Trojan.Zlob.G Help!

CaptainHaplo · 12-11-08, 09:10 PM

Believe it or not - when your dealing with antispyware - windows defender isnt half bad. Though it is by no means exhaustive.

http://www.symantec.com/security_res...012-99&tabid=2

Symantec's writeups are second to none (wish their AV was) - this could be used to manually remove the trojan and the registry entries related to it. Kill the processes associated with it (in this case nvctrl.exe) and delete the files referenced including all your temp stuff. Once that is done - clean the registry of the keys involved - see the removal tab as well for assistance on part of that. Make sure you reboot after that. Also would be smart to make sure you have an antivirus program running and up to date definition wise at all times.

Windows Security Center will never tell you or advise you to download a non-microsoft program.

FIREWALL · 01-11-09, 07:08 PM

I use AVAST. It doe's everything. Symantic\Norton.

The only way to get rid of it is to reformat.

Task Force · 01-11-09, 07:44 PM

Somehow, I got that same pop up. exited out of that d** thing quick. scanned with windows defender. Found nothing.:hmm:

Reece · 01-11-09, 10:12 PM

Start chewing your nails, I got it awhile ago and had to re-ghost my system, nothing I found at the time would fix it, I since switched on DEFENCE+ in COMODO, it's a pain as it asks permission for every new app & process thats initiated but gives peace of mind!

Bill Nichols · 01-11-09, 10:25 PM

I feel yall's pain... I'm recovering from a nasty infection by the Vandu virus. Had to reformat and reinstall WinXP. Thankfully, I have a backup of all my files

She-Wolf · 01-12-09, 05:24 AM

Richard - all of you - I fix computers all the time and have had three or four computers infected with this particular stable of fake antivirus products. They are very well put together and will fool a lot of us because they actually use screens such as the Windows splash screen, a blue screen with a fake stop message on, and, as Richard has found, the security centre screen, to make you think the message is genuine and that you should buy that product - all fake. I manually remove all the files I can see are from them, most of which ( apart from straight installs) are in system32 in XP,but you have to be careful as not every file dated the same day and time will necessarily be part of the fake AV package. Also the registry keys and data need to be removed where recognised. However, on the parts that cannot be moved manually, either because you are denied access, even in safe mode, or because they reproduce the moment you have deleted them, I have found a useful little tool that has finished the job off. Possibly just running that tool will do the lot - I don't know.

It is called Malwarebytes Anti-M alware v 1.32 and you can download this latest version from http://www.malwarebytes.org/

ps it is free..

rifleman13 · 01-12-09, 07:21 AM

Man...

If you're going to download something, do a search for it first.
The first hint of trouble, DO NOT DOWNLOAD IT!

And...

If you're using Firefox, I suggest you add the add-on: The Web of Trust or WOT for short.

Saves a lot of time and energy identifying bad sites from the good ones.

Remember GREEN is GOOD, RED is BAD!

12-11-08, 09:10 PM	#1
CaptainHaplo Silent Hunter Join Date: Apr 2007 Posts: 4,404 Downloads: 29 Uploads: 0	Believe it or not - when your dealing with antispyware - windows defender isnt half bad. Though it is by no means exhaustive. http://www.symantec.com/security_res...012-99&tabid=2 Symantec's writeups are second to none (wish their AV was) - this could be used to manually remove the trojan and the registry entries related to it. Kill the processes associated with it (in this case nvctrl.exe) and delete the files referenced including all your temp stuff. Once that is done - clean the registry of the keys involved - see the removal tab as well for assistance on part of that. Make sure you reboot after that. Also would be smart to make sure you have an antivirus program running and up to date definition wise at all times. Windows Security Center will never tell you or advise you to download a non-microsoft program. __________________ Good Hunting! Captain Haplo Last edited by CaptainHaplo; 12-11-08 at 09:11 PM.

01-11-09, 07:08 PM	#2
FIREWALL Eternal Patrol Join Date: Mar 2006 Location: CATALINA IS. SO . CAL USA Posts: 10,108 Downloads: 511 Uploads: 0	I use AVAST. It doe's everything. Symantic\Norton. The only way to get rid of it is to reformat. __________________ RIP FIREWALL I Play GWX. Silent Hunter Who ???

01-11-09, 07:44 PM	#3
Task Force Rear Admiral Join Date: Jul 2008 Location: SPACE!!!! Posts: 10,142 Downloads: 85 Uploads: 0	Somehow, I got that same pop up. exited out of that d** thing quick. scanned with windows defender. Found nothing.:hmm: __________________ Task Force industries "Taking control of the world, one mind at a time"

01-11-09, 10:12 PM	#4
Reece CINC Pacific Fleet Join Date: Sep 2003 Location: Down Under Posts: 34,701 Downloads: 171 Uploads: 0	Start chewing your nails, I got it awhile ago and had to re-ghost my system, nothing I found at the time would fix it, I since switched on DEFENCE+ in COMODO, it's a pain as it asks permission for every new app & process thats initiated but gives peace of mind! __________________ *Sub captains go down with their ship!*

01-11-09, 10:25 PM	#5
Bill Nichols Master of Defense Join Date: Mar 2000 Posts: 1,502 Downloads: 125 Uploads: 0	I feel yall's pain... I'm recovering from a nasty infection by the Vandu virus. Had to reformat and reinstall WinXP. Thankfully, I have a backup of all my files __________________ My Dangerous Waters website:

01-12-09, 05:24 AM	#6
She-Wolf Watchdog Join Date: Jan 2007 Location: Hampshire UK Posts: 971 Downloads: 152 Uploads: 0	Richard - all of you - I fix computers all the time and have had three or four computers infected with this particular stable of fake antivirus products. They are very well put together and will fool a lot of us because they actually use screens such as the Windows splash screen, a blue screen with a fake stop message on, and, as Richard has found, the security centre screen, to make you think the message is genuine and that you should buy that product - all fake. I manually remove all the files I can see are from them, most of which ( apart from straight installs) are in system32 in XP,but you have to be careful as not every file dated the same day and time will necessarily be part of the fake AV package. Also the registry keys and data need to be removed where recognised. However, on the parts that cannot be moved manually, either because you are denied access, even in safe mode, or because they reproduce the moment you have deleted them, I have found a useful little tool that has finished the job off. Possibly just running that tool will do the lot - I don't know. It is called Malwarebytes Anti-M alware v 1.32 and you can download this latest version from http://www.malwarebytes.org/ ps it is free.. __________________ Last edited by She-Wolf; 01-12-09 at 06:04 AM.

01-12-09, 07:21 AM	#7
rifleman13 Grey Wolf Join Date: May 2008 Location: Depth-charged to Kingdom Come Posts: 927 Downloads: 28 Uploads: 0	Man... If you're going to download something, do a search for it first. The first hint of trouble, DO NOT DOWNLOAD IT! And... If you're using Firefox, I suggest you add the add-on: The Web of Trust or WOT for short. Saves a lot of time and energy identifying bad sites from the good ones. Remember GREEN is GOOD, RED is BAD!