Trouble removing Trojan.Zlob-X.a

[dood56]

I recently acquired the Trojan.Zlob-X.a virus on my pc. I ran all the steps in the Malware removal FAQ and I have attached the two reports that it stated to attach. I never got a zip from the MGTools.exe so I can't attach one. Any help with this would be so awesome. I have Norton, but it did nothing in getting rid of this.

[bjgarrick]

Welcome to MG's!

I need all of the logs requested from the READ ME. If you can't get the logs from MGTools then run the steps below to attach the requested logs.

Quote:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy Log - only for Windows XP, 2K, & NT users
• AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
• Bitdefender Log - from step 6
• Panda Scan Log - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis Log

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs![/FONT]

[dood56]

Alright, I have run the updated READ ME. I have Vista so I ran AVG, runkeys, newfiles, and the Hijack This. I have enclosed all the logs so that you can help me with what I need to do next. I truly appreciate the assistance.

[dood56]

Finally, here is the Hijack Logs.

[bjgarrick]

First, please see this thread below...

Running FixIEDef

Once you have completed the above, attach fresh logs from the below.

• GetRunKey
• ShowNew
• HijackThis

[dood56]

I ran the FixIEDef per the instructions and have attached updated GetRunKey, ShowNew and Hijack files. Thanks again for your help and please let me know what my next step should be.

[bjgarrick]

We have updated our READ ME's and guides so let's get a log from running this.

Go to the article below, download and run MGtools.exe. Once completed attach the file created called "MGLogs.zip".

Vista Cleaning Procedure

[dood56]

Sorry about the long wait between posts, but work and the holidays have been killing me. I do appreciate the help. As requested, I have attached the MGlogs zip file. Again thanks for the assistance and I will be quicker in performing any additional steps.

[bjgarrick]

Sorry for the delay, been away for the holidays. Since it has been a few days run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

[dood56]

I re-ran the program as you requested and I am attaching the zip file. Thanks again for the help and hope you had a good holiday.

[bjgarrick]

Something didn't go right, try my previous post once more.

[dood56]

I am not sure what you need me to do. Do you need me to rerun the MGtools again? Or is there another scan you need.

[bjgarrick]

Quote:

Originally Posted by dood56

I am not sure what you need me to do. Do you need me to rerun the MGtools again? Or is there another scan you need.

See this thread below...

Using MGtools

[dood56]

I ran the MGTools again and followed the directions exactly as the link stated I needed to do. I hope this is what you need. Sorry for the delay, but work has been killing me lately.

[chaslang]

You are more than likely having problems running MGtools because you do not have UAC disable as is required.

Now we need to make sure to turn off UAC ( UAC = User Account Control )

1. Click Start, and then click Control Panel.
2. In Control Panel, click User Accounts.
3. In the User Accounts window, click User Accounts.
4. In the User Accounts tasks window, click Turn User Account Control on or off.
5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
6. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, I just want to be sure that a reboot has occurred since the first time that UAC was disabled.)

• Now delete the current C:\MGtools.exe file you have. You do not need to delete the C:\MGtools folder.
• Now download this MGtools.exe and make sure that you save it to your root folder on your Windows boot drive. This should be drive C Thus you should have C:\MGtools.exe
• Now double click on C:\MGtools.exe and if you get any warnings about allowing it to run, just let it run.

Now did it run properly. Did you get any error messages? Is there a C:\MGlogs.zip file you can attach?

[dood56]

I do apologize for the long delay in replying. I have had some life issues I have been dealing with and just not have had the time to get to this. Anyhow, I followed your instructions verbatim. I did not receive any errors and have included the zip file. I hope this helps you out in trying to get this off my laptop. Thanks for the help.

[chaslang]

Based on the this current log it looks like your problem may have been removed in the 2 months since you last posted. Are you still having problems? If yes, run the below and attach the requested log:

Trojan.Win32.Agent.akk (aka IEDefender) Removal Procedure


Even if you are not having problems, you need to do the below.


Uninstall the below old versions of software:
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

[dood56]

I haven't used the computer since my previous post, but I did not notice any problems when I was using it the other day. I will go ahead and reinstall the Java software. I truly appreciate your help with evrything concerning this!
Ed

[chaslang]

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
12. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
13. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!