Lilstormcloud Posted October 15, 2008 ID:30913 Share Posted October 15, 2008 Well from what the program tells me I have 4 infected items, but from what I read about the trojan I don't seem to have any of the symptoms, infact the computer is running completely fine. but an infection is an infection so I tried removing it, i'm running vista so I had to disable account control to let it remove it at startup. so far no luck though i tried removing it 4 times, but each time I rescan it tells me the same 4 trojans are still there but there's nothing wrong with my PC and the 4 files the program is referring to I cant even find them. is this a false alert?Malwarebytes' Anti-Malware 1.28Database version: 1211Windows 6.0.6001 Service Pack 115/10/2008 1:54:56 p.m.mbam-log-2008-10-15 (13-54-47).txtScan type: Quick ScanObjects scanned: 40948Time elapsed: 1 minute(s), 48 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.C:\Users\Public\Favorites\һmbam_log_2008_10_15__13_54_47_.txtmbam_log_2008_10_15__13_54_47_.txt Link to post Share on other sites More sharing options...
Lilstormcloud Posted October 15, 2008 Author ID:30919 Share Posted October 15, 2008 just thought I'd add that after searching my pc the infected files mentioned in the log file was nowhere to be found, but I find it disturbing that it says C:\Users\Default\My Documents\My Music\My Music.url, C:\Users\Default\My Documents\My Pictures\My Pictures.url, and etc because in vista unlike xp there is no "my" in front of pictures, music, documents and etc as for the .url afterwards I've got no idea what that's supposed to mean. it just doesn't seem the programm could make up something this weird. but who knows. Link to post Share on other sites More sharing options...
Lilstormcloud Posted October 15, 2008 Author ID:30933 Share Posted October 15, 2008 came back to check noticed I attached the wrong log file sorry. this onhe is the developers one. i hope. Files Infected:C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. [38575351343053838075667915597780671301362761548470838461377071668677856146900137806886787079858461469001468684746861469001468684746815868377]C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. [38575351343053838075667915597780671301362761548470838461377071668677856146900137806886787079858461469001497468858683708461469001497468858683708415868377]C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013780688678707985846146900155746970808461469001557469708015868377]C:\Users\Public\Favorites\メサニエメヨノ酩・ (Trojan.Agent) -> No action taken. [38575351343053838075667915347270798513013627615484708384614986677774686139668780837485708461416453967141443750420Malwarebytes' Anti-Malware 1.28Database version: 1211Windows 6.0.6001 Service Pack 115/10/2008 2:08:23 p.m.mbam-log-2008-10-15 (14-08-21).txtScan type: Quick ScanObjects scanned: 41412Time elapsed: 1 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. [38575351343053838075667915597780671301362761548470838461377071668677856146900137806886787079858461469001468684746861469001468684746815868377]C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. [38575351343053838075667915597780671301362761548470838461377071668677856146900137806886787079858461469001497468858683708461469001497468858683708415868377]C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. [3857535134305383807566791559778067130136276154847083846137707166867785614690013780688678707985846146900155746970808461469001557469708015868377]C:\Users\Public\Favorites\һmbam_log_2008_10_15__14_08_21_.txtmbam_log_2008_10_15__14_08_21_.txt Link to post Share on other sites More sharing options...
JeanInMontana Posted October 15, 2008 ID:31032 Share Posted October 15, 2008 These are not FP's remove them. http://74.125.45.104/search?q=cache:1vz4kr...;cd=9&gl=us MBAM is identifying them as Zlob because it is. Link to post Share on other sites More sharing options...
Lilstormcloud Posted October 16, 2008 Author ID:31072 Share Posted October 16, 2008 thanks for confirming, but the problem is I tried deleteing them a thousand times but each time I rescan they're still there. it wouldn't even be such a problem if I can find those files myself and delete them manually but like I said those folders "my music" etc etc don't even exist on vista never mind finding them. I've disabled account control so the program can load on startup so it can "delete on reboot" but that doesn't work either i tried clearing cache cookies etc etc but nothing gets rid of it further more the computer is fine no fake alerts no pop ups telling me to buy stuff no slow down. i would love to delete them but I just don't know how. Link to post Share on other sites More sharing options...
Lilstormcloud Posted October 16, 2008 Author ID:31074 Share Posted October 16, 2008 also checked the symptoms on that site. IE bookmarks are unchanged. no new icons on descktop. no new documents. my music.url is not found anywhere i've seached both manually and though the search function in windows and the path for those files can't be found anywhere. Link to post Share on other sites More sharing options...
kevinf80 Posted October 16, 2008 ID:31077 Share Posted October 16, 2008 (edited) Hi there,I`ve got exactly the same problem as you with Trojan.Zlob, have a read of the thread I started in The HJT forum. Those files indicated as infected are not your normal files, I think they are something to do with the Media Centre. A site called <malicious site removed> is available from media centre, from that site you can LEGALLY d/load music and video etc. I think that is where the files are from.When you do a scan and you get the results the infected files are shown within Malwarebytes, right click on any one of them. You can now select the option to jump to that file, do it. Right click again on that file and choose option to scan again with Malwarebytes. Ive done that with all of the "alleged" infected files. each one comes up clean. I find that very strange and worrying. A general quick scan finds those files "infected". A direct scan on the chosen file only, comes up clean. I`ve also done direct scans on each file with my other security programs. AVG Professional and Spybot S&D. A guy named 1972Vet indicated that these files on my lappy maybe false positives, but i`ve not had any confirmation. Are you using the free version of Malwarebytes or the paid for, i`m using the free one. Please let me know if you find any more info on this.Cheers,Kev. Edited October 17, 2008 by JeanInMontana The site is the source of your Zlob regardless of whether or not it is legal. Link to post Share on other sites More sharing options...
Lilstormcloud Posted October 16, 2008 Author ID:31088 Share Posted October 16, 2008 hmm come to think of it my wife did download limewire a few days before the trojans appeared it's a new computer so I'm pretty sure it was clean before that. thanks that might just be the problem. Yes I did jump to location. it sent me to the users folder, it had "my music" except it was only "music" because of windows vista name change etc. i checked in the documents folder there was the limewire folder and a few other things nothing suspicious. deep scanned the whole PC with avast latest update and it said the PC was clean. Funny though because I knew limewire had some weird stuff on the network so I advised my wife to only download files that are not exe and larger than 2mb after she transfers it to the mp4 she also deletes all the files she downloaded just to be safe. knowing some of these programs have adware with them too I scanned the computer with malwarebytes the day she downloaded limewire, it came up completely clean. she scanned it again the following day, that's when the trojans were found. I don't know what happened?? anyway I'm using the free version of the program too, maybe that's the problem lol. Link to post Share on other sites More sharing options...
kevinf80 Posted October 16, 2008 ID:31093 Share Posted October 16, 2008 Limewire, a bit of a bad reputation me thinks. I`m really bemused as to why a general scan finds these infections and yet a direct scan with the same program (Malwarebytes) on the supposedly infected file comes up clean.The "infected" files on my lappy are contained within a bundled program that was preinstalled when I bought it. I`ve not had any problems whatsoever, the lappy works great. I`ve just tried out Superantispyware and it comes up clean aswell.My thread on the HJT forum seems to have come to a halt, not sure if any of the experts have given up on me.I`m not really sure what to do next, I think the problematic files I have are harmless. If Malwarebytes cant solve it i`ll probably stop using it. Its a shame really because it is a really good program. I was thinking of buying it, but will have to think about now.Kev. Link to post Share on other sites More sharing options...
JeanInMontana Posted October 16, 2008 ID:31108 Share Posted October 16, 2008 OK a general answer to both of you. I have discussed this with the lead developer and it is malware. You can't find it because it is malware. File sizes and "non.exe" won't save you from malware. P2P is risky behavior, and will get you infected. Free or paid MBAM works exactly the same in removal. @ Kevin 1972vet has pmed me about this. I will have nosirrah post to this thread. Link to post Share on other sites More sharing options...
kevinf80 Posted October 16, 2008 ID:31146 Share Posted October 16, 2008 Hi Jean,Thanks for the response, I`ve managed to finally get rid of my problems. Eventually located the files (might work for you Lilstormcloud) I`m still not convinced that it was malware. Show hidden files and folders > navigate to C: > User > Default. I could now see the three problem files. I then deleted the files, ran crap cleaner then re-booted. Ran a quick scan with Malwarebytes, all ok. Scan clean. Hide files and folders. I`m going to list my Malwarebytes log and a new HJT log in my thread in the HJT forum for one of the moderators to have a look.Kev. Link to post Share on other sites More sharing options...
JeanInMontana Posted October 17, 2008 ID:31167 Share Posted October 17, 2008 So what were the "problem" files? Vague references are of no use to anyone. What ever you did is nothing Lilstormcloud should do, you have deleted some vague file. Link to post Share on other sites More sharing options...
kevinf80 Posted October 17, 2008 ID:31222 Share Posted October 17, 2008 Hi Jean,Really sorry if i`ve confused things, I`m no expert with computers as you`ve probably guessed. I only started about a year ago after I retired from work prematurely due to a serious accident. I never meant for Lilstormcloud to follow what I did, nor did I think for one minute that his problem was the same as mine. The poster did say that they could not find the problem files indicated by Malwarebytes, I thought that if he selected show hidden files/folders like I did maybe that might show them.I have replied to 1972Vet in the HJT forum again, hopefully that reply gives a better view of what I did and why.If you choose to reply again will you leave the thread open so I can read it, I`m going away later today and will not be back home until Sunday 5pm GMT.Just to clarify a point that you made. I don`t use P2P sites, that site that I mentioned (coolroom.com) That came bundled with the software supplied and installed on my Laptop, I certainly didn`t choose it and it has been fixed/deleted on the advice of 1972Vet, seems a very nice guy.Thank you,Kev Link to post Share on other sites More sharing options...
JeanInMontana Posted October 19, 2008 ID:31468 Share Posted October 19, 2008 To the best of my knowledge the site was compromised. That is how I took it when nosirrah told me it was from that site. Link to post Share on other sites More sharing options...
Lilstormcloud Posted October 20, 2008 Author ID:31603 Share Posted October 20, 2008 hmm never occured to me it could be hidden files, i'll check it out, if i find it and it matches I try to shred it. if not it's not a serious problem because my computer runs fine and if it really hacks me off one of these days I can always restore it to an earlier date maybe the reason the program is not deleting the infection is because of some weird vista security feature. the new operating system really annoys me and i'm yet to figure out how all the features work. if all else fails I'll just uninstall limewire and we'll see what happens. Link to post Share on other sites More sharing options...
1972vet Posted October 20, 2008 ID:31613 Share Posted October 20, 2008 @Lilstormcloud,Please do uninstall Limewire...if you'd like some help with your issue, please post a HijackThis log Here. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now