Trojan Zlob Virus - U2 Feedback

Go Back   U2 Feedback > ZOOTV > Restart and Reboot Yourself
Click Here to Login
Reply
 
Thread Tools Search this Thread Display Modes
 
Old 07-02-2006, 09:32 AM   #1
Rock n' Roll Doggie
ALL ACCESS
 
Got Philk?'s Avatar
 
Join Date: Jan 2004
Location: Arizona, Tacoma, Philadelphia ,Atlanta, LA...
Posts: 6,875
Local Time: 06:41 AM
Trojan Zlob Virus

Hi peeps,
Has anyone here gotten on there computer the "Trojan Zlob virus"?

If so, can anyone tell me how to get rid of it?

Here's what I've done so far...
I have symnatec and it's fully updated, actually every time I turn on the computer, it says it locates the threat and deletes it. But it comes back every time. And pop ups come on my screen all day long.

Anyway, I also have Ad-Aware and it locates nothing.

I have run both of these in safe mode as well.

If anyone has had and gotten rid of this trojan zlob virus, please help!
thanks,
Phil
__________________

__________________
Got Philk? is offline   Reply With Quote
Old 07-02-2006, 09:38 AM   #2
Blue Crack Supplier
 
waynetravis's Avatar
 
Join Date: Dec 2005
Location: Hull, UK
Posts: 36,231
Local Time: 11:41 AM

i keep getting a virus alert pop-up too, and i get an alert icon in my taskbar!
i'v had it since yesterday.

i've ran both virus and spyware searches on my computer but it does'nt seem to clear it.
__________________

__________________
waynetravis is offline   Reply With Quote
Old 07-02-2006, 11:23 AM   #3
Rock n' Roll Doggie
 
U2dork's Avatar
 
Join Date: Aug 2002
Location: Athens, GA
Posts: 3,852
Local Time: 05:41 AM
Here's the information that Symantec has on it...

http://securityresponse.symantec.com...an.zlob.l.html

Sounds like you'll have to delete some files yourself. What a headache...
__________________
U2dork is offline   Reply With Quote
Old 07-02-2006, 07:50 PM   #4
Rock n' Roll Doggie
ALL ACCESS
 
U2SavesTheWorld's Avatar
 
Join Date: Aug 2002
Location: sundries and such
Posts: 7,405
Local Time: 04:41 AM
I got it last week and it almost crashed my entire system. It was awful.

I got this:

http://www.spynomore.net/?hop=cview

It was $20 and it cleaned the whole thing up. I read some other reviews about the "self-fix" and they said its very dangerous because the virus actually creates fake files that need to be deleted but once you do, it starts crashing immediately.

Anyway, it was definitely worth the $20!
__________________
U2SavesTheWorld is offline   Reply With Quote
Old 07-02-2006, 08:44 PM   #5
Blue Crack Addict
 
Liesje's Avatar
 
Join Date: Mar 2002
Location: In the dog house
Posts: 19,557
Local Time: 05:41 AM
This one is pretty bad. I worked on it for a while now and I'm at a loss of what to do besides the registry hacks (which are always a last resort for me since they can take so long). He has tried everything. Symantec and Adaware, even in Safe Mode, have been worthless. I've manually deleted the files that Symantec's real time protection is pointing out, I've removed several files from the selective startup, and I've even maimed Internet Explorer so that the pop-ups would stop.

I think the registry hacks are the only thing left for us to try.
__________________
Liesje is offline   Reply With Quote
Old 07-02-2006, 11:09 PM   #6
Rock n' Roll Doggie
ALL ACCESS
 
Got Philk?'s Avatar
 
Join Date: Jan 2004
Location: Arizona, Tacoma, Philadelphia ,Atlanta, LA...
Posts: 6,875
Local Time: 06:41 AM
The thing is, I've tried some things that I've read on the forums dealing with this thing and the pop ups seem to have stopped.

However, if I go looking into my C: drive for whatever, the pop ups still come back. So I know it isn't gone, I just don't know where it's coming from now...

Scary...
__________________
Got Philk? is offline   Reply With Quote
Old 07-03-2006, 12:35 AM   #7
Blue Crack Addict
 
nbcrusader's Avatar
 
Join Date: Aug 2002
Location: Southern California
Posts: 22,071
Local Time: 02:41 AM
Symantex recommends the registry hacks:

o delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.

1. Click Start > Run.
2. Type regedit
3. Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

4. Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

5. In the right pane, delete the value:

"nvctrl.exe" = "nvctrl.exe"

6. Navigate to and delete the following subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}

7. Exit the Registry Editor.
__________________

__________________
nbcrusader is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 05:41 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Design, images and all things inclusive copyright © Interference.com