My Trojan.zlob-X.a problem

[q-jet]

Hello! My sister called me last night stating she was getting a box that popped up with the message that "Your system is probably infected with latest version of trojan.zlob.x.a Full system optimization will greatly increase your computer's performance and prevent data loss." She is running Vista Home Basic and I'll be trying to help her in these next few days.

The first thing I tried last night was from the website listed below and I found none of the things listed. Is it possible to get the above message without actually having the virus?

http://www.pcontech.com/spyware/remove/trojan.zlob-remove.htm

It will be a couple of days until I can get to her computer and start working with it, but I figured I might as well start with this.

 

[TearsInHvn]

Another post

Here is another post about the same virus.

https://www.techspot.com/vb/topic92808.html

Thought it might help!

 

[q-jet]

Thanks! I've looked over that last night as well, and figured if I get to the point of needing to post some log files, the I would have this post started already.

 

[Jase123]

Hello and welcome to Techspot. :wave:

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Jason

This thread is for the use of q-jet ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.

 

[q-jet]

Ok, I now have the computer. I was trying to see if I could get the message that my sister was getting and in doing so (which involved connecting to the internet, I know, probably not smart) AVG popped up a Threat Detected box. The message is as follows:

While opening file: C:\\Windows\System32\sysdivx.dll
Trojan horse Downloader.Generic6.XFD

Just wondering if this is part of my problem or something else. Disconnected from the internet promptly. What should I do with the threat - heal or move to vault?

Also in deciding whether to clean or format, my sister did access their bank account online. According to the thread I should reformat. Does anyone have any advice for me on what to do? Thanks!

 

[momok]

I would advise you to follow the instructions to contacting the relevant authorities and people as given by the thread you read, as well as a format to be sure your system is absolutely clean.

You may wish to clean your system; in that case we will try to do our best, but we cannot guarantee the security of your personal/sensitive passwords and other information.

That file is dangerous; I would move that file to vault, then follow up by deleting all files in the vault.

Regards,
momok =)

 

[q-jet]

I was favoring a format as well. So that's the next thing I'll be looking into. Thanks again!

 

[caravel]

I'm pretty sure SmitFraud gets rid of most of the zlob trojans.

 

[Jase123]

Yes - but as momok said we cannot be sure about his personal information.

If he wishes to clean his system - then I will do my best to get it clean - but he could get another attack soon as he connects back to the internet.

Regards Jason

 

[q-jet]

The only disk I have is the Anytime Upgrade disk. Could someone point me in the right direction for steps to follow to reformat and reinstall Vista. Thanks!