Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Zlob - Registry Entries


  • Please log in to reply
1 reply to this topic

#1 SandraD922

SandraD922

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 03 November 2008 - 01:02 PM

For a couple months my laptop reboots on its own. It happens if I am not working on it. Reviewing old logs it appears that Zlob attempted to install (or might have installed.) Working with another forum I've used every conceivable virus scan (MalWare Bytes, Norton, SpyBot, kaspersky, etc, etc!). BUT - it is still rebooting. :thumbsup:

I've done some web research and have been reading information about editing the registry. Yes, I know the risk! I am getting conflicting information from 2 web sites below:
THIS IS FROM SYMANTEC

Navigate to and delete the following registry entries:
o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\"uuid" = "86c29b2f-3389-418b-9b47-c2b09b6abc07"
o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"MSN Messenger" = "%System%\msmsgs.exe"
o HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\"wininet.dll" = "regperf.exe"
o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"notepad.exe" = "msmsgs.exe"

Restore the following registry entry to its previous value, if required:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe, msmsgs.exe"

THIS IS FROM SPYWAREREMOVE.COM:

Step 3 : Use Registry Editor to Remove Zlob Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Zlob" value, right-click on it and select the "Delete" option.
Locate and delete "Zlob" registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell=explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell=explorer.exe, msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe

NOW THE QUESTION:

First of all, I have none of the registry keys listed on the Symantec page that need to be deleted. Does the final "restore" line from Symantec suggest that that particular line in the registry should read exactly as it is shown? Mine is missing the part after the comma "msmsgs.exe" I hesitate to add that because if you look at the 2nd line in the information from the SPYWAREREMOVER web site - it says to delete that. AND, I wonder if it should be deleted in my registry because it's exactly the same as the 1st line listed from Spywareremover that needs to be deleted.

So, can someone who really knows what they're tawkin' about help me out, please? Thanks.

BC AdBot (Login to Remove)

 


#2 SandraD922

SandraD922
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 03 November 2008 - 01:10 PM

Hmmm.............I think I should have posted 2 folders down. Sorry, I imagine you'll move this if necessary. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users