Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Zlob.Trojan help

  • Please log in to reply
No replies to this topic

#1 whysoserious


  • Members
  • 2 posts
  • Local time:07:47 PM

Posted 22 December 2009 - 09:47 AM

Hello, I'm not a Forum person and never really asked for help on those but this time it's a must and I trust you guys to help me, please.

I'm not a noob but I never thought I could get a malware throuch ie although only using firefox...never thought that, I forgot to update ie itself. Long story short: I got me the zlob.trojan.

It began one week ago when annoying pop ups popped up. Also my default website on ie was now betfair or w/e
So I started searching and thanks to Spy Hunter he found out I'm infected with Zlob.Trojan and Zlob.Video
I started searching on the web and searched it manually in the registry. Weird is that I have no running processes of that trojan, just the zonemap registry edit which I deleted. I also blocked all websites that have to do with this trojan plus the new sites found in the zone map domain.
I also deleted the reg: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell explorer.exe but the trojan kept coming so I put the AutoRestartShell at 0 because I'm not sure what it does (yeah despereate move...)
I also deleted everything in ShellServiceObjectDelayLoad(that is unnecessary I know)

I used smidtfraudFix, combofix and malewarebytes too
Sadly my sbybot and avira didn't notice anything
Hitman Pro didn't find anything except one programm which I use and know it's safe.
I have both log files of smidtfraudfix and combofix and both posted on the website hijackthis.de and it found no threat.

Later spybot and avira found the win32.banker or dunno what it was called and deleted it (though I had to delete it in the recovery of spybot too since avira wasn't pleasent that it stores the win32 in a zip)

Now Spy Hunter says I have no infectin, all other programms find nothing, though I'm not sure if it comes back. Darn those trojans. I really don't want to clean install because I need the laptop 24/7 for work and home. That would be a bummer...

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users