Solved

need an explanation on trojan.zlob (urgent)

Posted on 2006-06-19
2
210 Views
Last Modified: 2013-12-04
Please need an explanation on trojan.zlob?

I need a complete details on the  possible entry of this virus? How it spreads and how it works...

symantec offers little explantion I need more...

please its urgent!!! have 20 minutes left to submit my reports... thanks
0
Comment
Question by:JackOfPH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
Phreonx earned 500 total points
ID: 16932910
Hello,
what follows is copied straight from the web. I could have made a more careful job in providing these information but you are in a hurry. Hope it helps:

Troj/Zlob-JW is a Trojan for the Windows platform.

When Troj/Zlob-JW is installed the following files are created:

<System>\simpole.tlb
<System>\stdole3.tlb

The file hpD1A.tmp is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)
HKCR\CLSID\(F79FD28E-36EE-4989-AA61-9DD8E30A82FA)

Troj/Zlob-JW changes Start Page and search settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Search\
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\(default)

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.

Navigate to the subkey and delete value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value: "nvctrl.exe" = "nvctrl.exe"

Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}

5. Exit the Registry Editor.

Hope I helped ;)
Good luck
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 16939187
its- kinda late but thanks anyway...
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question