Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251

Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
Downloader.Zlob.YQ
Downloader.Zlob.YQ

Downloader.Zlob.YQ
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Downloader.Zlob.YQ Rob 05-07-2006
---> Re: Downloader.Zlob.YQ cquirke (MVP Wi...05-07-2006
Posted by =?Utf-8?B?Um9i?= on May 7, 2006, 6:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hope someone can help!

The other day my machine (XP Pro) started to behave strangely. Every time I
launch IE I get page after page of security warnings designed to look like
microsofrt warnings (Although they are clearly not Microsoft) telling me the
machine is at risk and I need to download all sorts of software to sort out
the problems, this I have not done. Also my home page has been redirected to
www.systemuptodate.com, this I cannot change.

I ran and AVG scan and it detected and removed Trojan Horse
Downloader.Zlob.YQ and any subsequent scan says the machine is clear of all
threats however the symptoms have not gone away.

I have searched the interenet for information on this virus but have failed
to come up with anything usefull.

Can anyone help me with solutions/information?

Thanks
Rob



Posted by Malke on May 7, 2006, 9:02 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Rob wrote:

> Hope someone can help!
>
> The other day my machine (XP Pro) started to behave strangely. Every
> time I launch IE I get page after page of security warnings designed
> to look like microsofrt warnings (Although they are clearly not
> Microsoft) telling me the machine is at risk and I need to download
> all sorts of software to sort out the problems, this I have not done.
> Also my home page has been redirected to www.systemuptodate.com, this
> I cannot change.

For Zlob infections, use the Smitfraud removal steps here:
http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

Do the preparatory work first:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"

Posted by =?Utf-8?B?Um9i?= on May 10, 2006, 6:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


"Malke" wrote:

> Rob wrote:
>
> > Hope someone can help!
> >
> > The other day my machine (XP Pro) started to behave strangely. Every
> > time I launch IE I get page after page of security warnings designed
> > to look like microsofrt warnings (Although they are clearly not
> > Microsoft) telling me the machine is at risk and I need to download
> > all sorts of software to sort out the problems, this I have not done.
> > Also my home page has been redirected to www.systemuptodate.com, this
> > I cannot change.
>
> For Zlob infections, use the Smitfraud removal steps here:
> http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan
>
> Do the preparatory work first:
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> Malke
> --
> MS-MVP Windows User/Shell
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic"
>
Many Thanks Everyone!

I took all the preparatory advice and then used "smitfraudfix" with total
success.

Best Regards
Rob


Posted by Malke on May 10, 2006, 10:37 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Rob wrote:

> Many Thanks Everyone!
>
> I took all the preparatory advice and then used "smitfraudfix" with
> total success.
>
> Best Regards
> Rob

Glad to hear it, Rob! Thanks for taking the time to post back.

Now stay safe, OK? :-)

Safe Hex:

http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get
Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric Howes on
Rogue Antispyware Programs
http://www.microsoft.com/security/protect/default.asp - Protect Your PC
http://www.cert.org/homeusers/HomeComputerSecurity/ - Home Computer
Security

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by David H. Lipman on May 7, 2006, 10:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hope someone can help!
|
| The other day my machine (XP Pro) started to behave strangely. Every time I
| launch IE I get page after page of security warnings designed to look like
| microsofrt warnings (Although they are clearly not Microsoft) telling me the
| machine is at risk and I need to download all sorts of software to sort out
| the problems, this I have not done. Also my home page has been redirected to
| www.systemuptodate.com, this I cannot change.
|
| I ran and AVG scan and it detected and removed Trojan Horse
| Downloader.Zlob.YQ and any subsequent scan says the machine is clear of all
| threats however the symptoms have not gone away.
|
| I have searched the interenet for information on this virus but have failed
| to come up with anything usefull.
|
| Can anyone help me with solutions/information?
|
| Thanks
| Rob
|



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being
exploited.

Therefore, it is highly suggested that if there are any prior versions of Sun
Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version...

C:\Program Files\Java\jre1.5.0_06


http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool --
SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it
will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if
you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have
to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in
your bowser
but your PC will automatically be shutdown. It is suggested that you move the
report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of
the HTML
report for each session.


ALTERNATE:

Part 1
-----------

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
Downloader AQ December 7, 2006, 11:40 am
Trojan.Zlob.Gen September 5, 2006, 12:10 am
How do i get rid of Win32/zlob.zwc? August 3, 2007, 4:40 pm
Zlob.Trojan September 15, 2008, 3:42 am
Downloader-Awx Trojan June 20, 2006, 5:00 pm
High downloader October 12, 2007, 6:11 pm
Restored PC with Zlob Trojan July 23, 2006, 12:32 pm
New Zlob Rogue: VirusRay October 23, 2007, 3:18 pm
Trojon Downloader Will not delte help April 13, 2006, 9:40 am
How do I remove Downloader virus??? Help! July 13, 2006, 9:29 pm

The site map in XML format XML site map

Contact Us | Privacy Policy