System Error!

By Rasmey
Apr 6, 2008
Topic Status:
Not open for further replies.
  1. Whever I click on something on my computer, this messege appears:
    System error! Your system was infected by zlob trojan.
    It's very dangerous for your system (critical data can be lost)!
    Click OK to download the antimalware application to clean your hard disk!
    (Recommended)

    Then it just stand by automatically.

    I've attached the log from Hijackthis. Please help me get rid of it.

    Thanks,
    Rasmey
  2. kritius

    kritius TechSpot Guru Posts: 2,087

    Go to add/remove programs and unistall anything that looks like,
    WinIFixer


    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    O2 - BHO: Media Codec - {8B580E40-6B46-44C8-9E80-A5AD6E1D1035} - C:\WINDOWS\kiasys.dll
    O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost32.exe
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
    O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) - http://winifixer.com/tools/malwareremover.dll


    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Delete Files and Folders
    • Right Click on the start button and chose explore
    • Show all hidden files and folders, see how HERE
    • Navigate to the following files and folders and delete them(if still present)
    C:\WINDOWS\system\svchost32.exe<---------This File NOTE THE SPELLING
    C:\WINDOWS\System32\ctfmona.exe<---------This File NOTE THE SPELLING
    C:\Program Files\WinIFixer<---------This Folder
    • Empty the recycle bin.

    If that does not work then repeat the process in safe mode. See how to boot into Safe mode HERE.
    ***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***


    I need you to follow all the steps HERE and then post back with the three requested logs as attachments
    • AVG antispyware
    • ComboFix
    • Hijackthis (step 15)

    Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.