?
Solved

How to remove zlob.downloader

Posted on 2006-07-02
7
Medium Priority
?
17,727 Views
Last Modified: 2012-05-05
Spybot is detecting but unable to remove zlob.downloader.  The filename is stdole3.plb.  Also, IE has been hijacked and is going to sysnetsecurity.com.  What is the most effective way to remove this infection?  Thank you.
0
Comment
Question by:marathonman330
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Assisted Solution

by:jwphillips80
jwphillips80 earned 600 total points
ID: 17028511
0
 
LVL 8

Expert Comment

by:jwphillips80
ID: 17028512
A lot of the time, you can remove these nasty spyware things by having a good up-to-date spyware removal tool (like spybot or Ewido) and booting to Safe Mode to do the removal.  Just keep that in mind the next time you can't remove anything.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 400 total points
ID: 17028518
Greetings, marathonman330 !

Looks like you have a couple of visible symtoms of mailware.  I would suggest running a series of virus and mailware scanners to remove as much virus and mailware as you can.  Then use HijackThis is see you have anything left to remove.

To Check for virus, run one of the following online scanners.

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

To remove the mailware, run the following:

Spy Sweeper to remove spyware
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido to remove trojans
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.


Best wishes!
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1000 total points
ID: 17029010
SmitfraudFix or smitrem will take care of it.

Please run either one of these tools then let us see a hijackthis log afterwards as war1 already suggested to make sure there are no other infections present.

1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
"smitfraudfix.cmd"
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.


OR:
2. Download SmitRem.exe and save the file to the Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double click on the file to extract it to it's own folder on the Desktop.

Now, reboot to Safe Mode:

Next, open the SmitRem folder
-Double click the "RunThis.bat" file to start the tool.
-Follow the prompts on screen.
The Desktop and icons disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while.
When done, the log created by the smitRem tool is located at C:\smitfiles.txt

Restart your computer.

Post the log from the smitRem tool, located at C:\smitfiles.txt.


0
 
LVL 97

Expert Comment

by:war1
ID: 17052156
marathonman330, any update?
0
 

Author Comment

by:marathonman330
ID: 17052293
Yes, the SmitfraudFix took care of it.  I then ran hijackthis and did an analysis and it looked clean.  Thank you.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17055493
Glad to hear you got rid of it.
Thanks!
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
A look at what happened in the Verizon cloud breach.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question