Adware.Zhong -- on my machine!

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Adware.Zhong -- on my machine!

*rain*drops*

06-03-2007

Re: Adware.Zhong -- on my machine!

Malke

06-03-2007

Re: Adware.Zhong -- on my machine!

David H. Lipman

06-03-2007

Re: Adware.Zhong -- on my machine!

*rain.drops*

06-03-2007

Re: Adware.Zhong -- on my machine!

David H. Lipman

06-03-2007

Re: Adware.Zhong -- on my machine!

ladybird

06-15-2007

Posted by *rain*drops* on June 3, 2007, 7:29 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Spybot S&D found "DeepDive"on my system. Spybot then froze while checking
for Zlob.VideoAXObject. Frozen 20 minutes. Spybot showed the bad reg key
as
HKEY_CLASSES_ROOT\Interface\

I googled for information. It looks like Zhong may be related to Zlob in
some way. ??? Is it okay for me to DELETE "explorer.exe" -- that sounds
like an important file. Are these instructions safe?

------------------------------------------
Zhong Removal instructions include:

Stop Processes:
explorer.exe,
weather.exe

Remove Reg Entries:
HKLM SOFTWAREMicrosoftWindowsCurrentVersionRunundll32
HKR Chajian.ChajianHelper
HKR .ChajianHelper.1
HKR Interface
HKR Interface
HKR TypeLib
HKLM SoftwareMicrosoftWindowsCurrentVersionUninstallweather_is1

Unregister:
sysreal32.dll

Delete:
explorer.exe,
weather.exe,
sysreal32.dll
C:Program FilesWeather
C:Documents and SettingsAll UsersStart MenuPrograms

-------------------------------------------------

*rain*drops*

Posted by Malke on June 3, 2007, 8:17 pm

If you were Registered and logged in, you could reply and use other advanced thread options

*rain*drops* wrote:

> Spybot S&D found "DeepDive"on my system. Spybot then froze while checking

> for Zlob.VideoAXObject. Frozen 20 minutes. Spybot showed the bad reg key

> as

> HKEY_CLASSES_ROOT\Interface\

> I googled for information. It looks like Zhong may be related to Zlob in

> some way. ??? Is it okay for me to DELETE "explorer.exe" -- that sounds

> like an important file. Are these instructions safe?

(snip)

I would not follow those instructions. Instead, for Zlob infections do
the preparatory steps here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman'seither Sysclean or Multi_AV.
Instructions and link are at the site above.

Then go through these steps:

http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

That should take care of it but it it doesn't and/or you want more
one-on-one help, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigStoreUSA). Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed
up before you take the machine into a shop.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by David H. Lipman on June 3, 2007, 8:20 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| Spybot S&D found "DeepDive"on my system. Spybot then froze while checking
| for Zlob.VideoAXObject. Frozen 20 minutes. Spybot showed the bad reg key
| as
| HKEY_CLASSES_ROOT\Interface\
|
| I googled for information. It looks like Zhong may be related to Zlob in
| some way. ??? Is it okay for me to DELETE "explorer.exe" -- that sounds
| like an important file. Are these instructions safe?
|

< snip >

If you can understand them -- Yes.

I also suggest...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Posted by *rain.drops* on June 3, 2007, 9:21 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Thank you. I've killed it off with AdAware and Spybot in two runs
each and a reboot or two. Zhong is gone.

Question: I was just speculating that Zhong might be related to
Zlob. None of the malware apps detected Zlob. I'm thinking I was
wrong in my speculation. Was I wrong?

Question: I'm still needing help using Multi AV. I've got it all and
have run it in Normal mode. I am unable to boot into SAFE MODE. I
need some help with that please.

Thank you!

On Sun, 3 Jun 2007 20:20:53 -0400, "David H. Lipman"

>| Spybot S&D found "DeepDive"on my system. Spybot then froze while checking

>| for Zlob.VideoAXObject. Frozen 20 minutes. Spybot showed the bad reg key

>| as

>| HKEY_CLASSES_ROOT\Interface\

>| I googled for information. It looks like Zhong may be related to Zlob in

>| some way. ??? Is it okay for me to DELETE "explorer.exe" -- that sounds

>| like an important file. Are these instructions safe?

>< snip >

>If you can understand them -- Yes.

>I also suggest...

>* Ad-aware SE v1.06

> http://www.lavasoft.de/

> http://www.lavasoftusa.com/

> http://www.lavasoft.de/ms/index.htm

>* SuperAntiSpyware

> http://www.superantispyware.com/superantispywarefreevspro.html

*rain.drops*

Posted by David H. Lipman on June 3, 2007, 9:44 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| Thank you. I've killed it off with AdAware and Spybot in two runs
| each and a reboot or two. Zhong is gone.
|
| Question: I was just speculating that Zhong might be related to
| Zlob. None of the malware apps detected Zlob. I'm thinking I was
| wrong in my speculation. Was I wrong?
|
| Question: I'm still needing help using Multi AV. I've got it all and
| have run it in Normal mode. I am unable to boot into SAFE MODE. I
| need some help with that please.
|
| Thank you!
|

For problems booting into Safe Mode I suggest a NEW post in an OS related News
Group
specifically stating you can't boot into Safe Mode.

If you are using WinXP I suggest...
news:microsoft.public.windowsxp.general

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Similar Threads	Posted
I can not log on to my machine at all	September 22, 2005, 6:24 am
I want to install a virus on my machine	March 9, 2006, 11:09 am
Posting spam when his machine if off?	November 27, 2006, 8:29 am
Intrusion on Virtual Machine	January 10, 2007, 6:27 am
Infected machine on dial-up	October 15, 2007, 11:18 am
McAfee and Norton AV on the same machine?	October 16, 2007, 12:49 pm
why cannot install two different antivirus software in the same machine?	January 24, 2006, 11:45 am
Troj/Zlob-ZG reported on my machine.....	February 22, 2007, 5:01 pm
Adware bug	February 20, 2008, 6:41 pm
Adware.QoolAid	September 20, 2005, 9:16 am

The site map in XML format XML site map