cancel
Showing results for 
Search instead for 
Did you mean: 
suzi_75
Level 7
Report Inappropriate Content
Message 1 of 16

Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Hi

I've got a Trojan-Downloader.zlob.znx on my PC and nothing I do will get rid of it. I have tried Mcafee, AVG, Spyware DR with no joy and have tried removing it manually from the registry etc but after i re-boot it comes back again!

Any ideas and help will be much appreciated thank you x
15 Replies

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Hello,

 

no joy and have tried removing it manually from the registry etc but after i re-boot it comes back again!



There is not point in trying to remove a reg entry if the file has not been removed, every time you re-boot the file will write to the registry. I hope you have not installed AVG antivirus, if so, please uninstall it.

Download Malwarebytes ' Anti-Malware from Here or Here Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
suzi_75
Level 7
Report Inappropriate Content
Message 3 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Thanks for your advice, below is the log file.




Malwarebytes' Anti-Malware 1.30
Database version: 1347
Windows 6.0.6001 Service Pack 1

31/10/2008 23:16:11
mbam-log-2008-10-31 (23-16-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187759
Time elapsed: 2 hour(s), 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 5
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Susan\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Susan\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.






It seems to have deleted the virus but spyware dr is still picking it up and my McAfee wont do a full scan, it keeps freezing around 20-25% and its never on the same file??

Also having problems with general functions, deleting and moving files, browsing etc, it sometimes tells me that i need permission to do some actions but i am an administrator so who do i need permission from ?!? lol browsing is slowish and 8 out of 10 times it crashes my whole pc, also my pc wont shut down, it just stays on the "shutting down" or "logging off" screen.

Any ideas?? xx
melboy
Level 7
Report Inappropriate Content
Message 4 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

hi,

Can you edit the windiwsfsearch out.

Change the http to hxxp or just remove it totally.

This is a malicious site.

Also delete your temporary internet files, update MBAM and scan again (quick scan). The database is now 1354.
suzi_75
Level 7
Report Inappropriate Content
Message 5 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

This is the latest log, it doesnt show any infections but im still having all the problems that i mentioned in my last reply.


Malwarebytes' Anti-Malware 1.30
Database version: 1347
Windows 6.0.6001 Service Pack 1

01/11/2008 19:09:01
mbam-log-2008-11-01 (19-09-01).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
suzi_75
Level 7
Report Inappropriate Content
Message 6 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Sorry, posted wrong log:

Malwarebytes' Anti-Malware 1.30
Database version: 1347
Windows 6.0.6001 Service Pack 1

01/11/2008 12:00:08
mbam-log-2008-11-01 (12-00-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187612
Time elapsed: 2 hour(s), 17 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

All temp files have been deleted and ive just updated MBAM and running a scan now, spyware dr has just finished a scan and it still shows the virus but the reg keys and values that it says are infected dont exist (well I cant find them anyway lol)! xx
melboy
Level 7
Report Inappropriate Content
Message 7 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Its still showing the database as 1347, update it and after clearing your temporary internet files (in IE > tools . internet options > browsing history > Delete > temporary internet files > delete files) run a quick scan.

Post the log from that and then do an online scan here

What are the paths/files that SpywareDoctor is detecting?
suzi_75
Level 7
Report Inappropriate Content
Message 8 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Temp files have been deleted, MBAM updated and here is the latest log, away to do an online scan now xx


Malwarebytes' Anti-Malware 1.30
Database version: 1354
Windows 6.0.6001 Service Pack 1

01/11/2008 21:03:12
mbam-log-2008-11-01 (21-03-12).txt

Scan type: Quick Scan
Objects scanned: 49074
Time elapsed: 14 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Highlighted
melboy
Level 7
Report Inappropriate Content
Message 9 of 16

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!



You need to uninstall AVG if mcafee is your paid AV. Never run two AV's together. It can cause problems/conflicts that will leave you less protected and possibly mess up your system:

aumha.net

RE: Trojan-Downloader.zlob.ZNX HELP PLEASE!!!

Yeah i removed AVG when I installed McAfee (only got it yesterday) xx