Author Topic: Oh Darn!!! I have the Zlob trojan - HELP Please....  (Read 30851 times)

0 Members and 1 Guest are viewing this topic.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7423
  • Liverpool FC - YNWA
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #45 on: August 13, 2006, 04:44:33 PM »
Just to confirm that it isn't something obvious ...

Have you ever re-booted your computer during this thread?  Sometimes uninstallers require a re-boot in order to fully eliminate items.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7423
  • Liverpool FC - YNWA
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #46 on: August 13, 2006, 04:46:43 PM »
In that page of highjack this can I completely uninstall something from there. I can see programs I didn't even realise I had like easycleaner. But when I uninstall from the add remove page it says setup needs to close.

You can remove the entries themselves, but not any files/folders/etc associated with them.  It simply manages the 'Add/Remove Software' list.

Tutorial here:  http://www.bleepingcomputer.com/tutorials/tutorial42.html#uniman
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #47 on: August 13, 2006, 07:57:24 PM »
Morning All.....

Yep I've rebooted several times. Its really getting to me now. I want my limewire back :( It says I have java in my add/remove programs but during installation it said the 1722 error so my computer was not modified, cant figure out why it even says it in the add remove side if its not even there. Then when I go to install it it brings up the older version, its just a big cycle of nothing!!
Cant wait to get this back on track.

Offline SpyDie

  • The Spyware Cooker
  • Administrator
  • Hero Member
  • *****
  • Posts: 2199
    • View Profile
    • The LandzDown Forum
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #48 on: August 13, 2006, 08:12:02 PM »
If you try and remove it, you get the same error yes?
Beta. Software undergoes beta testing shortly before it's released. Beta is Latin for 'still doesn't work.'

Offline GR@PH;<'S

  • Administrator
  • Hero Member
  • *****
  • Posts: 20125
    • View Profile
    • http://www.taktmobiles.co.uk
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #49 on: August 13, 2006, 08:15:32 PM »
Cherubs,
The best thing I recommend that you do is to get your PC clean of Spy/Malware
then once your clear re-install it or you could try Shareaza
But after you have installed it run another scan with Ad-aware to make sure that you are still clean

GR@PH;<'S   :Hammys pint:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #50 on: August 13, 2006, 08:17:47 PM »
Are you talking about the java? I've removed it several times. I've followed the online instructions and rebooted, but each time I try to re download I keep getting this error message about the windows installation package and that it has not been succesfully downloaded, I'm starting to get stressed as I want it fixed, Please can you help me :wub:

GR@PH;<'S - my computer is now clean and all trojans are long gone :D

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #51 on: August 13, 2006, 08:21:13 PM »
GR@PH;<'S - Oh cool I just checked that site out. So its like limewire is it?? I use it to get the kids dancing music from so would be really lost without out. They quite often need backing tracks to sing too etc.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1594
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #52 on: August 13, 2006, 08:32:50 PM »
Can you check inside add / remove programes that you have the windows installer 3.1 (KB893803) please ?
and let us  know what verson you have ..

numbnuts ...
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #53 on: August 13, 2006, 08:35:00 PM »
ACDSee 6.0 PowerPack
Ad-Aware SE Professional
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
ArcSoft Software Suite
Ares 1.8.8
Better File Rename 4.7.1
Canon CanoScan Toolbox 4.1
Canon PhotoRecord
Canon PIXMA iP6000D
Canon PIXMA iP6000D Memory Card Utility
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CanoScan LiDE20,30 Manual
CCleaner (remove only)
CD-LabelPrint
Direct MIDI to MP3 Converter 2.0
DivX
DVD Shrink 3.2
DVD Solution
DVD43 v3.7.0
Easy-WebPrint
eBay.com.au - Skype 2.5
ewido anti-spyware 4.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Huffyuv AVI lossless video codec (Remove Only)
iTunes
J2SE Runtime Environment 5.0 Update 8
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
JascUpdate
LimeWire PRO 4.10.0
LiveUpdate BVRP Software
Logitech Desktop Messenger
Logitech iTouch Software
Macromedia Flash Player 8
Macromedia Shockwave Player
MailWasher Pro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Premium
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Middleware
mobile PhoneTools
MotionDV STUDIO 5.3E LE for DV
Mozilla Firefox (1.5.0.6)
Nero Media Player
Nero OEM
NeroVision Express 2
NeroVision Express Content
NOD32 antivirus system
PowerDVD
PowerProducer
QuickTime Alternative 1.70
Realtek AC'97 Audio
SD Viewer for DSC
Security Task Manager 1.6f
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SiS661FX
Spybot - Search & Destroy 1.4
Turbo Lister
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
vanBasco's Karaoke Player
Video Stream Driver for Panasonic DVC
Virtual Painter
Webshots Desktop
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Safety Scanner
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series Winter Fun Pack
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip


Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #54 on: August 13, 2006, 08:36:41 PM »
Well I can see it in the list above numbnuts and it looks the same as what you said....

What shall I do now??

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1594
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #55 on: August 13, 2006, 08:38:50 PM »
Post a fresh HjT logfile for the HjT experts to look at sorry it not my field ...HjT please post a new log ..

numbnuts... :thumbsup:
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline GR@PH;<'S

  • Administrator
  • Hero Member
  • *****
  • Posts: 20125
    • View Profile
    • http://www.taktmobiles.co.uk
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #56 on: August 13, 2006, 08:41:03 PM »
Cherubs,
As you use a P2P to get files and so on please make sure that you scan every download for trojans  & Viruses as well as Spy/Malware.

GR@PH;<'S   :Hammys pint:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #57 on: August 13, 2006, 09:19:39 PM »
Already did that, just posted the above list for Spydie. So crossing fingers here that he can come up with something.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20759
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #58 on: August 13, 2006, 10:44:33 PM »
Hi, Cherubs. 

From your HJT log posted 11 August, I note C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe.  Personally, I would select a tool that wasn't on the Rogue List, even though Spyware Terminator has supposedly cleaned up their act.  Based on the problems you've had, who's to say that isn't the reason?  Its your choice, of course.

Quote
Note on SpywareTerminator:  We originally listed Spyware Terminator on this page out of concerns that Crawler, the company behind the product, had established connections with IBIS, a well known adware distributor responsible for such adware programs as Wintools, Websearch, & Huntbar. Although we found no problems in our initial testing with Spyware Terminator, and while the vendor itself announced that it was exiting the adware business (1), we decided out of caution to impose a three month probation period before we would consider re-testing and, if warranted, de-listing the the product from the Rogue/Suspect list. During that three month probation period we monitored the behavior of IBIS and Crawler. At the end of the three month probation period we re-tested Spyware Terminator, again finding no problems serious enough to justify listing the program on this page. As the vendor involved has not been involved in the distribution of adware for many months, and as the program itself exhibits no problems serious enough to warrant mention on this page, we have decided to de-list Spyware Terminator from the Rogue/Suspect list and can no longer regard the program to be "rogue/suspect."
http://www.spywarewarrior.com/rogue_anti-spyware.htm#spyterm_note

Let's do a bit more cleanup.

A.  Scan with HijackThis, check the following and select "Fix Checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/126p/html/gtdownlr.cab


B. I don't like the looks of this:  O20 - AppInit_DLLs: ,.  Don't remove it yet, but instead update ewido and run a new scan.

Please make sure you use these ewido settings
  • Select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • In the Settings screen click "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • DE-Select "Only if threats were found"
    • close ewido
Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Scanning and system cleaning with ewido. 
  • Lauch ewido-anti-spyware by double-clicking the icon on the desktop. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • ewido will now begin the scanning process.  Be patient as this may take a little time.
  • While scanning, ewido will list any infections found on the left side.
  • When the scan is completed, the recommended action should be set to Quarantine.  If not click Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right side.
  • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
  • Close ewido.

C.  Restart in normal mode and post the ewido log and a fresh HijackThis log. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Cherubs

  • Full Member
  • ***
  • Posts: 84
    • View Profile
Re: Oh Darn!!! I have the Zlob trojan - HELP Please....
« Reply #59 on: August 13, 2006, 10:48:05 PM »
Hi Corrine, I'm glad you said that about Spyware Terminator as I uninstalled it this morning before your post. I only put in on while I was getting rid of the zlob trojan and felt I had way too much on here now. Over that time that I had the trojan I must have downloaded about 6 or 7 different programs which I've now taken off except for the highhack and ewido ones. I also have my usual ones though, adaware and spybot still on here plus my nod32.

I'll do what you said right away.