Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 17744
  • Last Modified:

How to remove zlob.downloader

Spybot is detecting but unable to remove zlob.downloader.  The filename is stdole3.plb.  Also, IE has been hijacked and is going to sysnetsecurity.com.  What is the most effective way to remove this infection?  Thank you.
0
marathonman330
Asked:
marathonman330
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
jwphillips80Commented:
A lot of the time, you can remove these nasty spyware things by having a good up-to-date spyware removal tool (like spybot or Ewido) and booting to Safe Mode to do the removal.  Just keep that in mind the next time you can't remove anything.
0
 
war1Commented:
Greetings, marathonman330 !

Looks like you have a couple of visible symtoms of mailware.  I would suggest running a series of virus and mailware scanners to remove as much virus and mailware as you can.  Then use HijackThis is see you have anything left to remove.

To Check for virus, run one of the following online scanners.

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

To remove the mailware, run the following:

Spy Sweeper to remove spyware
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido to remove trojans
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.


Best wishes!
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
rpggamergirlCommented:
SmitfraudFix or smitrem will take care of it.

Please run either one of these tools then let us see a hijackthis log afterwards as war1 already suggested to make sure there are no other infections present.

1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
"smitfraudfix.cmd"
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.


OR:
2. Download SmitRem.exe and save the file to the Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double click on the file to extract it to it's own folder on the Desktop.

Now, reboot to Safe Mode:

Next, open the SmitRem folder
-Double click the "RunThis.bat" file to start the tool.
-Follow the prompts on screen.
The Desktop and icons disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while.
When done, the log created by the smitRem tool is located at C:\smitfiles.txt

Restart your computer.

Post the log from the smitRem tool, located at C:\smitfiles.txt.


0
 
war1Commented:
marathonman330, any update?
0
 
marathonman330Author Commented:
Yes, the SmitfraudFix took care of it.  I then ran hijackthis and did an analysis and it looked clean.  Thank you.
0
 
rpggamergirlCommented:
Glad to hear you got rid of it.
Thanks!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now