spycrusher and zlob virus

Welcome to Major Geeks!

Please attach the other 3 requested logs from the READ ME.

• CounterSpy - only for Windows XP, 2K, & NT users
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
• newfiles.txt - the log from ShowNew.bat
• HijackThis

 

Okay then uninstall CounterSpy now since we are finished with it.

What program is detecting SpyCrusher and zlob (which are the samething)? Is is NoAdware which is notorious for false positives? Please attach a log or cut and paste in exactly what is being found.


Also uninstall the below old Sun Java version:
J2SE Runtime Environment 5.0 Update 6


Are the below things that you installed?
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-40463F552DA4} - C:\Program Files\MyDailyVideo\bar\bin\askBar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-40463F552DA4} - C:\Program Files\MyDailyVideo\bar\bin\askBar.dll


Also what are the below?
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

 

Are you positive? Take a look at the below:

http://translate.google.com/transla...4&ct=result&prev=/search?q=ZSSnp211.exe&hl=en

http://www.liutilities.com/products/wintaskspro/processlibrary/domino/


Does anything in those links refresh your memory on what these may be for?

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-40463F552DA4} - C:\Program Files\MyDailyVideo\bar\bin\askBar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-40463F552DA4} - C:\Program Files\MyDailyVideo\bar\bin\askBar.dll

After clicking Fix, exit HJT.:

Now reboot in normal mode


Now locate the below folders and delete it if found:
C:\Program Files\MyDailyVideo
C:\Program Files\VMNTOO~1 or C:\Program Files\VMN Toolbar

Now run Ccleaner

Now attach a new HJT log

Are you having any current malware problems?

 

I do not know what they are exactly other than what the links refer to. So let's not delete them yet.

Complete my other steps first and attach the new log. Then tell me what problems if any your are having.

 

You never had a Zlob infection. It was blocked from being extract. Thus you have nothing to worry about. In addition Zlob is not a password stealer.

You attached HJT log from an improperly named HijackThis program. Your earlier log was fine but this one is not.

Also, why do I now see Stopzilla when I did not see it earlier and why is CounterSpy still installed when I asked you to uninstall it back in message # 5

Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

I was commenting based on the logs you attached. There were no signs of an active Zlob infection showing in any logs. Perhaps you removed it before coming here.

It is still wrong in your current log! You are getting your log from running this:

C:\Program Files\HijackThis\HijackThis.exe

See step 7 of the READ ME. It should be this:

C:\Program Files\HijackThis\analyse.exe

In your first HJT log in message # 3 you had the below which is not exactly what we asked for but was okay.

C:\Program Files\analyse\analyse.exe

Are you saying Stopzilla (which is not a favorite of mine) is finding problems now.

Sorry! It's gone now! Perhaps I had pulled up the older log.

That is a generic boiler plate. The key word is IF

Do you mean AVG Antivirus or AVG AntiSpyware? I assume you mean AVG AntiSpyware. If you subscribed to it, I would use it. You should not use multiple antispyware tools with realtime blocking capabilities.

 

Why did you install AVG Antivirus???? You did not have it installed before. Now you are violating step 3 of the READ ME. This was a bad thing to do. Make up your mind on whether you want AVG Antivirus or McAfee and uninstall one of them.

 

If you are not having anymore malware problems and if you have completed all the instructions in message # 12 then we are finished.

 

There aren't too many free realtime blockers. When your license expires, check out what is listed in the How to protect thread and which you prefer.