Trojan.Zlob.x.a

Status
Not open for further replies.
R

racefansuz

I am getting a popup "Your system is probably infected with latest version of trojan.zlob.x.a Full system optimization will greatly increase your computer's performance and prevent data loss."

I was half asleep when I got this and clicked on it and I think it went to download iedefender, but not sure.
 

Attachments

  • startuplist.txt
    7.5 KB · Views: 8
Hi racefansuz and welcome to TechSpot.:wave:

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.


This thread is for the use of racefansuz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Quick Fix!!!

I bet you tried to download a video decoder just before that started happening, right?

Here's the quick fix!
1. Restart in safe mode.
2. Delete the files sysdivx.dll (they are in two locations).
C:/windows\syswow64\sysdivx.dll
C:/windows\system32\sysdivx.dll
Or just do a search in the C:/windows directory and delete them that way.
3. Restart the PC.

BOOM! All gone!

Only took me two days to find that! Grrr~~

Dont download anything you dont trust!!
 
follow up on Trojan Zlob

I am sitting here staring at this disaster called a Trojan Zlob. I see so many options, have downloaded 3 antispy ware and only one of them detects it. It wants me to give them my credit card # to activate the delete..... seems kind of stupid since it's on the computer that's infected.

Is this simple safe start delete truly effective?

Any more feedback?

Thanks,
 
Perhaps following my instructions will help, you will never know if you don't try.
 
Just not sure since my entire business is wrapped up on this computer. If I trash it, i will be devistated as will my clients.

I've been down so many false roads today trying to deal with this, that I'm very nervous about one more.

Sorry for the doubt, but man.... this is spooky for me.

T
 
One more thing.... I read through your instructions, and not sure I can follow them. Pretty intense for this neophite. Was wondering if the simpler one from kureigu3 would work to. What are your thoughts on that? Are those critical files that need to remain on the computer?

T
 
I'm working on one of my staff's computers while the main computer does the Norton scan which doesn't seem to even realise there is a problem!

And.... please humor me, I'm an architect, and not sure what you mean by 'logs'.

let me know where to look and I can post them.
Thanks
 
So let me get this straight. You have a problem but wont follow instructions that will fix it.
Why are you asking for help if you wont take it?

Seems to me you have made a pointless post.
 
Because as I'm looking thru these posts.... there are 3-4 different solutions. One of them, yours, which seems incredibly intuitive and in depth scares the bejeebers out of me as I often try to follow these kinds of instructions and then something comes up on my computer that doesn't exactly match it. I have followed those kind of things by an 'assumption' before and bam.... lost the information. My loss of data would be so devistating that I would beg your understanding in my need to be sure of how and why it works to this rookie.

Imagine if you will, how you would feel if you were standing in a high rise, 3 contractors asking you how to place a 2 ton unit across the steel members and still maintain access to the mechanical systems. To me... not a big deal. I understand the process, to you (assuming you're not part of the industry) it might seem a little confusing until you understood the parts and pieces.

That's kind of how I'm feeling at the moment. Not that I'm not willing to take the advise, but I've downloaded to 'antivirus' softwares that have both been the wrong thing to do.... So, i'm a trying to understand it a little more rather than just 'shooting from the hip'.

That's all.....

so, of the posts, what is your thought on the one from Kureig3 (sp?)
 
You havent posted a HJT log so I very much doubt his fix will work for you as it was for the original poster!!!!!
 
Ah, ok. So, now I've printed out your 15 step process. is it possible to pull up yahoo messenger on my computer and work with you one on one in case I have any anomolies pop up in the process?
 
Im in the UK, its gone 4am and the process takes a few hours to complete.

Hundereds if not thousands have completed the process without problems before. The instructions are not quickly thrown together. Howard_Hopkinso spent many many hours researching every step then many many more hours trying to make them as easy to follow as possible.

If the information on your pc is so precious then you should back it up regularly as a matter of course.
 
My solution (deleting the files) worked for me. The filenames in your case may be different though. Another quick way is to search windows and system32 directories for the newest dll files (sort by date modified). The dates of the suspect files will probably be the same date your pop ups started appearing... You wont be able to delete them because the files are in use. Restart in safe mode to delete the files. After that I did a trend house call and it did a little more cleaning up too. I do not recommend downloading anything that you read on post that claims to fix your problem. Even if the website appears to be a trusted one. You stand a very good chance of just making the problem worse. If you are nevous about deleting vital files, just dont empty you recycle bin until you are sure its all better. ;) Hope that helps...
 
thanks kureigu3 thats exactly what happend to me and your solution worked perfectly and i was looking around for hours for a fix that went with my skill level
thanks again
 
This is making me laugh. What a tidy little piece of malware that is. Oh well if you don't mind a gaping hole in your security then I don't mind either. Did you get it out of the registry as well?

Here are a few of the known trojan.zlob.x.a HJT entries.
O2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dll
O2 - BHO: AlphaDivX - {3B236BEE-8200-421D-919D-CA17D5739D8F} - C:\WINDOWS\system32\aDivX.dll
O2 - BHO: BetaDivX - {48BF2BC0-2945-11D8-8CAC-00080FC65465} - C:\WINDOWS\system32\IR9V0_QCX.dll
O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\Windows\System32\bDivX.dll
O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll
O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll
O2 - BHO: IntelVideoCodec - {AF36E90A-44CA-4EE3-B578-C07383623217} - C:\Windows\System32\Video32.dll
O2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dll
O2 - BHO: Mp3 Video - {5DE176A4-B5FF-4D50-B084-E047526B8E97} - C:\WINDOWS\system32\VideoMP3.dll
O2 - BHO: Mp3 Video - {6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F} - C:\WINDOWS\system32\VideoMP3.dll
O2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dll
O2 - BHO: Mp3 Video - {9A1EF21C-B0D4-4EB0-894F-CBAE2F4D0A82} - C:\WINDOWS\system32\mp3avi.dll
O2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dll
O2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dll
O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dll
O2 - BHO: Video DivX 3.12 - {7A23A1E8-B2AB-4C50-AD12-9E19B747E17C} - C:\WINDOWS\system32\sysdivx.dll
O2 - BHO: Video DivX 3.12 - {F02B8C83-C817-4EA2-A499-29257DA0373A} - C:\WINDOWS\system32\sysdivx.dll
O2 - BHO: Video On-line - {032706C0-EB72-4DF0-ABF6-B89958D2A6CC} - C:\WINDOWS\system32\PowerVideo.dll
O2 - BHO: Video On-line - {323301C5-CB6B-490C-B59F-E7FAD4D69C93} - C:\WINDOWS\system32\PowerVideo.dll
O2 - BHO: Video On-line - {66D69CC1-5373-4730-AB8E-24D2AB7FF95F} - C:\WINDOWS\system32\PowerVideo.dll
O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll
O2 - BHO: Video On-line - {BD907325-42B2-4077-BA63-F636B627C998} - C:\Windows\System32\PowerVideo.dll
Click to expand...
 
Thank you all! I know this neophite rookie was a pest and appeared a scheptic, but believe me all the dialog helps give this issue a 3rd dimension (which is how my brain is wired). I was able to go in and download a spyware called "SpyHunter". It came up with a total of 37 associated parasites specific to the Zlob trojan. After I cleaned it up, it's running like a dream. The SpyHunter is a little consuming of the power as it learns what is allowed and what isn't, but I anticipate that will smooth out as it learns how the computer is set up.

Seriously, as I pestered all of you, I understood little by little of what each of you said, put the pieces together, took a look at how this worked. So, Rik, as petty as you thought my brain was working, your information went to assist. Patience my friend. We all learn at different rates, and in different ways. You have such a wealth of knowledge. Don't be so quick to dismiss anothers abilities. and yes.... I back up my information every 2 hours. The entire system, the entire office, and in case one of the computers goes down, we can upload an exact image of it on the new hard drive and be back up and running. But when you have contractors standing in the field eating up thousands of dollars an hour, you can't afford the 2 days of down time it takes to get your system back up and running.

Literally, I have an office in my home. 3 design staff working for me and when something that was written to piss Microsoft off kills my work, costs me.... soccer mom/architect/small business person thousands of dollars, I question just who they are thinking they are affecting. Small minds I guess. If any of them out there are reading this.... give us small people a break huh?! I would much rather be able to put new tires on my car for the safety of the family and others than paying hundreds of dollars in virus and spyware. Guess that's what makes Nortons a hit on the stock exchange huh?!

Anyway, thanks again to all of you. I'm back up and running :)
 
Temple,

you should be more scared of the malware that you didn't catch and what somebody could have access to. Passwords, bank account information. I would seriously suggest that you follow the links that Rik posted. Clean your system the correct way. No one anti spyware program is going to fix you up.
 
Temple rik has tried to help you and if you wish to not follow his instructions then fair enough. Just because your system is running fine - doesn't mean there isn't a backdoortrojan lurking.

As for Norton - it creates more problems than it solves.

Regards Jason :)
 
At the very least, an HJT log will show any remaining malware that may well still be on the system.

None of us get paid for what we do here on TS, we do it because we want to help people out. There is no other ulterior motive at play here.

Of the hundreds of malware problems I have seen here on TS, not one was fixed by just 1 program.
 
Hi there all... ok, just wanted to follow up with a couple things....

1. EVERYONE, please understand, I truly appreciate all your input. Paid or unpaid, I perhaps haven't expressed how relieved I am to actually have people know what they are talking about!!!

2. I went back thru the computer this evening, and did a search on all those files mentioned in evilfantasy's post. None of those are on my computer, back up drive or any other peripherals floating around. I search by name, and by date and also by type of file. 3 way search and it came up with nothing to match those files. That list was quite helpful.

3. I have printed out all the 15 steps for myself and am forwarding the link to this post (& the 15 step process) to my IT person so he can remote into the system tomorrow and follow up on that for me. Because honestly... it scares the snot out of me. I am 100% confident that given the chance.... I'll screw it up.

4. In an effort to actually add something to the common knowledge, this is the site I went to with a local friend here and where we came up with the solution. Maybe I can be of help in my own feeble way.

http://www.trojan-zlob-removal.com.removal-instructions.com/removetrojan.zlob.html

I will continue to be diligent as you have all warned me in regards to this thing 'morphing' into something else. I continue to read the various tech bulletins and compare it to what you have discussed here.

Thank you all again for your assistance. I assure you I DID take your advise.
 
Status
Not open for further replies.

Similar threads

AnilD
Instagram is not loading on any desktop browser - here's a fix
Replies
0
Views
2K
AnilD
AnilD
B
Application Optimization in 14th-gen Intel Core processors can boost gaming performance...
Replies
17
Views
654
Burty117
Burty117
Z
Can Snapdragon X Elite finally make Windows on Arm a gaming champ? Qualcomm thinks so
Replies
10
Views
242
VariableSpike
VariableSpike

Latest posts

Back