Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have A Zlob!


  • Please log in to reply
9 replies to this topic

#1 chowman

chowman

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Los Angeles
  • Local time:11:11 PM

Posted 24 March 2007 - 05:58 PM

Hello,

I have a Zlob Trojan, and I guess also Spylocked. One of my toolbars in the bottom right of my screen keeps popping up and saying:

System Alert! System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution.

Now, after reading many other Zlob/Spylocked problems, "SmitFraudFix" was recommended to download, and clean your computer. When I downloaded "SmitFraudFix", I scanned it with McAfee AntiVirus, and it said that "SmitFraudFix" was an infected file! It had a Potentially Unwanted Program called "PrcViewer". Why is this file infected? I would not want to try to clean a Zlob with an infected file!

Thank you so much, and please try to get back to me as fast as possible.

Many Thanks,
Chowman

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 AM

Posted 24 March 2007 - 06:21 PM

Directions for removing Spylocked:
http://www.bleepingcomputer.com/forums/t/85376/how-to-remove-spylocked-and-spywarelocked-removal-instructions/

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Install Ccleaner. Use the default settings for running the cleaner to remove temporary files, logs, cookies, etc. Do not use the "Issues" button for cleaning the registry or any of the advanced settings in the cleanup settings.
http://www.ccleaner.com/

Delete all the system restore points and then turn the system restore back on. Info and directions are in the link below.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 chowman

chowman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Los Angeles
  • Local time:11:11 PM

Posted 24 March 2007 - 06:40 PM

Thank you for giving me more anti-spyware programs, but my main question was

Why is SmitFraudFix an infected file when I scan it with McAfee?

Thank you again!
Chowman

#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 AM

Posted 24 March 2007 - 07:15 PM

OOPs, Just tell McAfee to ignore it. If it doesn't allow you to download, you will have to turn McAfee off. Do follow through with the other instructions after running the Smitfraudfix.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 chowman

chowman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Los Angeles
  • Local time:11:11 PM

Posted 24 March 2007 - 08:26 PM

THANK YOU SO MUCH!!

I did as you told. I just ignored that infected file notice, and rebooted into safe mode. I used the SuperAntiSpyware program, as well as CCleaner, and finally the SmitFraudFix. The toolbar that kept popping up is now gone! :thumbsup: However, my desktop background and Internet Explorer home page was changed. I just changed it back, and everything seems to be going perfectly! I'm just running Windows Defender and my Mcafee VirusScanner to see if anything is left. I thank you so much! You guys here at BC are the best!

SUPER THANKS!!!
Chowman

P.S.

You guys rock.

#6 chowman

chowman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Los Angeles
  • Local time:11:11 PM

Posted 24 March 2007 - 08:29 PM

Oh, just asking...

Am I supposed to delete all of my system restore points, and then start system restore again? Thank you... Sorry for the extra post.

Thanks again!
Chowman

#7 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 AM

Posted 24 March 2007 - 08:46 PM

Great ! Glad it worked for you.
Yes, restart system restore.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 chowman

chowman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Los Angeles
  • Local time:11:11 PM

Posted 24 March 2007 - 09:32 PM

I just have ONE more thing to ask of you guys. When I open my Windows Task Manager and look at the Processes, there is one process called "cftmon.exe" (without the quotation marks, of course) when I run my HiJackThis, cftmon.exe is there also, and each time I reboot my computer, it reappears. I am only guessing that it's part of the Zlob I had, because on Castlecops.com, it says that cftmon.exe is spyware/malware. How should I get rid of that? Thank you. I will try to get the exact URL for the Castlecops website.

Thank you once again.
Chowman.

#9 chowman

chowman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Los Angeles
  • Local time:11:11 PM

Posted 24 March 2007 - 09:37 PM

O.k.
I found the URL for the Castecops website. Here you go: http://www.castlecops.com/StartupList.html
In the search bar, search cftmon.exe and it will say that it is Definitely not required - typically viruses, spyware, adware and "resource hogs" AND Added by the TROJ/DELIVE-A TROJAN!

Does this mean that I have yet ANOTHER trojan? I never knew my computer would be so messed up! Please tell me what I should do to get rid of this. I think that after this problem, my computer will be very clean. Thank you so much, and I am very sorry for bothering you so much today. Please get back to me either later tonight, or tomorrow morning, because I would not want my computer to be in any more risk than it is right now.

Thank you so much.
Chowman.

#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:11 AM

Posted 24 March 2007 - 10:02 PM

http://www.auditmypc.com/process/cftmon.asp

cftmon.exe - Here is the scoop on Cftmon Process as it pertains to computer network security. The big question: what is cftmon.exe and is it spyware, a trojan and if so, how do I get rid of Cftmon Process?
cftmon.exe (Cftmon Process) - Details
The cftmon.exe process is a component used in MsOffice to perform language related functions. It is closely tied to the 'Language Bar' present in MsOffice, so if you use the Language Bar you should leave this process running. If, on the other hand, you do not use the language bar, you should terminate this process to free up system resources.

cftmon.exe is an application that does NOT appear to be a security risk

The Spy Bot database currently registers cftmon.exe to Microsoft.

This is part of Microsoft Office.
--------------------------------------------------------------------------------


Bleeping Computer says malware, too.

http://www.bleepingcomputer.com/startups/c...n.exe-8486.html
--------------------------------------------------------------------------------


With all the scanning you have done, I don't think the file is malware. There is an excellent Online scanner you can use, too.Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds http://www.bitdefender.com/scan8/ie.html
--------------------------------------------------------------------------------


You can submit the file "ctfmon.exe" to Jotti and they will tell you if it is malware.

http://virusscan.jotti.org/

I have it on my computer-------- C/Windows/system32--------15kb

Edited by buddy215, 24 March 2007 - 10:11 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users