Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help Please! I'm Infected With Zlob AND Vundo!grb!

  • This topic is locked This topic is locked
3 replies to this topic

#1 CrAngel98


  • Members
  • 5 posts
  • Local time:12:05 AM

Posted 06 March 2009 - 10:40 PM

I'm new to the forum as of last night. I made a post concerning these Trojans but haven't gotten a response from anyone yet, so this is my plea for some help please.

My Operating System is Windows XP Professional. (I receive automatic updates)
McAfee Anti Virus Full Suite and up to date. (Auto Updates)
SpyHunter Anti Spyware, just installed on 3/4/09
Spy Doctor, downloaded and installed 3/5/09

McAfee has detected and removed Trojan Vundo!grb countless times in the last week. That's where the problem first showed up. I don't think McAfee is getting rid of the thing. So I downloaded SpyHunter and with the first scan it detected 121 infections. Among them,Trojan Zlob! and the rest were the typical Double Click etc. After many scans SpyHunter got rid of all but 7 infections that it can't remove, 5 of the infections are Zlob. So, I downloaded SpyDoctor, ( I have used this in the past) ran the first scan and Zlob didn't show up but Trojan Virtumonde did! Thing is, McAfee Hasn't detected Zlob or Virtumonde. SpyHunter hasn't detected Vundo!grb or Virtumonde and SpyDoctor hasn't detected Vundo!grb or Zlob. SpyDoctor also found Backdoor.Bandok (I think that may have something to do with McAfee though not sure).

Now for symptoms, where do I start. Yesterday, I received many windows, one right after another that most of my startup programs encountered a problem and had to close. Same with Outlook and Firefox. When I was in Internet Explorer it opened a second I.E. browser behind it with anti virus advertisements.
McAfee is still detecting and deleting Vundo!grb. Today, if I restart the computer, McAfee is disabled. First time was no problem to Enable, second time errors wouldn't allow it to Enable. Didn't say anything else other than (Errors occured that wouldn't allow Anti Virus protection to Enable) Third time I was able to Enable without any problem.
Oh, and Word has been locking up for about a month now. Don't know if it's related. At times it takes several tries just to print an envelope. Program stops and won't do anything. I have to End Process and try again. Also, the computer sounds like it is working constantly internally over the last week, but not so much so as of today. I fear to think about what may be happening.

Things seem to be getting worse day by day. The Help Desk in the SpyHunter says that the Trojan is at the core of the system and that I need to use the repair option of the Windows XP Installation disk but, I'm not going to do anything until I hear from you guys. I've read some pretty amazing fixes in the forums over the last few days. I'm sure you hear this all the time, but please hurry!

Thanks So Much In Advance

BC AdBot (Login to Remove)


#2 CrAngel98

  • Topic Starter

  • Members
  • 5 posts
  • Local time:12:05 AM

Posted 07 March 2009 - 01:00 PM

I am trying to download the " DDS Tool" to gather the information needed but I don't get the same options shown after the first window. It skips figure 2 & 3 , goes to a download box, then a "RUN" option. If I click the "RUN" Notepad comes up with a lot of html. I know I probably doing something wrong so will try again. Auhh, where do I disable "Script Blocking" ?


#3 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:05 AM

Posted 07 March 2009 - 09:36 PM

Do not post that log in this forum

If you are running DDS to prepare a HJT log post and it does not run for you try this:

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.

After completing the HJT preparationGuide:
Post your log in the correct forum, here:
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,110 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:05 PM

Posted 09 March 2009 - 11:15 PM

Hello CrAngel98,

I see you were successful in running RSIT and have posted your topic here: http://www.bleepingcomputer.com/forums/t/209699/vundogrb-zlob-virtumonde-trojans/

Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users