Solved

How to remove zlob.downloader

Posted on 2006-07-02
7
17,715 Views
Last Modified: 2012-05-05
Spybot is detecting but unable to remove zlob.downloader.  The filename is stdole3.plb.  Also, IE has been hijacked and is going to sysnetsecurity.com.  What is the most effective way to remove this infection?  Thank you.
0
Comment
Question by:marathonman330
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Assisted Solution

by:jwphillips80
jwphillips80 earned 150 total points
ID: 17028511
0
 
LVL 8

Expert Comment

by:jwphillips80
ID: 17028512
A lot of the time, you can remove these nasty spyware things by having a good up-to-date spyware removal tool (like spybot or Ewido) and booting to Safe Mode to do the removal.  Just keep that in mind the next time you can't remove anything.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 100 total points
ID: 17028518
Greetings, marathonman330 !

Looks like you have a couple of visible symtoms of mailware.  I would suggest running a series of virus and mailware scanners to remove as much virus and mailware as you can.  Then use HijackThis is see you have anything left to remove.

To Check for virus, run one of the following online scanners.

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

To remove the mailware, run the following:

Spy Sweeper to remove spyware
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido to remove trojans
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.


Best wishes!
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 17029010
SmitfraudFix or smitrem will take care of it.

Please run either one of these tools then let us see a hijackthis log afterwards as war1 already suggested to make sure there are no other infections present.

1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
"smitfraudfix.cmd"
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.


OR:
2. Download SmitRem.exe and save the file to the Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double click on the file to extract it to it's own folder on the Desktop.

Now, reboot to Safe Mode:

Next, open the SmitRem folder
-Double click the "RunThis.bat" file to start the tool.
-Follow the prompts on screen.
The Desktop and icons disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while.
When done, the log created by the smitRem tool is located at C:\smitfiles.txt

Restart your computer.

Post the log from the smitRem tool, located at C:\smitfiles.txt.


0
 
LVL 97

Expert Comment

by:war1
ID: 17052156
marathonman330, any update?
0
 

Author Comment

by:marathonman330
ID: 17052293
Yes, the SmitfraudFix took care of it.  I then ran hijackthis and did an analysis and it looked clean.  Thank you.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17055493
Glad to hear you got rid of it.
Thanks!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now