tashi
2006-09-13, 21:58
The Zlob Trojan Downloader may masquerade as audio or video codecs (compressor/decompressor) required to be installed on your computer so you can watch or listen to certain media, often adult content. Also spread via fake cracks/warez and fake software downloads.
These fake codecs are know as Zlob Trojans. Once you install these programs they configure your computer to automatically start another Trojan, which displays fake security alerts in your taskbar stating your computer is infected.
When you click these alerts, the rogue program automatically opens and scans your computer. This scan will display fake results and also find the Trojan that installed it in the first place.
The scam is to scare users into thinking they must pay for the commercial version of the program in order to remove the malware. Don't make a purchase. It would be fruitless to try and get a refund once you realized exactly what you had paid for.
Some Zlob variants have backdoor functionality, giving a remote attacker the ability to control and use the infected machine for malicious purposes.
In addition to many domain changes, new variants are released frequently. Zlob is one of the largest of malware families, making it difficult for security programs to stay ahead. Your best bet to stay uninfected is to practice safe surfing.
So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)
However stuff happens. If your computer is infected and scans have been unable to remove, please follow the procedure in this link: "BEFORE you POST"(READ this Procedure before Requesting Assistance). (http://forums.spybot.info/showthread.php?t=288)
Then start your own new topic (http://forums.spybot.info/newthread.php?do=newthread&f=22) in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)
Additional instructions will be provided after logs are posted. :)
Note:
Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer/Virtuemonde infections.
Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2)
These fake codecs are know as Zlob Trojans. Once you install these programs they configure your computer to automatically start another Trojan, which displays fake security alerts in your taskbar stating your computer is infected.
When you click these alerts, the rogue program automatically opens and scans your computer. This scan will display fake results and also find the Trojan that installed it in the first place.
The scam is to scare users into thinking they must pay for the commercial version of the program in order to remove the malware. Don't make a purchase. It would be fruitless to try and get a refund once you realized exactly what you had paid for.
Some Zlob variants have backdoor functionality, giving a remote attacker the ability to control and use the infected machine for malicious purposes.
In addition to many domain changes, new variants are released frequently. Zlob is one of the largest of malware families, making it difficult for security programs to stay ahead. Your best bet to stay uninfected is to practice safe surfing.
So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)
However stuff happens. If your computer is infected and scans have been unable to remove, please follow the procedure in this link: "BEFORE you POST"(READ this Procedure before Requesting Assistance). (http://forums.spybot.info/showthread.php?t=288)
Then start your own new topic (http://forums.spybot.info/newthread.php?do=newthread&f=22) in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)
Additional instructions will be provided after logs are posted. :)
Note:
Vulnerabilities in old Sun Java versions may be partly responsible for Vundo/Winfixer/Virtuemonde infections.
Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2)