cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 16

Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Hi

I've got a Trojan-Downloader.zlob.znx on my PC and nothing I do will get rid of it. I have tried Mcafee, AVG, Spyware DR with no joy and have tried removing it manually from the registry etc but after i re-boot it comes back again!

Any ideas and help will be much appreciated thank you x
15 Replies
Highlighted

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Hello,

 

no joy and have tried removing it manually from the registry etc but after i re-boot it comes back again!



There is not point in trying to remove a reg entry if the file has not been removed, every time you re-boot the file will write to the registry. I hope you have not installed AVG antivirus, if so, please uninstall it.

Download Malwarebytes ' Anti-Malware from Here or Here Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Thanks for your advice, below is the log file.




Malwarebytes' Anti-Malware 1.30
Database version: 1347
Windows 6.0.6001 Service Pack 1

31/10/2008 23:16:11
mbam-log-2008-10-31 (23-16-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187759
Time elapsed: 2 hour(s), 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 5
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Susan\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.






It seems to have deleted the virus but spyware dr is still picking it up and my McAfee wont do a full scan, it keeps freezing around 20-25% and its never on the same file??

Also having problems with general functions, deleting and moving files, browsing etc, it sometimes tells me that i need permission to do some actions but i am an administrator so who do i need permission from ?!? lol browsing is slowish and 8 out of 10 times it crashes my whole pc, also my pc wont shut down, it just stays on the "shutting down" or "logging off" screen.

Any ideas?? xx
Level 7
Report Inappropriate Content
Message 4 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

hi,

Can you edit the windiwsfsearch out.

Change the http to hxxp or just remove it totally.

This is a malicious site.

Also delete your temporary internet files, update MBAM and scan again (quick scan). The database is now 1354.
Highlighted
Level 7
Report Inappropriate Content
Message 5 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

This is the latest log, it doesnt show any infections but im still having all the problems that i mentioned in my last reply.


Malwarebytes' Anti-Malware 1.30
Database version: 1347
Windows 6.0.6001 Service Pack 1

01/11/2008 19:09:01
mbam-log-2008-11-01 (19-09-01).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Highlighted
Level 7
Report Inappropriate Content
Message 6 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Sorry, posted wrong log:

Malwarebytes' Anti-Malware 1.30
Database version: 1347
Windows 6.0.6001 Service Pack 1

01/11/2008 12:00:08
mbam-log-2008-11-01 (12-00-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187612
Time elapsed: 2 hour(s), 17 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

All temp files have been deleted and ive just updated MBAM and running a scan now, spyware dr has just finished a scan and it still shows the virus but the reg keys and values that it says are infected dont exist (well I cant find them anyway lol)! xx
Highlighted
Level 7
Report Inappropriate Content
Message 7 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Its still showing the database as 1347, update it and after clearing your temporary internet files (in IE > tools . internet options > browsing history > Delete > temporary internet files > delete files) run a quick scan.

Post the log from that and then do an online scan here

What are the paths/files that SpywareDoctor is detecting?
Highlighted
Level 7
Report Inappropriate Content
Message 8 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Temp files have been deleted, MBAM updated and here is the latest log, away to do an online scan now xx


Malwarebytes' Anti-Malware 1.30
Database version: 1354
Windows 6.0.6001 Service Pack 1

01/11/2008 21:03:12
mbam-log-2008-11-01 (21-03-12).txt

Scan type: Quick Scan
Objects scanned: 49074
Time elapsed: 14 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Highlighted
Level 7
Report Inappropriate Content
Message 9 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!



You need to uninstall AVG if mcafee is your paid AV. Never run two AV's together. It can cause problems/conflicts that will leave you less protected and possibly mess up your system:

aumha.net
Highlighted

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Yeah i removed AVG when I installed McAfee (only got it yesterday) xx

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community