Solved

How to remove zlob.downloader

Posted on 2006-07-02
7
17,712 Views
Last Modified: 2012-05-05
Spybot is detecting but unable to remove zlob.downloader.  The filename is stdole3.plb.  Also, IE has been hijacked and is going to sysnetsecurity.com.  What is the most effective way to remove this infection?  Thank you.
0
Comment
Question by:marathonman330
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Assisted Solution

by:jwphillips80
jwphillips80 earned 150 total points
Comment Utility
0
 
LVL 8

Expert Comment

by:jwphillips80
Comment Utility
A lot of the time, you can remove these nasty spyware things by having a good up-to-date spyware removal tool (like spybot or Ewido) and booting to Safe Mode to do the removal.  Just keep that in mind the next time you can't remove anything.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 100 total points
Comment Utility
Greetings, marathonman330 !

Looks like you have a couple of visible symtoms of mailware.  I would suggest running a series of virus and mailware scanners to remove as much virus and mailware as you can.  Then use HijackThis is see you have anything left to remove.

To Check for virus, run one of the following online scanners.

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

To remove the mailware, run the following:

Spy Sweeper to remove spyware
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido to remove trojans
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.


Best wishes!
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
Comment Utility
SmitfraudFix or smitrem will take care of it.

Please run either one of these tools then let us see a hijackthis log afterwards as war1 already suggested to make sure there are no other infections present.

1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
"smitfraudfix.cmd"
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.


OR:
2. Download SmitRem.exe and save the file to the Desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double click on the file to extract it to it's own folder on the Desktop.

Now, reboot to Safe Mode:

Next, open the SmitRem folder
-Double click the "RunThis.bat" file to start the tool.
-Follow the prompts on screen.
The Desktop and icons disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while.
When done, the log created by the smitRem tool is located at C:\smitfiles.txt

Restart your computer.

Post the log from the smitRem tool, located at C:\smitfiles.txt.


0
 
LVL 97

Expert Comment

by:war1
Comment Utility
marathonman330, any update?
0
 

Author Comment

by:marathonman330
Comment Utility
Yes, the SmitfraudFix took care of it.  I then ran hijackthis and did an analysis and it looked clean.  Thank you.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Glad to hear you got rid of it.
Thanks!
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now