Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
i got a trojan zlob that everytime my antispyware program says its gone, it just comes back... i've tried a bunch of diff. antispyware programs but it doesnt seem to work. i dont know much about computers.... should i just call geek squad??
Run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it when you post the Hijack This log.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload killbox to your desktop from this link Killbox We will need it later in safe mode
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0 
MichaelH, jabuck offers good advice, but there's also another alternative that will kill zlob fer ya.
Download and run Spybot S/d if you haven't already. It's Freeware, 2.5MB Go to security.kolla.de
AdAwareSE is good also, and also SpywareBlaster.
All 3 are freeware, so load up on security and one of them will catch it.
If that doesn't do it, then it's regedit fer you my son, and good luck to ya!
Spyware Leeches Must Grimly Die in Horrible, Painful Suffering...
0
i really dont know what i'm doing with it. i've tried spybot s&d, adaware, microsoft antispyware, a few diff. online scans, pskill, smitrem....
the other issue is (somewhat non related), with a newborn at home, i dont have all the time in the world to futz around with the PC.
thanks for the help!
0
info:
http://www.symantec.com/avcenter/venc/data/trojan.zlob.b.htmlhave you tried scanning in safe mode?,
turn off system restore, if on,
restart using (F8), scan for viruses ans spyware again,
empty temp folders,
empty temporary intenet files folder,
delete trash bin,if needed, manually move bad files to trash,
0
Yes... I did a whole massive system scan in safe mode, with system restore off, emptied all folders, posted a HJT log on onother website, deleted everything they told me to, installed zonealarm and avg antivirus and that massive system scan found the trojan and said it was deleted, but then when i did a scan with microsoft antispyware, it said it was still there.....should i just call geek squad, pay the $99 and be done?!? i'm so confuseD!
0
Sounds like you want to pay the 99 bucks, by all means go ahead.
Or you could try response #1 and get it done for free. There are no dumb questions, some are just easier to answer.
0
haha, ok, so its not gone... i did a panda scan, i downloaded those two programs and i ran hijack this... below are my panda results and my hijack this results... i haven't gone into safe mode yet to run those two programs... jabuck, help me out!
MH
Incident Status LocationAdware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\interf.tlb
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Ssk.log
Potentially unwanted tool:application/malwarewipe Not disinfected C:\PROGRAM FILES\MalwareWipe
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MySearch
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Cookies\michael@as-us.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.go.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.atwola.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[www48.seeq.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.target.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\zdz1grhh.default\cookies.txt[]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2fe5a879-3cd5b57b.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2fe5a879-3cd5b57b.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2fe5a879-3cd5b57b.zip[VerifierBug.class]
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2fe5a879-3cd5b57b.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2fe5a879-3cd5b57b.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2fe5a879-3cd5b57b.zip[Xeyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-3f1991e2-7d74edff.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-3f1991e2-7d74edff.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-3f1991e2-7d74edff.zip[VerifierBug.class]
Virus:Trj/LowZones.RI Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-3f1991e2-7d74edff.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-3f1991e2-7d74edff.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-3f1991e2-7d74edff.zip[Xeyond.class]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Cookies\michael@as-us.falkag[1].txt
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\Michael\My Documents\KazaaLite\bdcore.dll
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\Michael\My Documents\PsKill.zip[pskill.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\My Documents\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\My Documents\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\pskill.exe Logfile of HijackThis v1.99.1
Scan saved at 10:30:24 AM, on 4/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1132233246\ee\AOLHostManager.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1132233246\ee\AOLServiceHost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\program files\common files\aol\1132233246\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\Michael\My Documents\hijackthis\HijackThis.exeO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132233246\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Go to start>control panel>double click java>click delete files>check all three boxes>ok.
Next go to control panel>add/remove programs and uninstall these programs if found:
MalwareWipe (Rogue spyware program, very aggressive)
MySearch
surfsidekick
If you haven't already download ATF-Cleaner and Killbox as suggested in response #1
Next follow these directions to reboot into safe mode Safe Mode
Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.From safe mode go to control panel>internet options and:<BR<clear history>yes
delete cookies>ok
delete files>check the box to delete offline content>ok. Exit.Run Ewido from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Start Killbox place a tick next to [x]Delete on reboot "Press the All Files button"
Copy this whole list into the windows clipboard, all the bolded file paths below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\SYSTEM32\interf.tlb
Next in Killbox go to File > Paste from clipboard
"Click on the All Files button."
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot. If you get an error shutdown the computer manually by pressing the start button and holding it down until the computer shuts down.Post the Ewido log and a new Panda scan log.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
