Jump to content

Trojan. Zlob


Lilstormcloud

Recommended Posts

Well from what the program tells me I have 4 infected items, but from what I read about the trojan I don't seem to have any of the symptoms, infact the computer is running completely fine. but an infection is an infection so I tried removing it, i'm running vista so I had to disable account control to let it remove it at startup. so far no luck though i tried removing it 4 times, but each time I rescan it tells me the same 4 trojans are still there but there's nothing wrong with my PC and the 4 files the program is referring to I cant even find them. is this a false alert?

Malwarebytes' Anti-Malware 1.28

Database version: 1211

Windows 6.0.6001 Service Pack 1

15/10/2008 1:54:56 p.m.

mbam-log-2008-10-15 (13-54-47).txt

Scan type: Quick Scan

Objects scanned: 40948

Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.

C:\Users\Public\Favorites\һ

mbam_log_2008_10_15__13_54_47_.txt

mbam_log_2008_10_15__13_54_47_.txt

Link to post
Share on other sites

just thought I'd add that after searching my pc the infected files mentioned in the log file was nowhere to be found, but I find it disturbing that it says C:\Users\Default\My Documents\My Music\My Music.url, C:\Users\Default\My Documents\My Pictures\My Pictures.url, and etc because in vista unlike xp there is no "my" in front of pictures, music, documents and etc as for the .url afterwards I've got no idea what that's supposed to mean. it just doesn't seem the programm could make up something this weird. but who knows.

Link to post
Share on other sites

came back to check noticed I attached the wrong log file sorry. this onhe is the developers one. i hope.

Files Infected:

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013

7806886787079858461469001468684746861469001468684746815868377]

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013

7806886787079858461469001497468858683708461469001497468858683708415868377]

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013

780688678707985846146900155746970808461469001557469708015868377]

C:\Users\Public\Favorites\メサニエメヨノ酩・ (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761548470838461498667777468613966878

0837485708461416453967141443750420

Malwarebytes' Anti-Malware 1.28

Database version: 1211

Windows 6.0.6001 Service Pack 1

15/10/2008 2:08:23 p.m.

mbam-log-2008-10-15 (14-08-21).txt

Scan type: Quick Scan

Objects scanned: 41412

Time elapsed: 1 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013

7806886787079858461469001468684746861469001468684746815868377]

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013

7806886787079858461469001497468858683708461469001497468858683708415868377]

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013

780688678707985846146900155746970808461469001557469708015868377]

C:\Users\Public\Favorites\һ

mbam_log_2008_10_15__14_08_21_.txt

mbam_log_2008_10_15__14_08_21_.txt

Link to post
Share on other sites

thanks for confirming, but the problem is I tried deleteing them a thousand times but each time I rescan they're still there. it wouldn't even be such a problem if I can find those files myself and delete them manually but like I said those folders "my music" etc etc don't even exist on vista never mind finding them. I've disabled account control so the program can load on startup so it can "delete on reboot" but that doesn't work either i tried clearing cache cookies etc etc but nothing gets rid of it further more the computer is fine no fake alerts no pop ups telling me to buy stuff no slow down. i would love to delete them but I just don't know how.

Link to post
Share on other sites

Hi there,

I`ve got exactly the same problem as you with Trojan.Zlob, have a read of the thread I started in The HJT forum. Those files indicated as infected are not your normal files, I think they are something to do with the Media Centre. A site called <malicious site removed> is available from media centre, from that site you can LEGALLY d/load music and video etc. I think that is where the files are from.

When you do a scan and you get the results the infected files are shown within Malwarebytes, right click on any one of them. You can now select the option to jump to that file, do it. Right click again on that file and choose option to scan again with Malwarebytes.

Ive done that with all of the "alleged" infected files. each one comes up clean. I find that very strange and worrying. A general quick scan finds those files "infected". A direct scan on the chosen file only, comes up clean. I`ve also done direct scans on each file with my other security programs. AVG Professional and Spybot S&D.

A guy named 1972Vet indicated that these files on my lappy maybe false positives, but i`ve not had any confirmation. Are you using the free version of Malwarebytes or the paid for, i`m using the free one. Please let me know if you find any more info on this.

Cheers,

Kev.

Edited by JeanInMontana
The site is the source of your Zlob regardless of whether or not it is legal.
Link to post
Share on other sites

hmm come to think of it my wife did download limewire a few days before the trojans appeared it's a new computer so I'm pretty sure it was clean before that. thanks that might just be the problem. Yes I did jump to location. it sent me to the users folder, it had "my music" except it was only "music" because of windows vista name change etc. i checked in the documents folder there was the limewire folder and a few other things nothing suspicious. deep scanned the whole PC with avast latest update and it said the PC was clean. Funny though because I knew limewire had some weird stuff on the network so I advised my wife to only download files that are not exe and larger than 2mb after she transfers it to the mp4 she also deletes all the files she downloaded just to be safe. knowing some of these programs have adware with them too I scanned the computer with malwarebytes the day she downloaded limewire, it came up completely clean. she scanned it again the following day, that's when the trojans were found. I don't know what happened?? anyway I'm using the free version of the program too, maybe that's the problem lol.

Link to post
Share on other sites

Limewire, a bit of a bad reputation me thinks. I`m really bemused as to why a general scan finds these infections and yet a direct scan with the same program (Malwarebytes) on the supposedly infected file comes up clean.

The "infected" files on my lappy are contained within a bundled program that was preinstalled when I bought it. I`ve not had any problems whatsoever, the lappy works great. I`ve just tried out Superantispyware and it comes up clean aswell.

My thread on the HJT forum seems to have come to a halt, not sure if any of the experts have given up on me.

I`m not really sure what to do next, I think the problematic files I have are harmless. If Malwarebytes cant solve it i`ll probably stop using it. Its a shame really because it is a really good program. I was thinking of buying it, but will have to think about now.

Kev.

Link to post
Share on other sites

OK a general answer to both of you. I have discussed this with the lead developer and it is malware. You can't find it because it is malware. File sizes and "non.exe" won't save you from malware. P2P is risky behavior, and will get you infected. Free or paid MBAM works exactly the same in removal. @ Kevin 1972vet has pmed me about this. I will have nosirrah post to this thread.

Link to post
Share on other sites

Hi Jean,

Thanks for the response, I`ve managed to finally get rid of my problems. Eventually located the files (might work for you Lilstormcloud) I`m still not convinced that it was malware. Show hidden files and folders > navigate to C: > User > Default. I could now see the three problem files. I then deleted the files, ran crap cleaner then re-booted. Ran a quick scan with Malwarebytes, all ok. Scan clean. Hide files and folders.

I`m going to list my Malwarebytes log and a new HJT log in my thread in the HJT forum for one of the moderators to have a look.

Kev.

Link to post
Share on other sites

Hi Jean,

Really sorry if i`ve confused things, I`m no expert with computers as you`ve probably guessed. I only started about a year ago after I retired from work prematurely due to a serious accident.

I never meant for Lilstormcloud to follow what I did, nor did I think for one minute that his problem was the same as mine. The poster did say that they could not find the problem files indicated by Malwarebytes, I thought that if he selected show hidden files/folders like I did maybe that might show them.

I have replied to 1972Vet in the HJT forum again, hopefully that reply gives a better view of what I did and why.

If you choose to reply again will you leave the thread open so I can read it, I`m going away later today and will not be back home until Sunday 5pm GMT.

Just to clarify a point that you made. I don`t use P2P sites, that site that I mentioned (coolroom.com) That came bundled with the software supplied and installed on my Laptop, I certainly didn`t choose it and it has been fixed/deleted on the advice of 1972Vet, seems a very nice guy.

Thank you,

Kev

Link to post
Share on other sites

hmm never occured to me it could be hidden files, i'll check it out, if i find it and it matches I try to shred it. if not it's not a serious problem because my computer runs fine and if it really hacks me off one of these days I can always restore it to an earlier date maybe the reason the program is not deleting the infection is because of some weird vista security feature. the new operating system really annoys me and i'm yet to figure out how all the features work. if all else fails I'll just uninstall limewire and we'll see what happens.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.