Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot scan stopped at Zlob.ZipCodec downloaded files...


  • This topic is locked This topic is locked
17 replies to this topic

#1 Nanaki

Nanaki

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 26 January 2016 - 07:00 AM

Hello good afternoon everyone.

 

Dont know where to post this.

 

But need your help with this issue that I am having. I had no problem with this program for years then suddenly I came across this problem. Spybot version is 2.4 and Window 10.

I have been scanned my computer few times and as above on the title stated and its stuck and possibly hangs at same end! I've tried to stop the scan but it is taking a while for it to stop or I shut that down.

Can you help?

Many thanks



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 AM

Posted 27 January 2016 - 11:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

 

Spybot scan stopped at Zlob.ZipCodec


You are not alone.
This is to open topic at the Spybot forum.
https://forums.spybot.info/showthread.php?73058-No-possibility-to-remove-Zlob-ZipCodec-via-Spybot

Members are still waiting for an answer.
===

For the time being I suggest you disable Spybot and Destroy.

If that fails remove the programs using the Control Panel > Programs and features applet.

You can reinstall the application later when the solution has been found.

===

If you want me to check further run this tool and post the logs.
I will see if any unwanted programs are installed.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 27 January 2016 - 11:58 AM

Hello Nasdaq.

 

Yeah I have noticed lots of people are awaiting for a solution for that problem.

 

I will take this further with your help to run checks to see if any unwanted programs installed etc.

 

Will post back with the logs.

 

Thanks.



#4 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 27 January 2016 - 12:03 PM

Ran it and done.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 AM

Posted 27 January 2016 - 03:37 PM




Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-2216729255-3084186855-3586629599-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2216729255-3084186855-3586629599-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2216729255-3084186855-3586629599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2216729255-3084186855-3586629599-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2216729255-3084186855-3586629599-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2216729255-3084186855-3586629599-1001 -> {C9781A29-684A-4801-AD35-6F0D238149D6} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=54c30b075a6944c7adb9c26e084cf6a2&tu=10G9y00L32D33N0&sku=&tstsId=&ver=&&r=593
SearchScopes: HKU\S-1-5-21-2216729255-3084186855-3586629599-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll [2014-02-26] (Check Point Software Technologies LTD)
FF SelectedSearchEngine: Ask Web Search
FF Plugin HKU\S-1-5-21-2216729255-3084186855-3586629599-1001: @hola.org/FlashPlayer -> C:\Users\Nanaki.Lisa\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-30] ()
FF Plugin HKU\S-1-5-21-2216729255-3084186855-3586629599-1001: @hola.org/vlc -> C:\Users\Nanaki.Lisa\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-30] (Hola)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Extension: (Avast Online Security) - C:\Users\Nanaki.Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-06]
Task: {0574A9BC-B91C-4B4E-B247-FE870266FAD1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {07220F10-41EB-4422-8C34-3CBFB0158569} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {38BD28AE-C5B8-4DD8-9969-C247156CFACF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {42B81784-9057-44E7-B65E-931FA4398166} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {490F2FA9-B604-43D9-99E5-7E0E3CC1232D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5474BF73-F482-4650-97E5-9A72E13D904B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {749DB65D-BF0F-46CF-83E9-A898B82509F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C0569280-DA6F-4EB1-B978-124CC813E173} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E5EE2E69-8956-43FE-A3BC-3401BBEC3D25} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {ED2FD8C3-7F3C-4D00-856A-116C0983A00C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F071D671-6E5F-447F-B114-5B7B9CFE8130} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#6 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 28 January 2016 - 07:24 AM

Hi there you go, a log has been posted!

 

I hope I done that right to follow your instrction!

 

It seems ok but couldn't tell the different, as I used to open firefox and it takes few minutes to finally open the browser! And the computer used to start up a bit  while when I logged in before.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 AM

Posted 28 January 2016 - 08:45 AM

Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is it now?

#8 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 29 January 2016 - 04:48 AM

Sorry to keep you waiting!

 

Done them to clear them out and it seems a bit better!! :D

 

Is there another program similar to Spybot that I can scan to make sure everything is ok? As seeing that Spybot is out of use at the moment until there is a solution for that problem.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 AM

Posted 29 January 2016 - 08:50 AM

Spybot and destroy block bad site using these settings.

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
etc..

.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 05:26 - 2016-01-25 20:22 - 00450939 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
etc...


These are still present and the protection is on for the listed sites.

==

Lets hope that your issues will be solved by Spybot & destroy soon.

===

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/us/online-scanner/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

DO NOT Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

p.s.
This may take some time. Do it when you will not be needing the computer for 2 or 3 hours (it depends on the size of your Hard Disk).

Is Spybot still giving the same problems?
<<<>>>

#10 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 30 January 2016 - 04:25 AM

Hi. Eset have found 7 infections and I have attached a file for you.

 

I haven't yet use Spybot and want me to try?

 

 

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 AM

Posted 30 January 2016 - 08:53 AM

Yes
It's the only way to find out.

#12 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 30 January 2016 - 10:44 AM

Hello. I have started scanning using Spybot and it has finished for a full scan and fixed finally and no more stuck at end of scan!!! :D :D

 

Can I run eset again to make sure infections has gone or not??

 

It has found win32 toolbar montiera E, B, Conduit anf other things that are infecting my laptop currently.


Edited by Nanaki, 30 January 2016 - 11:47 AM.


#13 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 30 January 2016 - 01:48 PM

I've re run eset again and finally they are now deleted the malwares/infections.. it didnt delete fir first time, dont know why....



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:52 AM

Posted 30 January 2016 - 02:34 PM

The principle is that all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 Nanaki

Nanaki
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:52 AM

Posted 31 January 2016 - 10:49 AM

I have read all those information and will keep it on bookmark for useful information.

 

Perhaps, you could use this to help other people who have problem with spybot? It has solved the issue I had and I am very much pleased with your help for past few days!!

 

So, thank you! :-)

 

Do I need to uninstall programs that you have gave me to run or just delete them?

 

Many thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users