Posted 22 December 2009 - 09:47 AM
Hello, I'm not a Forum person and never really asked for help on those but this time it's a must and I trust you guys to help me, please.
I'm not a noob but I never thought I could get a malware throuch ie although only using firefox...never thought that, I forgot to update ie itself. Long story short: I got me the zlob.trojan.
It began one week ago when annoying pop ups popped up. Also my default website on ie was now betfair or w/e
So I started searching and thanks to Spy Hunter he found out I'm infected with Zlob.Trojan and Zlob.Video
I started searching on the web and searched it manually in the registry. Weird is that I have no running processes of that trojan, just the zonemap registry edit which I deleted. I also blocked all websites that have to do with this trojan plus the new sites found in the zone map domain.
I also deleted the reg: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell explorer.exe but the trojan kept coming so I put the AutoRestartShell at 0 because I'm not sure what it does (yeah despereate move...)
I also deleted everything in ShellServiceObjectDelayLoad(that is unnecessary I know)
I used smidtfraudFix, combofix and malewarebytes too
Sadly my sbybot and avira didn't notice anything
Hitman Pro didn't find anything except one programm which I use and know it's safe.
I have both log files of smidtfraudfix and combofix and both posted on the website hijackthis.de and it found no threat.
Later spybot and avira found the win32.banker or dunno what it was called and deleted it (though I had to delete it in the recovery of spybot too since avira wasn't pleasent that it stores the win32 in a zip)
Now Spy Hunter says I have no infectin, all other programms find nothing, though I'm not sure if it comes back. Darn those trojans. I really don't want to clean install because I need the laptop 24/7 for work and home. That would be a bummer...