IOBit Software
|
IOBit Software
|
|
|
||||||
| Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient. |
 |
|
|
Thread Tools | Display Modes |
|
|
|
#1
11-07-06, 13:30
|
|||
|
|||
ZLOB Trojan
Hello MG Community,
I, too, have been attacked by a version of the ZLOB Trojan. My homepage has been hijacked (to iewarning.com ), where I'm prompted to buy some bogus anti-spyware software, e.g., Virus Burster and Malware Wipe. I've managed to get rid of the annoying "Critical System Error!" balloon--spelled "baloon"--message. I've joined your ranks and am following your recommended cleaning & scanning procedures. I'll post another message with my scans attached. Thanks in advance for all your help. Jeff Last edited by DavidGP; 11-07-06 at 13:58.. Reason: edited live hijacker URL to save anyone potentially using that bogus soft 
|
| Sponsored links |
|
|
|
#2
11-07-06, 23:40
|
||||
|
||||
Re: ZLOB Trojan
Welcome to MajorGeeks.com, please follow our standard cleaning procedures:
 Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
 Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log: Downloading, Installing, and Running HijackThis
In your next post, please make sure you attach the following logs and that you have run these scans in the following order:
|
|
#3
11-08-06, 14:44
|
|||
|
|||
|
ZLOB Trojan Recovery #1
Hello,
Thanks for the swift reply to my initial post. In summary, I have spyware on my PC that hijacks my browser (IE6) to this site: iewarning.com, where I'm prompted to purchase bugus software e.g., Malware Wipe. By the way I'm running Windows XP PRO 2002 SP2. I've followed your standard malware removal procedure, steps 0-7. It went well and I encountered only a few issues/problems. In step 4, I couldn't find the MS Windows Malicious Software Tool but did run the MS Windows Defender scan. In step 6A, I couldn't run the Bitdefender & Panda Active scans in the Safe Mode since I couldn't access the Internet; I ran the scans in the Normal mode. In step 6C, I could not take other courses of action, such such accessing "Special Removal Procedures." I can't navigate the MG support forum. (I get a message about the board moving to another site and try to clear the DNS cache. However, I can't flush the DNS cache from the command prompt using the ipconfig /flushdns command--it won't execute. My first three scans are attached for your information. I appreciate your help. Jeff Last edited by DavidGP; 11-08-06 at 14:51.. Reason: edite hijack url so others may not be infected
|
|
#5
11-08-06, 21:56
|
||||
|
||||
|
Re: ZLOB Trojan
Please look in Add/Remove Programs for the following and uninstall them if found:
VidCodecs SpyNoMore Viewpoint (Anything Viewpoint) Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME. Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them: isamonitor.exe ViewMgr.exe isamini.exe CDAC11BA.EXE Now scan with HijackThis and check the boxes for the following entries: ( Make sure ALL browser windows are closed when you click FIX ) O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\VidCodecs\isaddon.dll O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKCU\..\Run: [ccleaner] "C:\Spyware Removal Tools\CCleaner\ccleaner.exe" /AUTO O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EX Again, make sure ALL browser windows are closed when you click FIX. Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain: C:\Program Files\VidCodecs ← Delete this whole folder if it exist! C:\Program Files\Viewpoint ← Delete this whole folder if it exist! C:\Program Files\SpyNoMore ← Delete this whole folder if it exist! C:\WINDOWS\System32\drivers\CDAC11BA.EXE Next, run CCleaner to clean up cookies and temp files. NOW: Click Start > Run > type services.msc and Click OK Locate C-DillaCdaC11BA - Macrovision and RightClick on it to bring up the Service Properties Window. First: Stop the service by clicking the Stop Button. Next: Disable it by changing the Startup Type to Disabled and click Apply Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now. Also please attach a fresh HJT log.
|
| Sponsored links |
|
|
|
#6
11-09-06, 00:35
|
|||
|
|||
|
Re: ZLOB Trojan
Hello Friend,
It appears that the air marshall has shot dead the hijacker! I can now go directly to my home page. Much thanks for your help. I'm attaching my HJT scan for your review. One concern is the stubborness of the "VidCodec" BHO. What security software do you recommend? Jeff
|
|
#7
11-09-06, 05:32
|
||||
|
||||
|
Re: ZLOB Trojan
Have HJT fix the entry below. Once you complete this your log will be clean.
Quote:
|
|
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
