Solved

need an explanation on trojan.zlob (urgent)

Posted on 2006-06-19
2
212 Views
Last Modified: 2013-12-04
Please need an explanation on trojan.zlob?

I need a complete details on the  possible entry of this virus? How it spreads and how it works...

symantec offers little explantion I need more...

please its urgent!!! have 20 minutes left to submit my reports... thanks
0
Comment
Question by:JackOfPH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
Phreonx earned 500 total points
ID: 16932910
Hello,
what follows is copied straight from the web. I could have made a more careful job in providing these information but you are in a hurry. Hope it helps:

Troj/Zlob-JW is a Trojan for the Windows platform.

When Troj/Zlob-JW is installed the following files are created:

<System>\simpole.tlb
<System>\stdole3.tlb

The file hpD1A.tmp is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)
HKCR\CLSID\(F79FD28E-36EE-4989-AA61-9DD8E30A82FA)

Troj/Zlob-JW changes Start Page and search settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Search\
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\(default)

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.

Navigate to the subkey and delete value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value: "nvctrl.exe" = "nvctrl.exe"

Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}

5. Exit the Registry Editor.

Hope I helped ;)
Good luck
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 16939187
its- kinda late but thanks anyway...
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question