I have a nasty virus. Help me please!

[DaedalCipher]

Just for the record, this post is also in the general hardware forums.


I need help from anyone willing.

I got a virus about 4 days ago and I can't get rid of it. I had avast! antivirus, and it seemed to be every thirty minutes the warning would pop up that I was under attack. I would move to chest or just delete, but a half hour later it would come back. Here is the specific line i got:

Win32:Zlob-BN [Trj]

Whenever I go on IE, it brings me to a page saying I am infected, blah blah, and prompts me to download the software and run a scan.

I checked it out on google, and the best advice i could find was to go into system restore and disable it to make sure that the virus didn't get into there, then update my virus definitions and do a deep scan, deleting anything in the registry that said Trojan Zlob. I also switched from avast antivirus to a free symantec program from my college site. So i did all that, and symantec found four Zlob files, and I deleted them. I don't know if that means it is gone from the registry or not, but here's my current sit-rep: I no longer get the same warning popping up that I am under attack that avast was giving me every thirty minutes, but I don't know if it's cause symantec does things differently or if something is fixed. However, right now I am using mozilla (and from now on probably will) because whenever I use IE my homepage is changed to the virus' web page, and even though I can go into options and switch it to google again, but next time i log on it brings me to that same page. Mozilla is fine.

So that's what i know. Everything else i found to get rid of the virus (the instructions I followed were from symantec's website concerning that family of virus') is pretty user specific, it seems.

Oh yeah, and before I did all this I tried a system restore about four times, as far back as a month and a half ago, but windows says there was an error and they can't restore my computer. Could this mean the virus is alreasy in there?

Any and all help would be much appreciated. I will reformat if I must, but want to avoid at all costs, obviously. Thanks again.

 

[mechBgon]

Please do not cross-post the same thing to multiple sections of the Forums. Now, uninstall Avast and install a free 30-day trial of Kaspersky Antivirus Personal 6. Go through all sections of the Settings panel (green checkmark at the top of Kaspersky), max out all its capabilities except Application Integrity Control, update it, reboot if the updates need a reboot, and then run a full scan of your system.

 

[KeithP]

In addition to mechBgon's advice, I would suggest that you perform the virus scan from Kaspersky runninng in safe mode.

After that is done, you may want to double check your system and do the samething again with another good antivirus product like Nod32 or Panda. They all have fully functioning 30 day trials available for download.

-KeithP

 

[ScrapSilicon]

linky

from webroot..

According to the report, the first quarter of 2006 saw a 15 percentage point jump in the share of consumer PCs infected with spyware: from 72 percent in Q4 2005 to 87 percent in Q1 2006. The average instances of spyware on infected machines increased 18 percent over the previous quarter to an average of 29.5 instances of spyware per infected PC, up from 24.9 instances in Q4 2005. Webroot also witnessed a significant rise in Trojan horse infection rates with an increase to 29 percent, up from 24 percent during the fourth quarter of 2005. The overall incidence of the most prevalent Trojan horse, Trojan?Downloader?Zlob, doubled during the first quarter.

 

[RebateMonger]

Microsoft says that the Zlob trojan is removed by their Malicous Software Removal Tool, which runs when you run Windows Update. Doesn't that handle this version of Zlob?

Families Cleaned by the Malicious Software Removal Tool - Microsoft

PERSONALLY and professionally, for myself and my clients, I'd never trust a computer that had been infected by a trojan like this. I'd re-install Windows.

 

[DaedalCipher]

Thank you all for the help. I was strongly considering re-installing windows anyway, but the suggestion is welcome, and I am proceeding with the re-install, even though as far as I can tell the registry is clean and the virus is gone.

Once again, thank you all for the help. I really appreciate it.

 

[pkme2]

I had a student bring by her computer and we tried several ways to get rid of the trojan yesterday. The quickest solution was to wipe her hdd and reinstall her OS.
Her daughter downloads a lot of music and that could have been the cause of the trojan. I recommended that she get a separate PC for her daughter. Oh well, back to grind.......

 

[Vinny77]

I would recommend a clean install, I mean people here will tell you to use anti-viruses, but we all know they dont work, so just reinstall windows with a low level format.

 

[tjaisv]

Uhh, Anti-Virus software DOES work, the better the program the better it works. You just gotta keep it updated, which the better ones do automatically, and you just have to know a little bit about how to use it. I use Norton AV, the new edition comes with built in anti-spyware and so far it's worked great for me.

 

[DaedalCipher]

I currently have a university-sponsored symantec antivirus. Can I assume, pkme2, that you are talking about a reformat? Because I wanted to avoid that at all costs. At any rate, all of the problems I was having seem to be gone. Rebooting in safe mode and doing a sweep did the trick, i believe. Thanks for the advice people.

 

[thescreensavers]

From some ones sig here

This

 

[pkme2]

Originally posted by: DaedalCipher
I currently have a university-sponsored symantec antivirus. Can I assume, pkme2, that you are talking about a reformat? Because I wanted to avoid that at all costs. At any rate, all of the problems I was having seem to be gone. Rebooting in safe mode and doing a sweep did the trick, i believe. Thanks for the advice people.

She had Norton Antivirus on her system and we tried all possible ways to clean virus off within safe mode. Tried many other methods too, but wiped hdd and re-installed. We installed AVG until she got something better.

 

[Medea]

Zlob is just about always present with smitfraud. Getting rid of zlob doesn't remove smitfraud and the other junk.

 

[gorcorps]

Originally posted by: Medea
Zlob is just about always present with smitfraud. Getting rid of zlob doesn't remove smitfraud and the other junk.

Any way of getting rid of that yet?

 

[Medea]

Originally posted by: gorcorps

Originally posted by: Medea
Zlob is just about always present with smitfraud. Getting rid of zlob doesn't remove smitfraud and the other junk.

Any way of getting rid of that yet?

Run SmitFraudFix by S!ri in Safe Mode along with Ewido Anti-Spyware 4 (also in Safe Mode).

Save SmitFraudFix.zip to your Desktop, extract all of the files to your Desktop, and a folder named SmitfraudFix will be created on your Desktop.

Download Ewido and install it. When installing, under "Additional Options," uncheck "Install background guard" and uncheck "Install scan via context menu." The program will prompt you to update. Click the Ok button.
Exit - don't scan yet.

Reboot into safe mode.

Run SmitFraud first and select #2 for clean. When the prompt appears "Do you want to clean the registry?" answer Yes by typing "Y" and hit Enter. If it asks if you want to replace wininet.dll, type "Y" for Yes.

Then empty ALL of your temp files and clean out the cookies you don't want

Then run Ewido -> make sure all browsers/open windows are closed. Click Settings first and check everything - then check Full System Scan and run the program. Afterwards, check "Perform action on all infections" and check the box "Create encrypted backup" - then choose "Clean" and click Ok <- this step is important. Save the report.

Reboot back into normal mode.

You should be good to go.