• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

need an explanation on trojan.zlob (urgent)

Please need an explanation on trojan.zlob?

I need a complete details on the  possible entry of this virus? How it spreads and how it works...

symantec offers little explantion I need more...

please its urgent!!! have 20 minutes left to submit my reports... thanks
0
JackOfPH
Asked:
JackOfPH
1 Solution
 
PhreonxCommented:
Hello,
what follows is copied straight from the web. I could have made a more careful job in providing these information but you are in a hurry. Hope it helps:

Troj/Zlob-JW is a Trojan for the Windows platform.

When Troj/Zlob-JW is installed the following files are created:

<System>\simpole.tlb
<System>\stdole3.tlb

The file hpD1A.tmp is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)
HKCR\CLSID\(F79FD28E-36EE-4989-AA61-9DD8E30A82FA)

Troj/Zlob-JW changes Start Page and search settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Search\
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\(default)

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.

Navigate to the subkey and delete value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value: "nvctrl.exe" = "nvctrl.exe"

Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}

5. Exit the Registry Editor.

Hope I helped ;)
Good luck
0
 
JackOfPHAuthor Commented:
its- kinda late but thanks anyway...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now