gatevc.php...

I can not do anything online, and have downloaded hijackthis from another computer in my home and loaded on mine via jump drive. I'm pasting the results of my hijackthis log and will be happy to provide any more information you would find helpful. Any assistance you can provide would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:25 PM, on 12/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDe... Read more

Read other answers
RELEVANCY SCORE 103.6

I am trying to get rid of this virus. Can anyone help??? Here are my HijackThis logs:
This is my dad's computer and he is in the hospital and returns home tomorrow! I'd really like any help as quickly as possible... so he will have a computer when he gets home!!
Thanks very much!!
I did delete this file
C:\Program Files\WebMediaViewer\hpmon.exe
which is, I believe, why some of the entries on the logs show "file missing".

Laura

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:54 PM, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,S... Read more

A:TrojanDownloader Win32/Zlob.AON and AMV

bump! Can someone please help me? I really need to get this fixed as quickly as possible and don't know where to begin.
 

Read other 2 answers
RELEVANCY SCORE 103.6

Found this by running adaware. Ran several programs and I thought it was gone. Just not sure. Installed super anti spyware and have ran Norton numerous times. Not sure if its hiding or gone. Any help would be appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:43:19 PM, on 6/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\TOSHIBA&... Read more

A:Win32.trojandownloader.zlob

Hello, and welcome to the forum.My name is Simon V., and I'll be glad to help you with your computer problems.Step 1Please download and install CCleaner.Open CCleaner. On the Windows tab, leave the default options alone.On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.Click on the Run Cleaner button at the bottom right hand corner.When the cleaner has completed, click Tools in the Left Pane.Verify that Uninstall is highlighted in color, or click on it. In the lower right, click Save to Text File. Pull down the arrow at the top of the Save dialog and choose Desktop as the location. You can leave the filename as install.txt. Click Save, then exit Ccleaner.Step 2Open HijackThis, perform a scan and put a check next to the following items (if present):O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)Close all programs except HijackThis and click on Fix checked.Step 3Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an ... Read more

Read other 6 answers
RELEVANCY SCORE 103.6

i recently had a problem w/ virusburst and other programs that appeared on my system i ran norton scans adware se, and spybot search and destroy (multiple times) and they picked up some things but didn't solve my problem i got rid of them finally by running windows live one care scanner however there were a few items that it could not delete i think because the applications were running TrojanDownloader:Win32/Zlob.gen!dll is one of them the other is TrojanDropper:Win32/SmaII.GT my system is working fairly normally but after i have it on for a few hours there is a definite decrease in performance. here is my logfile thank you very much in advance Logfile of HijackThis v1.99.1Scan saved at 3:45:30 AM, on 12/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files�... Read more

A:Trojandownloader:win32/zlob.gen!dll

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. First I would recommend that you uninstall Logitech Desktop Manager. It's not malicious, but it does put an unnecessary strain on your computer.Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 a... Read more

Read other 12 answers
RELEVANCY SCORE 103.6

I have had the misfortune of contracting a Win32/Zlob malware problem on my Vista operating system. It has changed my default Internet Explorer homepage to some phony security site as well as generally slow down my system. It also caused windows explorer to constantly say it was encountering problems but that has since stopped. I ran McAfee scans but i do not think that solved the problems. Any help would be greatly appreciated. Here is my hijack this logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:42 AM, on 05/09/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell AIO 810\DLCGmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\Syst... Read more

A:TrojanDownloader: Win32/Zlob

Welcome to TSG

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.geekstogo.com/SmitfraudFix.exe
Double-click on SmitfraudFix.exe


Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
In your next reply, please post the contents of rapport.txt.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "Risk Tool". Its not a virus, but a program used to stop system precesses. Antivirus programs cannot distinguish between "good" and malicious" use of the such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 103.6

Yeah uhh..infected with TrojanDownloader:Win32/Zlob...brand new computer need help what do i do??? email me at [email protected]

A:Trojandownloader:win32/zlob

SAS is compatible with Vista, if that is what you have, and will remove Zlob.Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/How to Start Windows in Safe Mode:http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Read other 1 answers
RELEVANCY SCORE 103.6

It seems I have a computer virus or TrojanDownloader on my computer. I have never had a problem with viruses before, probably because I rearly download anything from the internet or read emails from people I do not know. I do now though!
When ever I start my computer I get the following warning:
Windows Defender Warning
Review harmful or potentially unwanted software

Name:
TrojanDownloader:Win32/Zlob.ANS
Alert level:
Severe
Click to expand...

I select Remove All and am told by windows defender that:
No unwanted or harmful software detected.
Your computer is running normally.
Click to expand...

Until I start my computer again. I get the same message about the virus.
I have also tried using AGV anti-virus to get rid of the problem. But it just keeps coming back. Any suggestions?
 

A:How to get rid of: TrojanDownloader:Win32/Zlob.ANS?

Use the 'Report' button to ask a Moderator to transfer this to the Malware Removal and Hijack This Forum where you can get some specialist help.

My limited understanding of trojans is that they can sometimes recreate themselves whatever 'removal' steps are taken, probably something lurking in the Registry!
 

Read other 2 answers
RELEVANCY SCORE 103.6

My pc was infected with a zlob trojan. My browser was hijacked and rerouted to several bogus virus killer websites, porn and gambling pop-ups kept appearing and I kept getting (I suspect bogus) virus console messages stating that a puper.dll virus was successfully deleted.
After following the steps recommended by MicroBell here to eradicate a trojan infection on my pc, I have managed to get rid of most of my problems. Ad-Aware SE got rid of two regkeys and I used an evaluation version of TrojanHunter 4 to get rid of another zlob downloader. But the bogus virus console message keeps popping up. Both my regular McAfee 8.0.0 viruskiller and Trend Micro and CA online antivirus programs detect nothing. Pop-ups are less frequent than they were, but still... Below is my HJT log. Any help to rid me of this problem is much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 15:04:20, on 23/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe ... Read more

A:win32.trojandownloader.zlob

Hello and welcome to TSF

I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Ewido Anti-MalwareInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows load... Read more

Read other 6 answers
RELEVANCY SCORE 103.6

hi, i have recently been experiencing sudden extreme lagging, unresponsive clicks, and sudden error messages.
i have Norton internet security, spy ware detector, max registry cleaner, mrt (malicious removal tool) from Microsoft, and windows defender.
i ran all these programs, and only windows defender actually picked up this Trojan called trojandownloader:win32/zlob, and it quarantined it, but cant remove it.
I don't know what to do, and it would be really nice to have my computer back again =[.
please help me, anything you recommend ill try, i"m very desperate.
thanks in advance, thunder1336.

here is my hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:02 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiS... Read more

A:trojandownloader:win32/zlob

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 103.6

I'm running an Advent laptop PC with Norton Internet Security 2007 on it. All bought in Oct 2005. Never had any problems until this morning when I logged on and was immediately informed that I had a Trojan backdoor virus. I got this warning via a System Alert (a yellow triangle thing in the bottom right corner with an exclamation mark in it). It asked me to click on the balloon and it took me to an advert for MalawareWiped and invited me to purchase it for $49.95.I immediatley ran a system scan with Norton, Nothing was detected.The whole time this icon is telling me that I have a virus.Then another Windows icon popped up telling me I had the Win 32 virus.Evenutally I went on line to Symantec for their help. They told lme to run another full system scan. I did. It showed nothing.I then began to wonder why this System Alert kept inviting me to purchase the MalawareWiped software. I Googled MalawareWiped and was informed it was a Trojan virus and was linked to Pest Capture and Vermis or something, all of which I'd been invited to buy. I also noticed a "new" part of my browser which wasn't there yesterday, entitled Security Protection or something.Surfing the web brought me to My Bleeping Computer.com and I have followed your instructions for getting rid of Malaware faithfully with the following problems.I could not download HouseCall Anti Virus. I got halfway through the scan and inadvertently switched off the browser button and had to start again (sorr... Read more

A:Win32.trojandownloader.zlob

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 9 answers
RELEVANCY SCORE 103.6

Logfile of Trend Micro HijackThis v2.0.2I downloaded this file and I think I removed it, but not sure. Can anyone tell if it is gone? Can it hide somewhere else?Scan saved at 10:17:51 PM, on 8/8/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\BigFix\bigfix.exeC:\Program Files\Grisoft\AVG Free\avgcc.exeC:\Windows\HCWemMON.exeC:\Program Files\dvd43\DVD43_Tray.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\AntiSpywareBot\AntiSpywareBot.exeC:\Program Files\Internet Exp... Read more

A:Win32.trojandownloader.zlob

Hi,Looks like you got most of it but we'll double check.I'd like to see an uninstall list from Hijackthis.Open HijackthisClick "config" at lower right.Click "misc tools" at top.click "open uninstall maanger"Click save list...."Save the log someplace handy & post it here.Next:Using Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available otherwise Standard)Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan select My Computer The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save report button.Call it Kaspersky.txtExpand the arrow beside "file types" and save as .txt file.Save the file to your desktop. Copy and paste that information in your next post.*NoteIt is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.Please don't go surfing while your resident protection is disabl... Read more

Read other 8 answers
RELEVANCY SCORE 103.6

I have AOL safety and security on my pc, it shows that it has blocked the following files.
Trojan.win32.startpage.adh and TrojanDownloader.win32.zlob.mo The problem is that they keep reappearing and while using internet explorer my homepage keeps redirecting me to a page http://www.securityuptodate.net/ wanting me to download things which I know not to do but still cannot remove it.
 

A:TrojanDownloader.win32.zlob.mo

Read other 16 answers
RELEVANCY SCORE 103.6

I ran Ad-Aware (Free Version) and I am having problems getting rid of it after a scan and 'removal'. When I was infected all of a sudden I start seeing advertisements and virus warnings flashing about plus my system tray has a flashing ! indicating I am infected (Is this the virus?). I ran HijackThis and was told this forum would help me after providing you guys with a log file. Please help! Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:11 PM, on 10/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.43\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Progr... Read more

A:Help! Win32.Trojandownloader.zlob won't go away!

Sorry, I also wanted to add that Windows Defender picked up these two warnings, associated with my virus problem:

TrojanDowloader:Win32/Zlob.ANS
TrojanDowloader:Win32/Zlob.AMV

I am using Windows Vista. Thanks in advance!
 

Read other 1 answers
RELEVANCY SCORE 103.6

Hi,

I'm new and a beginner, so please excuse my ignorance

When I ran Ad-Aware it detected: Win32.Trojandownloader.Zlob

Would someone be able to tell me what it is and what it does please.

Thanks,

watty
 

A:Win32.Trojandownloader.Zlob

Read other 9 answers
RELEVANCY SCORE 103.6

I think I may have eradicated the win32.trojandownloader.Zlob by using info found on forums but really could use some expert file analyzation and advice. I have attached 3 different Combofix files, 2 different Hijackthis files and an Ad-Aware log file. I have been dealing with this for 3 days now and hope damage has not been incurred.
Thanks in advance.

A:I Have/had The Win32.trojandownloader.zlob

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

Read other 1 answers
RELEVANCY SCORE 103.6

Hi All,I have had this trojan now for a month and can;t seem to get rid of it. I have Ad-Aware SE and it finds the trojan and supposedly removes it. But, within a few hours, its there again. Here is my current HJT file I just ran. I also have SmitFraud. Can someone tell me how to get rid of this using HJT and SmitFraud?Thank you very much.BattistiLogfile of HijackThis v1.99.1Scan saved at 11:26:16 AM, on 12/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32&#... Read more

A:Win32.trojandownloader.zlob

Hi battisti,

We're studying your log right now and will be back to you a.s.a.p.

Thanks for your patience.

Read other 7 answers
RELEVANCY SCORE 103.6

trojandownloader:win32/zlobhi, i have recently been experiencing sudden extreme lagging, unresponsive clicks, and sudden error messages.i have Norton internet security, spy ware detector, max registry cleaner, mrt (malicious removal tool) from Microsoft, and windows defender.i ran all these programs, and only windows defender actually picked up this Trojan called trojandownloader:win32/zlob, and it quarantined it, but cant remove it.I don't know what to do, and it would be really nice to have my computer back again =[.please help me, anything you recommend ill try, i"m very desperate.thanks in advance, thunder1336.here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:37:02 PM, on 11/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:trojandownloader:win32/zlob

Hello and Welcome to forums! My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.Please observe these rules while we work:I will be working on your Malware issues this may or may not solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machine.I f you don't know or understand something please don't hesitate to ask.Please DO NOT run any other tools or scans whilst I am helping you.It is important that you reply to this thread. Do not start a new topic.Absence of symptoms does not mean that everything is clear.NOTE: Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe

Read other 16 answers
RELEVANCY SCORE 103.6

Hey,Spywareblaster is updated. I updated and ran Ccleaner. I updated and ran Ad-aware 2007. I updated and ran Spybot Search&Destroy.Ad-aware finds it and "removes" it, but each time I scan again it's still coming back.Help, please.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:29:53 PM, on 2/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC... Read more

A:Win32.trojandownloader.zlob

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 1 answers
RELEVANCY SCORE 103.6

That comes up in Ad-Aware SE but wont remove after running it 5 times. Here is the hijack-this log file..Logfile of HijackThis v1.99.1Scan saved at 8:29:22 AM, on 4/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\Program Files\Video ActiveX Object\pmsnrr.exeC:\WINDOWS�... Read more

A:Win32.trojandownloader.zlob Plus Others?

Welcome to the BleepingComputer HijackThis forum James Heilman Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*************************************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.

Read other 10 answers
RELEVANCY SCORE 103.6

Hi I don't know if this applies to anyone here but my computer running windows vista become infected with this trojan, although my subscribed Zone alarm security suite was not offering information on removal I did find some complicated stuff about deleting registry enties but that only applied to trojan zlob, not zlob.zjj, although I since sourced the virus & removal was simple for me, so if anyone else using vista has this virus try this before considdering deleting any registry entries or even entering the registry, go to:

C:\Users\(your User name)\Appdata\Local\Temp\IXP000.TMP

Don't be fooled if this is present its a file folder although it's .TMP

Right click select open & delete the file from within the folder & then delete from your recycle bin.

Restart your computer & then an error message will appear saying Error creating process because it can't find the file,

once this is done don't click ok on the error message press ctrl alt delete, & start task manager & a programme process will be there called chk or check.exe right click this item process in the list & select open file location:

this is normally C\system.sav\checkPP2.exe - delete checkPP2.exe

restart the computer, there is normally a backup version of the virus executable or .exe file in a second location

once again you will see the error message saying Error creating process because it can't find the file

once again don't click ok repeat:... Read more

Read other answers
RELEVANCY SCORE 103.6

I have seen many threads on the site, and am so far unable to solve my problem. I clicked on a VideoCodec that I knew I shouldnt have and ended up with the Critical System Error popups "You have been infected with the Win32.TrojanDownloader.Zlob" I've run and updated Norton 360, Ad-Aware, Spybot S&D, and even downloaded and paid for Stopzilla none of which are catching this. It is affecting IE 7, but doesn't seem to affect Mozilla. My Windows media player will not work at all. Keeps saying log off windows log back on and start which does not work. Can anyone help?

A:Win32.TrojanDownloader.Zlob

Not sure about the Windows Media Player issue, but to receive help for malware removal, this is where to begin:

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 103.6

I got rid of the system alert thing but when I ran adaware se it picked up win32.trojandownloader.zlob

I can't get rid of this trojan, please help.

Logfile of HijackThis v1.99.1
Scan saved at 2:49:09 PM, on 12/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Pr... Read more

A:win32.trojandownloader.zlob

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

Read other 1 answers