Solved

need an explanation on trojan.zlob (urgent)

Posted on 2006-06-19
2
206 Views
Last Modified: 2013-12-04
Please need an explanation on trojan.zlob?

I need a complete details on the  possible entry of this virus? How it spreads and how it works...

symantec offers little explantion I need more...

please its urgent!!! have 20 minutes left to submit my reports... thanks
0
Comment
Question by:JackOfPH
2 Comments
 
LVL 4

Accepted Solution

by:
Phreonx earned 500 total points
Comment Utility
Hello,
what follows is copied straight from the web. I could have made a more careful job in providing these information but you are in a hurry. Hope it helps:

Troj/Zlob-JW is a Trojan for the Windows platform.

When Troj/Zlob-JW is installed the following files are created:

<System>\simpole.tlb
<System>\stdole3.tlb

The file hpD1A.tmp is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)
HKCR\CLSID\(F79FD28E-36EE-4989-AA61-9DD8E30A82FA)

Troj/Zlob-JW changes Start Page and search settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Search\
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\(f79fd28e-36ee-4989-aa61-9dd8e30a82fa)\(default)

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.
4. Delete any values added to the registry.

Navigate to the subkey and delete value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value: "nvctrl.exe" = "nvctrl.exe"

Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
\{724510C3-F3C8-4FB7-879A-D99F29008A2F}

5. Exit the Registry Editor.

Hope I helped ;)
Good luck
0
 
LVL 15

Author Comment

by:JackOfPH
Comment Utility
its- kinda late but thanks anyway...
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now