trojan.zlob.g

hatesviruses · Dec 7, 2008

Hey people, a Trojan.Zlob.G warning keeps popping up on my computer. When opening my web browser, it brings up a message saying that my computer has been infected and gives a link to a fake virus protection program called defender. It also causes my web browser to close. it also causes a fake system warning to pop up, where only one option can be clicked, which i stupidly clicked, but nothing seemed to change when i clicked it. So i've ron symantec antivirus, superantispyware, and spybot, and cleared everything they've found.
i also ran ATFcleaner.

Edit by bjgarrick: Inline HJT log removed. READ & RUN ME sticky not followed.

UPDATE:
a found on a forum that two files were causing the browser and warning problems: 'spcffwl.dll' and 'kjzna1562565.exe' in C:\Documents and Settings\<myusername>\Application Data\Google.
i changed their names and the browser problem stopped. I booted in safety mode and used spybot shredder to delete a descendent of the files (they kept regenerating when i shredded in not safe mode). so the problem is now gone, but im afraid that there is something sinister still lurking.
any help is much appreciated!!!
cheers

hatesviruses · Dec 7, 2008

ahh, what did i do wrong with attaching my hjt log?

dr.moriarty · Dec 9, 2008

We do not ask for a HJT log only, hatesviruses - we ask that you run the procedures below, which will give us ALL the requested logs.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Links are given in the Step 2: Installing Tools and Running Scans section for downloading the definitions for the MBAM & SAS scanners. Then copy them to the problem PC. Yes, you could use a flash drive too but flash drives are writeable and infections can spread to them.

Thanks!
dr.m

hatesviruses · Dec 10, 2008

hello,
I have done all the steps in the read me and run me link. As I have written before, i deleted the two files which were causing the problem; but i do not know if i deleted them correctly, nor whether there was another main problem underlying them. I want to make sure because I'm worried about the pop up message we said that the program was watching my computer for passwords etc. So anyway, I have done the toggle system restore as well.
logs attaced

hatesviruses · Dec 10, 2008

and the other logs.
Thanks for your help!!!

dr.moriarty · Dec 13, 2008

I'm looking over your logs, hatesviruses

dr.m

dr.moriarty · Dec 13, 2008

:major

You did a good job, hatesviruses -- nothing was found in your logs.

It is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (=This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

If we had you run Avenger, you can delete all files related to Avenger now.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware

Click to expand...

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

hatesviruses · Mar 8, 2009

thanks for your help guys

dr.moriarty · Mar 9, 2009

You're welcome!

:major

Log in or Sign up

trojan.zlob.g

hatesviruses Private E-2

hatesviruses Private E-2

dr.moriarty Malware Super Sleuth Staff Member

hatesviruses Private E-2

Attached Files:

log.txt

mbam-log-2008-12-11 (08-04-38).txt

SASlog.txt

hatesviruses Private E-2

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

hatesviruses Private E-2

dr.moriarty Malware Super Sleuth Staff Member