AVG found Trojan ZLOB, WQZ & WTK HELP!

How do I get rid of these THorse's
I do have HJT log if needed
THANK YOU ! FOR READING

Trojan horse Downloader.Zlob.AZZ C:\WINDOWS\system32\regperf.exe regperf.exe
Trojan horse Downloader.Zlob.BDI C:\WINDOWS\system32\hp100.tmp hp100.tmp
Trojan horse Downloader.Zlob.BTA C:\WINDOWS\system32\simpole.tlb simpole.tlb
Trojan horse Downloader.Zlob.CSC C:\WINDOWS\system32\ld101.tmp ld101.tmp
Trojan horse Generic.WQZ C:\WINDOWS\system32\guxxa.dll guxxa.dll
Trojan horse Generic.WTK C:\WINDOWS\system32\1024\ld4C8A.tmp ld4C8A.tmp
Trojan horse Generic.WTK C:\WINDOWS\system32\1024\ld42C6.tmp ld42C6.tmp

 

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support Paying attention to the special removal procedures link
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat[/B]
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

THANKS, I think that got rid of them, I'm not sure which scan did it but I think I'm okay now!!!! THANKS AGAIN!!, I will follow those steps first next time
I I hope there is no next time

 

okay, not a problem.....will do

 

it seems clean now, but I was told to post my logs anyway to make sure,
let me know if you need any other info. THANKS for all your help
bsfisher

 

you want me to run the SmitfraudFix (by S!Ri) to my Desktop first???? before I download any current program versions?

http://www.beyondlogic.org/consulting/proc...processutil.htm comes up with a broken link?

I know I had updated those programs within the last 6-9 months but then I got infected and I couldn't even come up in safe mode my HP laptop (zt1170) would power off, (I think I also may have a fan or heatsink problem also?) after I get rid of these bugs I will try and diaganose that problem.......but I was able to go back to a prev. date and was finally able to logon, I think by going back probably screwed up what I thought was current version downloads.

I know I went out and got all the updates for everything but I may not have had the current versions running, I know with spybot you had to get the new version and I had done that before, but maybe my going back messed that upalso .....

I'll start by getting the most current program versions then the updates, or do you want me to do the SmitfraudFix steps first?
-Scott

 

smitfraudFix ran and rapport.txt log is attached

 

smitfraudFix ran and rapport.txt log is attached

 

Todays Logs attached: rapport / showNew / HJT Log (v.1.98.2)

 

Sorry, But I never received an answer when I asked if you wanted me to update those programs before I do the READ & RUN ME ow your very busy, so I went ahead and ran the R&R ME steps and to see if that was clean before I updated those pgms. I did the READ & RUN ME and it looked like the virus was gone but when you looked at my logs from R&R ME you say I was still infected and scolded me for not updating those programs and the HJT needed to scan in normal mode but no where did you say to be in normal mode, the last you said was be in safe mode and also attach HJT and ShowNew logs, sorry for not running them in normal mode. It's hard to remember which mode to be in, safe, normal, normal safe , save here, save there, rename XXX to yyy then a page later instructed to RUN XXX but it is now named yyy and saved in /here not /there all very confusing as if R&R ME was written by a programmer?

I thought I was clean but you say my previous logs show I was infected
I have removed all the old/outdated pgms as you told me to
I have downloaded new pgms as instructed....spybot, java, firefox
Do you want to see new HJT logs in normal mode?
Do you want to see ShowNew logs? normal or safe mode?
Do I need to start over and do the READ & RUN ME again?

now I'm getting "ERROR SENDING RESPONSE TO KEYBOARD"

"Reboot your computer into Safe Mode per the safe directions in the READ & RUN ME.

Open the SmitfraudFix Folder of your Desktop, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. BUT Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach this log along in your next reply.

After doing the above and attach the new rapport.txt log, also attach a new HJT log and a new log from ShowNew!"

 

HJT & newfiles logs attached from today 9/17

other than the "command to keyboard" error, this lap top is shutting down after an hour or two so I'm trying to determin if it's a virus, or bad HD or bad fan/heatsink?

when I was first infected, I could run firefox okay but when I used IE the AVG virus window pop up showed I was infected with Trojan ZLOB,WQZ,WTK
now after doing the read me first and run steps that pop up is gone, but after I showed logs you say I was still infected.

I hope these new logs help THANKS -BSF

 

Will I ever get it right
if there is ever a next time, I will read, re-read and re-read again
I have printed and saved all your post and will follow the steps to protect against malware
THANK YOU!! THANK YOU!! THANK YOU!! for all your help!!