Trouble removing Trojan.Zlob-X.a

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dood56, Nov 17, 2007.

  1. dood56

    dood56 Private E-2

    I recently acquired the Trojan.Zlob-X.a virus on my pc. I ran all the steps in the Malware removal FAQ and I have attached the two reports that it stated to attach. I never got a zip from the MGTools.exe so I can't attach one. Any help with this would be so awesome. I have Norton, but it did nothing in getting rid of this.
     

    Attached Files:

  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Welcome to MG's!

    I need all of the logs requested from the READ ME. If you can't get the logs from MGTools then run the steps below to attach the requested logs.

     
  3. dood56

    dood56 Private E-2

    Alright, I have run the updated READ ME. I have Vista so I ran AVG, runkeys, newfiles, and the Hijack This. I have enclosed all the logs so that you can help me with what I need to do next. I truly appreciate the assistance.
     

    Attached Files:

  4. dood56

    dood56 Private E-2

    Finally, here is the Hijack Logs.
     

    Attached Files:

  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please see this thread below...

    Running FixIEDef

    Once you have completed the above, attach fresh logs from the below.

    • GetRunKey
    • ShowNew
    • HijackThis
     
  6. dood56

    dood56 Private E-2

    I ran the FixIEDef per the instructions and have attached updated GetRunKey, ShowNew and Hijack files. Thanks again for your help and please let me know what my next step should be.
     

    Attached Files:

  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    We have updated our READ ME's and guides so let's get a log from running this.

    Go to the article below, download and run MGtools.exe. Once completed attach the file created called "MGLogs.zip".

    Vista Cleaning Procedure
     
  8. dood56

    dood56 Private E-2

    Sorry about the long wait between posts, but work and the holidays have been killing me. I do appreciate the help. As requested, I have attached the MGlogs zip file. Again thanks for the assistance and I will be quicker in performing any additional steps.
     

    Attached Files:

  9. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Sorry for the delay, been away for the holidays. Since it has been a few days run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  10. dood56

    dood56 Private E-2

    I re-ran the program as you requested and I am attaching the zip file. Thanks again for the help and hope you had a good holiday.
     

    Attached Files:

  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Something didn't go right, try my previous post once more.
     
  12. dood56

    dood56 Private E-2

    I am not sure what you need me to do. Do you need me to rerun the MGtools again? Or is there another scan you need.
     
  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    See this thread below...

    Using MGtools
     
  14. dood56

    dood56 Private E-2

    I ran the MGTools again and followed the directions exactly as the link stated I needed to do. I hope this is what you need. Sorry for the delay, but work has been killing me lately.
     

    Attached Files:

  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are more than likely having problems running MGtools because you do not have UAC disable as is required.

    Now we need to make sure to turn off UAC ( UAC = User Account Control )
    1. Click Start, and then click Control Panel.
    2. In Control Panel, click User Accounts.
    3. In the User Accounts window, click User Accounts.
    4. In the User Accounts tasks window, click Turn User Account Control on or off.
    5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
    6. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
    7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, I just want to be sure that a reboot has occurred since the first time that UAC was disabled.)
    • Now delete the current C:\MGtools.exe file you have. You do not need to delete the C:\MGtools folder.
    • Now download this MGtools.exe and make sure that you save it to your root folder on your Windows boot drive. This should be drive C Thus you should have C:\MGtools.exe
    • Now double click on C:\MGtools.exe and if you get any warnings about allowing it to run, just let it run.
    Now did it run properly. Did you get any error messages? Is there a C:\MGlogs.zip file you can attach?
     
  16. dood56

    dood56 Private E-2

    I do apologize for the long delay in replying. I have had some life issues I have been dealing with and just not have had the time to get to this. Anyhow, I followed your instructions verbatim. I did not receive any errors and have included the zip file. I hope this helps you out in trying to get this off my laptop. Thanks for the help.
     

    Attached Files:

    Last edited by a moderator: Mar 13, 2008
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on the this current log it looks like your problem may have been removed in the 2 months since you last posted. Are you still having problems? If yes, run the below and attach the requested log:

    Trojan.Win32.Agent.akk (aka IEDefender) Removal Procedure


    Even if you are not having problems, you need to do the below.


    Uninstall the below old versions of software:
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
     
  18. dood56

    dood56 Private E-2

    I haven't used the computer since my previous post, but I did not notice any problems when I was using it the other day. I will go ahead and reinstall the Java software. I truly appreciate your help with evrything concerning this!
    Ed
     
    Last edited by a moderator: Mar 13, 2008
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.


    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN
      • Now type combofix /u in the runbox and click OK.
      • Note: The space between the X and the /U, it must be there.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    7. If we had you run Avenger, you can delete all files related to Avenger now.
    8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
    9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    12. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    13. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds