Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Zlob.trojan Infected(windows Vista)

  • Please log in to reply
2 replies to this topic

#1 FordGTGuy


  • Members
  • 2 posts
  • Local time:02:22 PM

Posted 12 February 2007 - 03:06 AM

My computer is being infected by the Trojan Zlob and i'm running Windows Vista Premium. Windows Defender found its instantly but seems to be having problems doing anything about it. I'm currently running SpyHunter v2.8 and seems to be finding every Zlob file on my computer but i'm not sure if it has its currently at 3/4s done.

SpyHunter v2.8 has found:
*Trojan.Downloader(?)(Doesn't show full name)

Sadly I do not own SpyHunter so it won't let me delete but it did show me where they all are.

*A fake System Warning that when clicked takes me to a website selling Anti-Vermins.
*Video ActiveX Object created with the infection files: isamini.exe, isunst.exe, pmmnt.exe, and iesplugin.dll.
I haven't really noticed any other symptoms so far.

Heres the Support Log SpyHunter generated:

Log Contents provided by Enigma Software Group, Inc.
###########################Runnning Processes DATA###########################
processName = TASKENG.EXE File Size = 166400 File Path = C:\Windows\system32\taskeng.exe ModuleMD5 = 1226e9fae5b8508801ec974e3c9d9c14
processName = DWM.EXE File Size = 83456 File Path = C:\Windows\system32\Dwm.exe ModuleMD5 = e87b968f3d49117445893eb0503fe34f
processName = EXPLORER.EXE File Size = 2923520 File Path = C:\Windows\Explorer.EXE ModuleMD5 = fd8c53fb002217f6f888bcf6f5d7084d
processName = MSASCUI.EXE File Size = 1004136 File Path = C:\Program Files\Windows Defender\MSASCui.exe ModuleMD5 = 10b5bfbdb6717b58eeab927cfd1ced25
processName = REALSCHED.EXE File Size = 185896 File Path = C:\Program Files\Common Files\Real\Update_OB\realsched.exe ModuleMD5 = 1eda1c63e0d2ae1aebdf98083454079c
processName = ZUNELAUNCHER.EXE File Size = 21464 File Path = C:\Program Files\Zune\ZuneLauncher.exe ModuleMD5 = cbe1e06e8103581d1e4268433c942409
processName = SIDEBAR.EXE File Size = 1196032 File Path = C:\Program Files\Windows Sidebar\sidebar.exe ModuleMD5 = 43632977504b323f8a41bf7a9965c453
processName = ATIDTCT.EXE File Size = 57344 File Path = C:\Program Files\ATI Multimedia\main\atidtct.exe ModuleMD5 = abf90bed151ee098513a3f2febd12c69
processName = EHTRAY.EXE File Size = 125440 File Path = C:\Windows\ehome\ehtray.exe ModuleMD5 = 2e0953919779a44bf9dfb7b07c58535a
processName = MSNMSGR.EXE File Size = 5354792 File Path = C:\Program Files\MSN Messenger\msnmsgr.exe ModuleMD5 = c1ee2387ede907599ee3a6de9493f672
processName = WMPNSCFG.EXE File Size = 201728 File Path = C:\Program Files\Windows Media Player\wmpnscfg.exe ModuleMD5 = 20ef9002cff89c4c1077e4415ec7297b
processName = EHMSAS.EXE File Size = 37376 File Path = C:\Windows\ehome\ehmsas.exe ModuleMD5 = 693e4c15cee5d6487d7913a2701b5e40
processName = MOBSYNC.EXE File Size = 95232 File Path = C:\Windows\System32\mobsync.exe ModuleMD5 = 9c632dc0f1b6d79b05f46a4a5349cef4
processName = MOM.EXE File Size = 49152 File Path = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE ModuleMD5 = 36b9fc05b2091a5782d4a0189fe1735c
processName = SIDEBAR.EXE File Size = 1196032 File Path = C:\Program Files\Windows Sidebar\sidebar.exe ModuleMD5 = 43632977504b323f8a41bf7a9965c453
processName = CCC.EXE File Size = 49152 File Path = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ModuleMD5 = 0fc4ca031c46ce1bbdd8a7e91ed2251b
processName = SPYHUNTER.EXE File Size = 2482176 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 146e80454798088ce29eff0254637ceb
processName = FIREFOX.EXE File Size = 7620696 File Path = C:\PROGRA~1\MOZILL~1\FIREFOX.EXE ModuleMD5 = 6d05e232dde95d48fbf0d879559cd3ca
###########################REGISTRY MD5 DATA###########################
Name=Windows Defender Data=%ProgramFiles%\Windows Defender\MSASCui.exe -hide FileSize = MD5=
Name=TkBellExe Data="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot FileSize = 185896 MD5=1eda1c63e0d2ae1aebdf98083454079c
Name=Zune Launcher Data="C:\Program Files\Zune\ZuneLauncher.exe" FileSize = 21464 MD5=cbe1e06e8103581d1e4268433c942409
Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
FileSize = 2482176 MD5=146e80454798088ce29eff0254637ceb
Name=Sidebar Data=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun FileSize = 1196032 MD5=43632977504b323f8a41bf7a9965c453
Name=ATI DeviceDetect Data=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE FileSize = 57344 MD5=abf90bed151ee098513a3f2febd12c69
Name=ATI Launchpad Data="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" FileSize = 102400 MD5=28ccadea9a4b6624e53cd92890b01aea
Name=ctfmon.exe Data=C:\WINDOWS\system32\ctfmon.exe FileSize = 8704 MD5=22bfd03df51065a9ed8d17f8fb72296b
Name= Data= FileSize = MD5=
Name=StartCCC Data=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe FileSize = 90112 MD5=033ff248550305ed52ed2d2844a8a11b
Name=ehTray.exe Data=C:\Windows\ehome\ehTray.exe FileSize = 125440 MD5=2e0953919779a44bf9dfb7b07c58535a
Name=msnmsgr Data="C:\Program Files\MSN Messenger\msnmsgr.exe" /background FileSize = 5354792 MD5=c1ee2387ede907599ee3a6de9493f672
Name=BitTorrent Data="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized FileSize = 43008 MD5=e6f387ce478bc57e83fa7d43623a41cf
Name=WMPNSCFG Data=C:\Program Files\Windows Media Player\WMPNSCFG.exe
FileSize = 201728 MD5=20ef9002cff89c4c1077e4415ec7297b
Name=user32.dll Data=C:\Program Files\Video ActiveX Object\isamntr.exe
FileSize = 29696 MD5=7a2042e082825bbf9f75a63dee54898b
Explorer.exe FileSize = 2923520 MD5=fd8c53fb002217f6f888bcf6f5d7084d
C:\Windows\system32\userinit.exe, FileSize = 24576 MD5=22027835939f86c3e47ad8e3fbde3d1

BC AdBot (Login to Remove)



#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:22 PM

Posted 12 February 2007 - 06:16 AM

It looks like you may have more than one infection.
I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
Please read, and follow, all directions carefully!!!

If the steps, prior to the posting of a HijackThis log don't eliminate the problem:

Then, run a log, and post it in the HijackThis forum, >at this link<.
Do not, post it in this topic.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

A note on SpyHunter:

While there are still unresolved allegations that SpyHunter transmits the Windows Product ID from users' PCs (1), we can no longer classify this application as "rogue/suspect." Nonetheless, SpyHunter -- at least in its current state -- cannot be recommended because of its mediocre performance as an anti-spyware scanner. Testing indicates that it does not recognize some well-known spyware installations and has difficulty removing critical spyware/adware files even from those it does recognize (1). Given the many excellent competing anti-spyware applications that are available (some for free), users would do better looking elsewhere for trustworthy anti-spyware protection.

Rogue/Suspect Anti-Spyware Products & Web Sites
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Micht


  • Members
  • 34 posts
  • Local time:02:22 PM

Posted 12 February 2007 - 12:23 PM

hhhh... if I'm not mistaken, BG said that Vista would be 100% protected from malware :-)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users