Infected with Trojan.Zlob.x-a

By sal1000
Dec 8, 2007
  1. I have a Trojan-Zlob.X-a, I am using Firefox instead of IE, scanned with Panda rootkits and did not found anything, also scanned with AVG7.5 and and AVG antirootkit and did not found anything during the scan, when the antivirus was active it detected a trojan horse generic7.NGD, and also program TCPSVCS.exe that is trying to connect to a site in the web. Posting HJT logs. Please advice.
  2. evilfantasy

    evilfantasy Banned Posts: 428

    You are running two antivirus which is unnecessary. Pick one and uninstall the other.

    Open HijackThis and select Do a system scan only and place a check mare next to.

    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll (file missing)
    O2 - BHO: Video DivX 3.12 - {7A23A1E8-B2AB-4C50-AD12-9E19B747E17C} - C:\WINDOWS\SYSTEM32\sysdivx.dll (file missing)

    Close all windows except for HijackThis and click Fix checked.

    TCPSVCS.exe is a legitimate Windows process.

    Please download Combofix by sUBs from either here or here

    Save Combofix.exe to your your Desktop.

    1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
    2. When finished, it will produce a log for you.
    3. Attach that log in your next reply.

    Do not mouseclick combofix's window while it's running. That may cause your computer to stall
  3. sal1000

    sal1000 TS Rookie Topic Starter

    Instructions done

    I scaned my computer with HJT and check the files that you instructed, scaned with combofix and I am attaching log file. Please advice next step.
  4. evilfantasy

    evilfantasy Banned Posts: 428

    The log looks fine.

    Go to Start > Run and copy and paste next command in the field:

    ComboFix /u


    Make sure there's a space between Combofix and /
    Then hit Enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

    You need to update to SP2
  5. sal1000

    sal1000 TS Rookie Topic Starter


    Thanks for the help, I dont get the pop ups anymore, and Google searches are not re-directed to porno sites. One question how safe is my computer, does the Trojan is completly erased or it can be dormant in a hiden file around the computer?

    Thanks for the help
  6. evilfantasy

    evilfantasy Banned Posts: 428

    Some can be dormant. But it isn't there as far as I could see.

    You are not safe at all until upgrading to SP2.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...