Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

need an explanation on trojan.zlob (urgent)

Please need an explanation on trojan.zlob?

I need a complete details on the  possible entry of this virus? How it spreads and how it works...

symantec offers little explantion I need more...

please its urgent!!! have 20 minutes left to submit my reports... thanks
0
JackOfPH
Asked:
JackOfPH
1 Solution
 
PhreonxCommented:
Hello,
what follows is copied straight from the web. I could have made a more careful job in providing these information but you are in a hurry. Hope it helps:

Troj/Zlob-JW is a Trojan for the Windows platform.

When Troj/Zlob-JW is installed the following files are created:

<System>\simpole.tlb
<System>\stdole3.tlb

The file hpD1A.tmp is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)
HKCR\CLSID\(F79FD28E-36EE-4989-AA61-9DD8E30A82FA)

Troj/Zlob-JW changes Start Page and search settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Search\
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\(default)

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.

Navigate to the subkey and delete value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value: "nvctrl.exe" = "nvctrl.exe"

Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}

5. Exit the Registry Editor.

Hope I helped ;)
Good luck
0
 
JackOfPHAuthor Commented:
its- kinda late but thanks anyway...
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now