Page 1 of 1

trojan virus!

Posted: Sat Nov 10, 2007 2:17 am
by Xzaver
It seem i have picked up a virus! can anyone tell how to get rid of it??

i have ran my antivirus but my system is coming up ok, all im geting is this pop up everytime i go to a new site, saying.

Critical system warning! your system is probaly infected whit the latest version of trojan.Zlob-x.a full system optimzation will greatly increase your computr preformans an prevent data loss,

then it gives me this program to download, ieDefender, to get rid of it, but i dont trust this program, being the publisher is Unknown.

what should i do??

Posted: Sat Nov 10, 2007 2:57 am
by A'Ton Sands
Sounds like you have spyware.

Use AdAware its free, it should find it.

Posted: Sat Nov 10, 2007 5:09 am
by Anach
Never download any recommended crap from popups, and never believe a popup virus warning when browsing the web.

I wouldnt bother with adaware, its become a bloated buggy resource hog.

First things first, you want to go to http://www.antivirus.com and do an online free scan, cause if you have a virus, your current AV is most likely infected or useless anyway. Disable your AV while doing the online scan.

If you have a virus, then you will need to uninstall your current AV (in case of infection) then do the online scan/reboots until its gone, and reinstall your AV afterwards.

Second, if it's just spyware as aton says, then do the online scan above, then also download Spybot and do a scan with that.

Posted: Sat Nov 10, 2007 10:35 am
by gelfling
I'll add... once you've got rid of the infestation, do make backups so if the worst happens again you will have copies of all of the important data on your computer.

If you need a good and proper AV down the road - I recommend Nod32. Can't praise it highly enough.

Posted: Sun Nov 11, 2007 5:47 am
by asharin
Another good (and free) antivirus solution, is AVG free (google it)
It's never let me down, where as PC-Cillin and Norton both have in the past

Posted: Sun Nov 11, 2007 5:13 pm
by Parrot
The zlob virus is a **Lady** to get rid of, it shows up in some of the spyware programs but they will not remove it all....
Zlob Manual Removal Instructions

Below is a list of Zlob manual removal instructions and Zlob components listed to help you remove SpyCrush from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

Note: This manual removal process may be difficult and you run the risk of destroying your computer. We recommend that you use SpyHunter's spyware detection tool to check for Zlob.
Step 1 : Use Windows File Search Tool to Find Zlob Path

1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "Zlob" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "Zlob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob in the following manual removal steps.
5. Read more about How to Find Zlob with File Search Tool


Step 2 : Use Windows Task Manager to Remove Zlob Processes

1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for "Zlob" process by name.
3. Select the "Zlob" process and click on the "End Process" button to kill it.
4. Remove the "Zlob" processes files:
5. msmsgs.exe nvctrl.exe msmsgs.exe nvctrl.exe
Read more about How to kill Zlob Processes


Step 3 : Use Registry Editor to Remove Zlob Registry Values

1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
3. To delete "Zlob" value, right-click on it and select the "Delete" option.
4. Locate and delete "Zlob" registry entries:
5. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe, msmsgs.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe
Read more about How to Remove Zlob Registry Entries


Step 4 : Use Windows Command Prompt to Unregister Zlob DLL Files

1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
2. Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob DLL file is located, use the "dir" command to display the directory's contents.
3. To unregister "Zlob" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
4. Search and unregister "Zlob" DLL files:
5. uimcu.dll antzozc.dll dtjby.dll
Read more about How to Remove Zlob DLL Files


Step 5 : Detect and Delete Other Zlob Files

1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in "del name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "Zlob" process and click on the "End Process" button to kill it.
8. Remove the "Zlob" processes files:
9. uimcu.dll antzozc.dll dtjby.dll dumpserv.com zxserv0.com vnp7s.net Protect RSA ncompat.tlb msvol.tlb hp[X].tmp msmsgs.exe dumpserv.com nvctrl.exe zxserv0.com vnp7s.net %UserProfile%\Application Data\Microsoft\Protect %UserProfile%\Application Data\Microsoft\Crypto\RSA ncompat.tlb msvol.tlb hp[X].tmp
Read more about How to Delete Harmful Files

Posted: Sun Nov 11, 2007 5:14 pm
by Parrot
You have to remove most of it manually... I had it and it's a **Lady** to get it all...