I loaned my laptop to a friend for a few days. Afterwards it wasn't running right and before long I got all sorts of popups, virus alerts, and other quirky things going on. I started working on it a few days ago but it's giving me a good fight.
When I first started I couldn't even access the internet, now that's fixed.
McAfee was completely disabled -- the resident protection was off and would not turn on, it would not scan or update either. I removed it completely and replaced it with the free version of AVG 8.
I have followed the 8 steps, with the exception of running HijackThis. I have used this program successfully in the past but not since this infection occurred because I read that some versions of Vundo (Virtumonde) will cause a complete system crash if you go into Safe Mode after running HijackThis... since I am not sure that Vundo has been completely removed yet and since I am switching in and out of Safe Mode, I am concerned about using HijackThis. Any suggestions?
In the course of the past three days, various tools have said that I'm infected with: InternetGameBox, Vundo, Downloader, Downloader.Zlob, spoolsv.exe, several "unclassified" trojans, FakeAlert, Generic12, a CoolWeb variant, and HackTool.
What I've already done:
* AVG -- two full scans. Finds stuff but doesn't fix it (log below).
* Sophos AntiRootkit -- found stuff but I don't know what good it did. It has a very simple interface and I can't find any evidence of a log that I could post here.
* SmitfraudFix -- I've run this several times per the instructions (performing the cleaning step in safe mode) and it appears to always find something but I can't tell what, if anything, that it's actually helping to eliminate
* VundoFix -- identified several items then nothing on the 2nd or 3rd scan, but vundo has appeared in other scan tools used since
* CWShredder -- found one item originally, nothing in subsequent scans
* CCleaner -- ran it several times, it now comes back with a clean analysis
* Malwarebytes -- ran full scan 3 times, in both normal and safe mode. It found a bunch of things the 1st time but nothing since
* SUPERAntiSpyware -- found several items the first scan, a few more the second scan, nothing since
Continuing Issues:
AVG gives me popup warnings every few minutes about an infection of downloader.Zlob in C:\windows\system32\mswsock32.dll -- clicking "heal" or "move to vault" does nothing, it just pops up again later. Running a full, updated scan on AVG hasn't helped. It finds things but it's clearly not fixing them.
I am having a major problem with Firefox -- clicking on links or buttons doesn't work, even after a reinstall. Also, my desktop background and start page on IE have changed several times.
Spybot isn't working. I have ran this several times but after the scan is complete it locks up and won't proceed to the "fix" screen. I end up having to reboot. I've tried reinstalling, updating, and running in normal and safe mode with the same results.
I can't disable my network connection. It says "It is not possible to disable the connection at this time". I've tried repairing the connection, flashing the registry settings, and manipulating the administrator privileges but nothing has fixed this.
The computer is running very slow and at times it seems like the harddrive is being accessed constantly although I cannot find anything running.
***I'm not sure what logs to post because everything is coming back clean, with the exception of AVG.***
Results of the latest AVG scan, 3 entries:
- - - - -
File: C:\windows\system32\mswsock32.dll
Infection: Trojan Horse Downloader.Zlob_r.EQ
Result: Infected
File: C:\windows\system32\mswsock32.dll
Infection: Trojan Horse Downloader.Zlob_r.EQ
Result: Moved to Virus Vault
File: C:\windows\system32\svchost.exe (1224)
Infection: Trojan Horse Downloader.Zlob_r.EQ
Result: Reboot is required to finish the action
- - - - -
Of course I rebooted but when Windows loaded I immediately got another popup from AVG about a downloader.zlob infection.
Any help would be gratefully appreciated!
When I first started I couldn't even access the internet, now that's fixed.
McAfee was completely disabled -- the resident protection was off and would not turn on, it would not scan or update either. I removed it completely and replaced it with the free version of AVG 8.
I have followed the 8 steps, with the exception of running HijackThis. I have used this program successfully in the past but not since this infection occurred because I read that some versions of Vundo (Virtumonde) will cause a complete system crash if you go into Safe Mode after running HijackThis... since I am not sure that Vundo has been completely removed yet and since I am switching in and out of Safe Mode, I am concerned about using HijackThis. Any suggestions?
In the course of the past three days, various tools have said that I'm infected with: InternetGameBox, Vundo, Downloader, Downloader.Zlob, spoolsv.exe, several "unclassified" trojans, FakeAlert, Generic12, a CoolWeb variant, and HackTool.
What I've already done:
* AVG -- two full scans. Finds stuff but doesn't fix it (log below).
* Sophos AntiRootkit -- found stuff but I don't know what good it did. It has a very simple interface and I can't find any evidence of a log that I could post here.
* SmitfraudFix -- I've run this several times per the instructions (performing the cleaning step in safe mode) and it appears to always find something but I can't tell what, if anything, that it's actually helping to eliminate
* VundoFix -- identified several items then nothing on the 2nd or 3rd scan, but vundo has appeared in other scan tools used since
* CWShredder -- found one item originally, nothing in subsequent scans
* CCleaner -- ran it several times, it now comes back with a clean analysis
* Malwarebytes -- ran full scan 3 times, in both normal and safe mode. It found a bunch of things the 1st time but nothing since
* SUPERAntiSpyware -- found several items the first scan, a few more the second scan, nothing since
Continuing Issues:
AVG gives me popup warnings every few minutes about an infection of downloader.Zlob in C:\windows\system32\mswsock32.dll -- clicking "heal" or "move to vault" does nothing, it just pops up again later. Running a full, updated scan on AVG hasn't helped. It finds things but it's clearly not fixing them.
I am having a major problem with Firefox -- clicking on links or buttons doesn't work, even after a reinstall. Also, my desktop background and start page on IE have changed several times.
Spybot isn't working. I have ran this several times but after the scan is complete it locks up and won't proceed to the "fix" screen. I end up having to reboot. I've tried reinstalling, updating, and running in normal and safe mode with the same results.
I can't disable my network connection. It says "It is not possible to disable the connection at this time". I've tried repairing the connection, flashing the registry settings, and manipulating the administrator privileges but nothing has fixed this.
The computer is running very slow and at times it seems like the harddrive is being accessed constantly although I cannot find anything running.
***I'm not sure what logs to post because everything is coming back clean, with the exception of AVG.***
Results of the latest AVG scan, 3 entries:
- - - - -
File: C:\windows\system32\mswsock32.dll
Infection: Trojan Horse Downloader.Zlob_r.EQ
Result: Infected
File: C:\windows\system32\mswsock32.dll
Infection: Trojan Horse Downloader.Zlob_r.EQ
Result: Moved to Virus Vault
File: C:\windows\system32\svchost.exe (1224)
Infection: Trojan Horse Downloader.Zlob_r.EQ
Result: Reboot is required to finish the action
- - - - -
Of course I rebooted but when Windows loaded I immediately got another popup from AVG about a downloader.zlob infection.
Any help would be gratefully appreciated!
