Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Trojan Downloader.zlob

  • Please log in to reply
2 replies to this topic

#1 miss bliss

miss bliss

  • Members
  • 2 posts
  • Local time:07:13 AM

Posted 02 May 2006 - 08:38 PM

Hello! I will first say I am Not Terribly Computer Literate. That said, I have been infected with the Trojan Downloader.Zlob Virus. Apparently it can be a Falcon or Axe varient. I do not know which one I have. I have done all the things you have reccomended, to no avail. I also bought Spyware Doctor Software because my infections were multiplying before my eyes and I got a little freaked. It has removed so far over 600 infections, and everytime I scan more infections are found.
Do you think this Spyware Doctor is at all usefull?
Can you help me???

BC AdBot (Login to Remove)



#2 miss bliss

miss bliss
  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:13 AM

Posted 02 May 2006 - 09:02 PM

Just thought I'd add my newest scan results...maybe helpful? It seems to never really get rid of the actual Trojan Downloader.

Spyware Doctor Activity Report
Generated on 5/2/2006 6:47:29 PM Spyware Doctor Homepage PC Tools Homepage Technical Support

Scans (basic information only):

Scan Results:
scan start: 5/2/2006 6:48:04 PM
scan stop: 5/2/2006 6:53:43 PM
scanned items: 66670
found items: 28
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
Trojan.Popuper iexplore.exe (C:\WINDOWS\system32\hpD76D.tmp) High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta## High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{b0398eca-0bcd-4645-8261-5e9dc70248d0} High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{b0398eca-0bcd-4645-8261-5e9dc70248d0}## High
Trojan.Popuper HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run##wininet.dll High
SpywareNo C:\Documents and Settings\user\Cookies\user@www.spytrooper[1].txt High
Trojan.Popuper C:\WINDOWS\system32\hpD76D.tmp High
Trojan.Downloader.Zlob.GEN C:\WINDOWS\system32\ld6159.tmp High
Trojan.Popuper HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0} High
Trojan.Popuper HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}## High
Trojan.Popuper HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32 High
Trojan.Popuper HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32## High
Trojan.Popuper HKCR\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32##ThreadingModel High
Trojan.Popuper HKLM\Software\Classes\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0} High
Trojan.Popuper HKLM\Software\Classes\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}## High
Trojan.Popuper HKLM\Software\Classes\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32 High
Trojan.Popuper HKLM\Software\Classes\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32## High
Trojan.Popuper HKLM\Software\Classes\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\InprocServer32##ThreadingModel High
Trojan.Popuper HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0398eca-0bcd-4645-8261-5e9dc70248d0} High
Trojan.Popuper HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0398eca-0bcd-4645-8261-5e9dc70248d0}## High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0398eca-0bcd-4645-8261-5e9dc70248d0} High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0398eca-0bcd-4645-8261-5e9dc70248d0}## High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\iexplore High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\iexplore## High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\iexplore##Type High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\iexplore##Count High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0398eca-0bcd-4645-8261-5e9dc70248d0}\iexplore##Time High

Other Sections:

Copyright ? 2003 PC Tools Research Pty Ltd. All rights reserved. Legal Notice


Click to go back

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,715 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:13 AM

Posted 03 May 2006 - 08:23 AM

Hello miss bliss,

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download and install Ewido Anti-Malware v3.5. DO NOT perform a scan yet..
Print out the Ewido Install and Scan Instructions.

Go here and follow the instructions for using SmitfraudFix by S!Ri.
After using the tool reboot again in "SAFE MODE" and

Clean out your Temporary Internet files as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Then perform a scan with Ewido and reboot back to normal mode.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users