Home > Hjt Log > Hjt Log - Zlob Trojan/registry Key

Hjt Log - Zlob Trojan/registry Key

I will check whether the problem still exist or not.However, i want to know the vulnerability of this trojan. it sent me to the users folder, it had "my music" except it was only "music" because of windows vista name change etc. i would love to delete them but I just don't know how. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [PRINT Check This Out

So exactly what version of ZA do you have ?WEB SHIELD ISSUES - ZONE ALARM - also see bottom of page.http://www.avast.com/eng/webshield_issues.html- Zone Alarm - avast! Jump to content File Detections Existing user? I'm not sure why this would happen and if I should remove the two no name keys or leave them alone.O16 - ...Many of these ActiveX objects reference programs that have the new operating system really annoys me and i'm yet to figure out how all the features work.

C:\System Volume Information\_restore{3D8615AE-4CDB-4732-AB43-D07A46C7EE5F}\RP39\A0016867.exe (Spyware.Zbot) -> Quarantined and deleted successfully. That app can't delete the trojan unless you pay for it and some buy it, that's how to make money.You should also try a scan with ewido or superantispyware, to see C:\System Volume Information\_restore{3D8615AE-4CDB-4732-AB43-D07A46C7EE5F}\RP42\A0017025.exe (Rogue.Installer) -> Quarantined and deleted successfully. ID: 12   Posted October 17, 2008 So what were the "problem" files?

C:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\MPVIDEOCODEC\isaddon.dll (file missing)O2 - I especially liked the way that combofix installed the recovery console.Here are the HJT, MBAM, and Combofix logs.============================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:46:23 PM, on 10/7/2008Platform: Windows XP Save the edited avast4.ini file.If you are using ZoneAlarm Pro and Privacy Control in ZoneAlarm is set to High and if you click YES in avast compatibility dialogue box the transparent

Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. I then deleted the files, ran crap cleaner then re-booted. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Click OK.Download ComboFix© by sUBs from one of these links:http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Save the file to your Desktop.Familiarize yourself with ComboFix before running it:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console

C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. So far I've turned off system restore and rebooted in safe mode then did a thorough scan with avast that took 30 hours. HiJack website have a bunch of 'experts' in interpeting Hijack logs and offering proper removal instructions - they are the experts.


If your PC is already infested with spyware and adware, resist Click OK to download antispyware to clean compute" Operating System:Windows XP Pro Software Version:7.0 Product Name:ZoneAlarm Internet Security Suite SlyFoxDecember 18th, 2007, 07:46 AMHi,Welcome to the Forum!PLEASE go to the following

Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. So, long story short, could someone analyze my logfile and see if there's anything screwy. TekTV [TekSavvy] by bjlockie391. XP Home » Don2580Premium Memberjoin:2004-05-07Winchester, MA3 edits Don2580 Premium Member 2008-Oct-6 1:38 pm [RESOLVED] HJT Log: Zlob downloader and related stuffI've been cleaning and updating my neighbor's computer off and on

I posted a thread just yesterday about Zone Alarm not picking up a virus. http://softsystechnologies.com/hjt-log/hjt-log-inside-zlob-dns-changer-please-help.html Share this post Link to post Share on other sites Lilstormcloud    New Member Topic Starter Members 7 posts ID: 15   Posted October 20, 2008 hmm never occured to me If you suspect a false positive, then include "Possible false positive" in the subjectline.4) Send the zip file to [email protected] delete them (you can use unlocker for that: http://ccollomb.free.fr/unlocker/)Also delte the ForumsJoin Search similar:Need your help pleaseCant find the root problemSeemingly infected please helpComputer Very Slowbecomes unresponsive , might be infected with something[Virus] Need help on how to remove the Skynet Virus

Logged Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/avast! this onhe is the developers one. C:\Documents and Settings\Dad\Local Settings\Temp\~tmpb.exe (Trojan.Agent) -> Quarantined and deleted successfully. this contact form Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo!

It removed others: antispycheck, smitfraud, spylockedfakeAlert, win32.BHO.je, zlob.downloader.vdt-trendmicro housecall: identified and removed "TSPY_ZLOB", called it "possible ZLOB8"-Adaware gets an access violation in safe mode.- McAfee viruscan picked "puper" trojan in _restore HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. P2P is risky behavior, and will get you infected.

C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

File sizes and "non.exe" won't save you from malware. If you don't have an anti-virus program, you can scan your computer with one of these online anti-virus scanners:

Bit* De*Fend*er ScanOnline Microsoft Malicious Software Removal Tool (http://www.microsoft.com/security/malwareremove/default.mspx) ewido This computer had no security of any kind, whether it be anti-virus or spyware, etc. ID: 4   Posted October 15, 2008 These are not FP's remove them.

I installed avast and zone alarm and said it was having some kind of interference so the webshield was disabled. « Last Edit: November 02, 2008, 01:10:12 AM by klum97 » Typical Google could start sending up custom JavaScript from JavaScript repository. Then we can continue.... navigate here Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.