Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've Got A Trojan Help!


  • This topic is locked This topic is locked
21 replies to this topic

#1 Martinx

Martinx

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 01 October 2007 - 03:55 PM

Hey i got a trojan TrojanDownloader.Zlob.Bem.I got the NOD32 log here it is:

C:\System Volume Information\_restore{F564CF38-46F4-4B16-950A-DC66B67AAF6C}\RP51\A0010689.exe »NSIS »cup.dll - Win32/TrojanDownloader.Zlob.BEM trojan
Is this dangerous?How can i remove it?I think i haven't noticed but nothing is wrong with my computer....for now...help plz...

And i turned off System Restore...i think i needed to do that and i did...

And i saw that Zlob topic...i don't have that Antivirgear thing...

Edited by Martinx, 01 October 2007 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:04 AM

Posted 01 October 2007 - 06:02 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/
Let us know what it finds.

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Edited by buddy215, 01 October 2007 - 06:05 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:04 AM

Posted 01 October 2007 - 10:09 PM

The System Volume Information Folder (SVI) is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state.

Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive a message that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it.

There are some folks who advocate turning off System Restore when scanning their systems for malware. This is not advisable because there is always a possibility of something going wrong during the malware removal process and you end up with system problems. Without a restore point to fall back on, your then stuck with a limited means of restoring your system such as a Repair Install or Reformat. Although System Restore is not 100% guaranteed to work all the time, at least it gives you another option. When the system is clean, then you can create a new Restore Point and purge the old ones to prevent accidental re-infection.

Since there was evidence of the Trojan Zlob on your system, there may be more related malware files that your scans have not found. I suggest you print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions)
If you have downloaded SmitfraudFix previously please delete that version and download it again as the tool is frequently updated!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Martinx

Martinx
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 02 October 2007 - 05:56 AM

So should i turn on System Restore?I'll do that smitfraud thing...

#5 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:04 AM

Posted 02 October 2007 - 06:09 AM

Don't turn system restore back on until you are malware free. Super Antispyware will find and remove the Zlob trojan if it is still on your computer. It will also find and remove other malware that usually comes with the Smitfraud infection.
That is why I recommended SAS instead of the Smitfraudfix which will remove your background if you are not infected.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Martinx

Martinx
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 02 October 2007 - 11:59 AM

Will NOD32 and Superantispyware fight like if i install another antivirus like NOD and Kaspersky?I don't think so because NOD32 is an antivirus and Superantispyware is an antispyware program...

Edited by Martinx, 02 October 2007 - 11:59 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:04 AM

Posted 02 October 2007 - 12:10 PM

You are correct. There should be no conflicts between NOD32 and Superantispyware. I use them both myself.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Martinx

Martinx
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 02 October 2007 - 01:00 PM

Ok,i did that Superantispyware scan in safe mode and here is what it found:

Adware.MyWebSearh | Detected Items | 33

Adware.Tracking Cookie | Detected Items | 9

Adware.WhenU | Detected Items | 4

Trojan.Downloader-Gen/Suspicious | Detected Items | 2




So what do i do now?Should i turn System Restore on?Should i try that smitfraud thing?What do i do?Do i still have the Trojan?

#9 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:04 AM

Posted 02 October 2007 - 01:50 PM

SAS did successfully quarantine or remove what it found--right?

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. During install you will be offered the Yahoo Toolbar--If you don't want it , be sure to uncheck. http://www.ccleaner.com/

Hard to believe you were NOT getting popups, search redirects,etc. considering the malware that SAS found.
You should run another scan to double check Nod32. Use the one below.
Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

What other security programs do you have installed on your computer? Do you have Spyware Blaster?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Martinx

Martinx
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 02 October 2007 - 01:55 PM

I just got NOD32 and Superantispyware...i'll be sure to run an in-depth analysis again with the Nod and that Ccleaner and Bitdefender thing...write if u got more info and wanna tell me something else...

#11 Martinx

Martinx
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 02 October 2007 - 02:11 PM

Ok,so i ran an in-depth analysis and the trojan Zlob is no more there...so is it gone?Am i safe?Should i still download ccleaner and bitdefender?

Edited by Martinx, 02 October 2007 - 02:11 PM.


#12 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:04 AM

Posted 02 October 2007 - 02:27 PM

YES
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Martinx

Martinx
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 02 October 2007 - 02:35 PM

Yes to is it gone and am i safe or yes to ccleaner and bitdefender?

And should i turn system restore on now?

Edited by Martinx, 02 October 2007 - 02:36 PM.


#14 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:04 AM

Posted 02 October 2007 - 03:13 PM

Yes to Ccleaner and Bit Defender Scan.
After that if you have no reason to suspect malware, reset system restore.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Martinx

Martinx
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Macedonia
  • Local time:08:04 AM

Posted 02 October 2007 - 03:28 PM

In reset you mean turn on or something else?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users