Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.downloader.zlob.ie


  • Please log in to reply
9 replies to this topic

#1 beakerr

beakerr

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 01 May 2006 - 09:07 PM

hERE IS my bit defender online scanner report. Does anyone know what this is and how do i get rid of it?


BitDefender Online Scanner



Scan report generated at: Mon, May 01, 2006 - 17:54:43





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
00:29:33

Files
206370

Folders
2912

Boot Sectors
2

Archives
6935

Packed Files
10963




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
372953

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Infected with: Trojan.Downloader.Zlob.IE

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Disinfection failed

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Deleted

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)
Update failed

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:58 AM

Posted 02 May 2006 - 07:49 AM

Download and install Ewido Anti-Malware v3.5. DO NOT perform a scan yet..
Print out the Ewido Install and Scan Instructions.

Go here and follow the instructions for using SmitfraudFix by S!Ri.
After using the tool reboot again in "SAFE MODE" and perform a scan with Ewido..
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 beakerr

beakerr
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 May 2006 - 10:04 AM

Thanks for responding quietman7! I ran smitfraudFix than did ewido (which i already had)in safe mode and saved a log to my desktop. I restarted and came here to post but my log is gone. It only came up with tracking cookies. Do I need to repeat that scan? Should I still be in safe mode? please advise. beakerr

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:58 AM

Posted 02 May 2006 - 10:10 AM

Ewido saves its reports in Program Files > ewido anti-malware > Reports. No need to rescan if it only found tracking cookies.

If there are no signs of the trojan left, you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any trojans or malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 beakerr

beakerr
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 May 2006 - 10:17 AM

Hey thanks a lot ! btw is your handel from the John Wayne movie "The Quietman" ? I'm a BIG Duke fan, think "The Searchers" may be my fav but not sure. beakerr

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:58 AM

Posted 02 May 2006 - 10:25 AM

Your welcome.

btw is your handel from the John Wayne movie "The Quietman" ?

Yes it is.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 beakerr

beakerr
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 May 2006 - 03:36 PM

Uh Oh I'm afraid it's still there! Bit Defender picked it up again so I went through the instructions you gave me a second time and it's still there, though ewido is not finding it. I am getting loads of critical objects(tracking cookies) in ad-aware which is not normal for me. please advise. Also here is my smitfraudfix log, below that is my new Bit Defender log which indicate the Trojan.


SmitFraudFix v2.37

Scan done at 11:52:42.96, Tue 05/02/2006
Run from C:\Documents and Settings\Owner\Desktop\\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!! Attention, follow keys are not inevitably infected !!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Scanning wininet.dll infection


End

NEXT LOG


BitDefender Online Scanner



Scan report generated at: Tue, May 02, 2006 - 11:47:48





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
00:30:50

Files
212012

Folders
2978

Boot Sectors
2

Archives
6973

Packed Files
11415




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
373033

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Infected with: Trojan.Downloader.Zlob.IE

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Disinfection failed

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)=>lzma_nsis0007
Deleted

C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP57\A0010299.exe=>(NSIS o)
Update failed

Edited by beakerr, 02 May 2006 - 03:48 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:58 AM

Posted 02 May 2006 - 04:22 PM

Its still hiding in system restore so lets purge everything as follows:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Check the box that says "Turn off System Restore on all drives" and select "Apply".
3. Click "Yes" when you are prompted to restart the computer.
4. To re-enable System Restore after reboot, repeat these steps but this time uncheck "Turn off System Restore on all drives", select "OK" and then reboot your computer.

Detailed Instructions for XP if you need them.

After you complete the above, run your BitDefender scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 beakerr

beakerr
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 02 May 2006 - 05:21 PM

YAY! Bit defender gave me a clean bill of health. So now I should turn sys res back on and create a restore point?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:58 AM

Posted 02 May 2006 - 06:04 PM

Yes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users