Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Zlob


  • This topic is locked This topic is locked
7 replies to this topic

#1 twiztidjuggalo666

twiztidjuggalo666

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 02 July 2008 - 04:02 AM

so i was stupid and greedy (wanting free wii points because im too cheap to buy them) so i wanted a wii point keygen

turns out i was unlucky enough not only to come across a fake one but one that had trojan zlob
of course the file i downloaded wanst anything that looked like a keygen it was atnvrsinstall.exe

now my original feux pa escalated greatly since i actually ran it

now from the description wikipedia (the great knowledge base of the internet next to bleepingcomputer) it says "The trojan has also been linked to downloading atnvrsinstall.exe which uses the Windows Security shield icon to look as if it is and Anti Virus installation file from Microsoft. Having this file initiated can wreak havoc on computers and networks. One symptom is random computer shutdowns or reboots with random comments. This is cause by the programs using Scheduled Tasks to run a file called "zlberfker.exe"

thankfully i quickly reacted after i had realized my mistake (i didnt get to the symptom of random reboots thankfully) and ran AVG spybot and ad aware all at once wich slowed me down alot but it detected lots of stuff but the more i would delete theese errors they would keep coming back so finally i did a system restor wich luckely i had a checkpoint from 3 days ago (today is jul 2 08 3:01 am and the chekpoint was jun 30).

so as a warning to all greedy gullable people

if its illegal and looks shoddy it probbably is

oh and by the way AVG free, Spybot search and destroy and ad aware are the best three combinations a computer can have

and lastly i rule because i beat another virus :) :woot: :thumbsup: :flowers: :trumpet: :inlove:

BC AdBot (Login to Remove)

 


#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:07 AM

Posted 02 July 2008 - 06:13 AM

Hello twiztidjuggalo666,

Did you perform these scans in safe mode?
Have you made a HijackThis log just to check?
Have you scanned with a more competent anti virus product that AVG?
Just because the programs used say your system is free from infections doesn't mean that it is.

You say that you rule because you beat another virus... What other Viruses have you 'beat' and technically Zlob is a Trojan.
Regards,

Alan.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:07 AM

Posted 02 July 2008 - 10:33 AM

i was stupid and greedy (wanting free wii points because im too cheap to buy them) so i wanted a wii point keygen

Not only is the practice of using crack or keygen tools a security risk, it is considered illegal activity. If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 twiztidjuggalo666

twiztidjuggalo666
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 02 July 2008 - 02:06 PM

Hello twiztidjuggalo666,

Did you perform these scans in safe mode?
Have you made a HijackThis log just to check?
Have you scanned with a more competent anti virus product that AVG?
Just because the programs used say your system is free from infections doesn't mean that it is.

You say that you rule because you beat another virus... What other Viruses have you 'beat' and technically Zlob is a Trojan.


i didnt do any scan in safe mode ...i had a virus once that wouldnt let me even start up the computer to wich i had to reformat and reinstall windows so i didnt really want to do it in safe mode.

what is a hijack this log so i know what to do in the future.
i dont really have a more competant anti virus ive used norton but it actually caused my computer to crash once so ive stopped using it

well my programs said it was free but i could physically see all the popups and icons being created from the virus so i knew that it was still there so i did a system restore and it seems fine now since im not getting any of the fake notifications or icons or anything else

most recently ive gotten rid of trojan vundo but after i got it a second time it completely erased my hard drive redering my computer unusable and since hp computers have terrible tech support i had to pay 50 bucks for recovery cd's. i also got rid of another virus i remember on my windows ME computer there was a program in my startup folder that would make it that i couldnt get past login and i had to press ctr + alt + del and keep clicking on it and clicking end task until it was gone and i could get on and i had to do it every time i got on. ironically enough as i think about it now the virus i mentioned that made it very inconvienient to start the computer was also from a keygen.

#5 twiztidjuggalo666

twiztidjuggalo666
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 02 July 2008 - 02:07 PM

i was stupid and greedy (wanting free wii points because im too cheap to buy them) so i wanted a wii point keygen

Not only is the practice of using crack or keygen tools a security risk, it is considered illegal activity. If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.



exactly why im staying away from them from now on
and yes once i got a virus that did erase my hard drive forcing me to reformat and reinstall
it wasnt from a keygen or anything like that but the point still is is that viruses are bad

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:07 AM

Posted 02 July 2008 - 02:20 PM

what is a hijack this log so i know what to do in the future.

HijackThis is an advanced enumerator (similar in some respects to a registry editor) that is used to display certain areas of the Windows registry where the majority of malware reside. HijackThis will scan these areas of your system and then create a log to help diagnose the presence of undetected malware in known hiding places. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as loss of Internet connectivity or problems with your operating system which could preventing it from starting. Using HijackThis requires advanced knowledge about the Windows Operating System and relies on trained experts to interpret the log entries in order to determine what needs to be fixed.

Because HijackThis is a powerful tool that requires advanced knowledge about the Operating System and can cause system damage if incorrect instructions are given, only designated trained experts are allowed to help people with using HijackThis. This includes members of the HJT Team, HJT Senior Classmen, Moderators or Administrators.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid online gaming sites and peer-to-peer (P2P) or file sharing programs as they are a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans target and spread across P2P files sharing networks and gaming sites. In some instances the infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS. The best way to reduce the risk of infection is to avoid gaming sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:07 AM

Posted 02 July 2008 - 02:22 PM

You should follow the instructions in http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ Just to make sure the system is all clean. There are certain ways of removing different types of malware. the HJT team (HijackThis) will be able to make sure the system is ok.
Regards,

Alan.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:07 AM

Posted 02 July 2008 - 04:44 PM

I have moved your DSS/HijackThis log to the HijackThis Logs and Malware Removal forum as they are not permitted in this forum. Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users