remove zlob dns changer

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by herm67, Jun 27, 2008.

  1. herm67

    herm67 Private E-2

    hi,

    i have a zlob dns changer that was detected by Spybot. zlob continually hijacks my web pages sending me places i dont want to go. when i delete it using spybot everything works fine. however, whenever i turn the computer off and back on the zlob returns and spybot detects it again. i ran the fixwareout program i saw posted on this site and it said it could not flush zlob and deletion failed. i am back to square one and despearetly want to get rid of this thing..PLEASE HELP!!! The following is the info. obtained by the wareout program:



    i hope this helps explain to you what might be going because i have no idea what any of it means. thanks. i will check back over the weekend and pray someone has a solution for me.
     

    Attached Files:

    Last edited by a moderator: Jun 27, 2008
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  3. herm67

    herm67 Private E-2

    here are the logs for super anti spyware, combo fix and malware bytes. the file said the spyb ot log was too large, but i can tell you it did find the zlob dns changer as it always does. i will post the mg tools logs in the next reply. thanks again for the help and i will checl back in a couple days.
     

    Attached Files:

  4. herm67

    herm67 Private E-2

    here are the mg tools logs
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have a wareout infection> you started off right but you need to disable all anti-virus and spyware programs and disable Teatimer!

    Please download FixWareout by LonnyRJones from one of the two below links and save it to your desktop.

    http://downloads.subratam.org/Fixwareout.exe

    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    * Run Fixwareout.
    * Click Next,
    * then Install,
    * make sure Run fixit is checked
    * and click Finish.
    * The fix will begin; follow the prompts.
    * You will be asked to reboot your computer; please do so.
    * Your system may take longer than usual to load; this is normal.

    When you run fixwareout, just follow the prompts, you will need to restart when prompted.

    After rebooting (restart) back into normal boot mode, make sure you have all web browsers closed.

    * Go into Control Panel -->Network Connections.
    * Right click on your connection
    * and click Properties.
    * On the Properties page, highlight Internet Protocol(TCP/IP)
    * Click Properties. This will bring up another page.
    * Select Obtain DNS Server Automatically.
    * Click the ok button. The page will close.
    * Press ok on the page in front of you.
    * Restart the computer.
    * Reconnect to the Internet using Internet Explorer.
    * Now come back here and attach the log from fixwareout. It is located at c:\fixwareout\report.txt
     
  6. herm67

    herm67 Private E-2

    here are the logs you requested. after running fixwareout spybot was run again and is now saying it is not finding any immediate threats!! I did go online and tried a few sites and had no problems reaching them.. No browser page hijacks after five different sites. also, prior to changing my dns server to automatic it was showing a preferred dns server number but i forgot to write it down before setting to automatic. when I went back to check for the numbers nothing would come up. so far everything seems to be working right again. I will check back in a couple days for your response to the logs i provided and to let you know if there have been any relapses. Lets keep our fingers crossed!! thanks again for all of your help to this point.
     

    Attached Files:

  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know....:)
     
  8. herm67

    herm67 Private E-2

    all of my internet browsing is working perfectly thanks to you guys. thank you so much!!! You guys are the best and now my wife is off my back!!!

    The one problem that seems to have popped up is that when I turn on my computer and get to the desk top a pop up box appears with the following information:

    Line 1: SmartBridgeAlerts: MotiveSB.exe- Entry point not found

    Line 2: The procedure entry point GetProcessImageFileName W could not be located in the dynamic link library PSAPI.DLL.

    There is also a large red circle with an X through it near the left side of the pop up box. This does not appear to be causing any problems with the computer function, but i was wondering how to repair it because it is annoying. Any ideas?

    Note: The box does not say Line 1 and Line 2. I did that to separate the info for you. Thanks again for the help.
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Apparently this is a problem with many people after installing IE7 ....
    You should ask for further assistance in the software section for this issue.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2. Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox ( or whatever you renamed it to) and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds