Solved

How to remove zlob.downloader

Posted on 2006-07-02
7
17,719 Views
Last Modified: 2012-05-05
Spybot is detecting but unable to remove zlob.downloader.  The filename is stdole3.plb.  Also, IE has been hijacked and is going to sysnetsecurity.com.  What is the most effective way to remove this infection?  Thank you.
0
Comment
Question by:marathonman330
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Assisted Solution

by:jwphillips80
jwphillips80 earned 150 total points
ID: 17028511
0
 
LVL 8

Expert Comment

by:jwphillips80
ID: 17028512
A lot of the time, you can remove these nasty spyware things by having a good up-to-date spyware removal tool (like spybot or Ewido) and booting to Safe Mode to do the removal.  Just keep that in mind the next time you can't remove anything.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 100 total points
ID: 17028518
Greetings, marathonman330 !

Looks like you have a couple of visible symtoms of mailware.  I would suggest running a series of virus and mailware scanners to remove as much virus and mailware as you can.  Then use HijackThis is see you have anything left to remove.

To Check for virus, run one of the following online scanners.

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

To remove the mailware, run the following:

Spy Sweeper to remove spyware
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido to remove trojans
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.


Best wishes!
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 17029010
SmitfraudFix or smitrem will take care of it.

Please run either one of these tools then let us see a hijackthis log afterwards as war1 already suggested to make sure there are no other infections present.

1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
"smitfraudfix.cmd"
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.


OR:
2. Download SmitRem.exe and save the file to the Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double click on the file to extract it to it's own folder on the Desktop.

Now, reboot to Safe Mode:

Next, open the SmitRem folder
-Double click the "RunThis.bat" file to start the tool.
-Follow the prompts on screen.
The Desktop and icons disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while.
When done, the log created by the smitRem tool is located at C:\smitfiles.txt

Restart your computer.

Post the log from the smitRem tool, located at C:\smitfiles.txt.


0
 
LVL 97

Expert Comment

by:war1
ID: 17052156
marathonman330, any update?
0
 

Author Comment

by:marathonman330
ID: 17052293
Yes, the SmitfraudFix took care of it.  I then ran hijackthis and did an analysis and it looked clean.  Thank you.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17055493
Glad to hear you got rid of it.
Thanks!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Standalone trial or freeware to do SSL scan 4 57
Adnexus.net keeps getting hit from OpenDNS 12 61
SMB Signing issues 5 24
Fraud Email 11 40
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question