Hi there, stupidly I clicked the download button for an MP3. Instantly my AVG 7.5 popped up and showed threat detected and halted further progress for the download. I then clicked send file to the virus vault and saw it was named ZLOB.Download. I looked up the named file in the directed Cache
C:\documentsandsettings\owner\applicationdata\mozilla\firefox\profiles\-------.default\cache\EC373

I did another AVG Scan and it showed up as an infected File as guessed. Then Afterwards I did an Adaware Se Personal Scan, Spybot Search and Destroy scan, and downloaded a program solely for detecting ZLOB Files and programs on the PC.

After deleting some files and doing all of the scans, I did 3 more AVG Scans and 3 Spyhunter Scans and they kept coming up clean with no threats detected.

Is there any kind of logs I can show you guys to see if I have any problems still on my pc related to Zlob ? This is really bugging me out at the moment. Thanks guys.

When did this Zlob incident occur?

AVG 7.5 support is scheduled to end during this summer.

Suggestions:
-Upgrade to AVG 8.0
-Upgrade AdAware SE Personal to AdAware 2008
---
What version is your Spybot-SD? What is your OS?

I would suggest you use either CCleaner or ATF Cleaner to clean the cache, temp. files, and cookies from your browsers.

If your computer shows signs of an infection you may take a visit to the Malware Forums.

But first how is the computer going?

This incident occurred 2 hours ago.

Im using Spybot Version 1.4

I just copied and pasted my PC Specs from another forum so some of this hardware doesn't need to be posted probably.

Windows XP Home Edition SP2
AMD64 X2 DUAL CORE 6000+ LIVE!
ASUS P35 M2N DELUXE 570SLI
EVGA 8800GTS 640MB Superclocked
WESTERN DIGITAL SATA 750GB 16MB 7200RPM
4 GIGS G. SKILL D9 MICRON
2 SATA ASUS QUIET TRACK SATA DVD DRIVES

So far my PC is running normal, No pop ups, or anything odd going on. I'm still weary because with this rig, it's hard to tell if I'm getting possible performance hits caused by it. I wasn't aware Those new versions you listed were out, thanks.

For firefox I use the Mcafee Site Advisor Add on, I have my cookies set so that their automatically deleted upon closing the web browser. I'm pretty sure I deleted all of my firefox cache folders, if they are located in the F1SJA---.Default folder ? I always clean out my temp folder as well.

But yeah this is some random thing that happened for the first time in 2 years, had zero adware and spyware detected up until 2 hours ago, but now it seems to be in the clear. I'm unsure if all files are gone, even though nothing is getting detected, I'd like to do a Log File to post but I have no clue how to attain one.


On A side note : I use the AVG Free edition 7.5 and will install AVG 8.0
Update Spybot

...download button for an MP3.

So is the file in the Quarantine in AVG now?
How about the "download button"? Did you save it to your desktop?

Upgrade to Spybot-SD 1.5.2.20.
--
http://forums.spybot.info/showpost.php?p=199444&postcount=5
--
These instructions provided by md spybot usa fan should tell you how to remove it.

Basic idea is the undo the immunization, disable both SDHELPER and TEATIMER. Uninstall Spybot. Install the new one. Update and immunize.

Then with all the latest updates, run a new scan with the upgraded Spybot and see of Zlob comes up. If not then you're fine.

Also... about that log file. Which application detected Zlob? AVG or Spybot?

Thank you for your help thus far. Right now I'm currently setting up AVG 8.0 and after that I will install the new Spybot you gave a link to.

When I clicked the Download Button on the site, AVG popped up telling me it detected a threat in the file ZLOB.Download and I chose to halt further action and send it to the virus vault. After doing scans on different programs and deleting some files. I did a spybot scan and nothing popped up.

Going back in time at the start of this, I did an AVG Scan while it was still in the virus vault, I did 2 scans while the file was in the vault, and both times AVG detected the infected log file during the scan. I didn't do a spybot scan until afterwards when AVG was no longer picking up any threats during the scan to make sure that it was legit.

To further back it up, I did an Adware Scan, Zlob spyhunter scan, and 3 more AVG Scans to see if anything got detected still, but remained clean.

I will install these new versions and see what I get.


The site here, which is clean when you enter, just bad when you click download is:
www.puertasjemofer.com/images/flash/throes-of-dawn.html

Mcafee site advisor shows it as clean on the browser with a green checkmark, I'll have to, or someone should correct their rating for this site.

Glad to hear...

Is SpyHunter a purchased suscription?

Edit: Hm. I visited that site... but I didn't click on anything since my PC is not a test computer.

The site itself seems skeptical, besides the green rating by McAfee. I'm using the SiteAdvisor 26.6 too...
I'm just suspicious because it says "Free". Usually for MP3 songs you have to purchase, but it depends on the retailer or the person or site that manages the songs.

What troubles me is that AVG warned you. AVG is one of the "upper-average" AV's.
I'm a ex-AVG user, so I'm not so sure.

Is it bad that AVG warned me :fear: ? I just finished configuring my AVG 8.0, now I'll install spybot, then do the scans and report the results. Would you happen to know if the AVG 8.0 Residence Shield takes up a lot of resources ? I can't remember if AVG 7.5 had one or not, I'm sure it did since it detected the file upon download.

Edit: While I was removing Spybots .EXE with the Search, it shows I have around 25 RUNDLL32.EXE and 8 WMPLAYER.EXE in the search results. And games I have installed with multiple logs. Some of them take place on different days and times. Only a couple were logged today, why is this ?

That was exactly the reason why I moved from AVG 8.0 to avast! 4. It took up around 50MB of RAM for "avgrsx.exe".

I could also give you a link to test if your Resident Shield is functioning properly. It's the eicar test.

The Resident Shield for AVG 7.5 is active by default.
http://forums.spybot.info/showthread.php?t=27264
http://forums.spybot.info/showthread.php?t=27793

The first link, I talked about the false positives found by AVG 8.0. I'm not sure if it's resolved yet.


[FONT="Tahoma"]Is SpyHunter a purchased suscription?[FONT]

Is it?

The Spyhunter program allows you to scan for ZLOB Files and programs, but you have to pay for it in order to remove the files.

So the AVG 8.0 RS takes 50mb of RAM, how much did the AVG 7.5 Take ?

Heres a list of some of my Prefetch .EXE's over the last month. I always look my .EXE's and remove the ones that aren't needed, and look up information on each one I'm not sure of. But why are there so many prefetches logged for the WMPLAYER and RUNDLL you think ? Due to having multiple games in use, Even with 2 DVD Drives, it would be to much CD Switching, so I'm using some NO CD Fixes for a couple of games I'm currently using, the only explanation I can think of is that the multiple logs are coming from the No CD Fixes tricking the game into thinking it's in the drive. These never came up earlier today though when I used search. Unless I always overlooked it.

http://i233.photobucket.com/albums/ee11/Jordanx133/234.jpg
http://i233.photobucket.com/albums/ee11/Jordanx133/32.jpg

With this I will check back around 10:30 central time and post scan results.

Steam is a P2P program. I recall using it once, when I attempted to download Lost Planet: Extreme Condition.

As for the Prefetch, I would suggest you leave it alone. Deleting the files, may cripple program loading times.

Also is SpyHunter a valid suscription? Or is it just a trial?

I can't recall the results of AVG 7.5 because it's been too long.

Hah AVG 8.0 must use something similar to Mcafee Site Advisor because I have new green checkmarks and and red X's next to the Mcafee Checks and X's. I guess that's a good thing since I can see which sites they agree on and which they don't. I've seen mcafee rate a site green while AVG rated the same site Red, so having a 2nd opinion is nice. I could have used that earlier.

Anyways, I've read about AVG and ZLOB being a false Positive on it, but at the same time when I type in ZLOB.Download, ZLOB.Download/Media, it describes it as being a malicious back door program that is hidden in the PC directory that installs additional spyware programs, takes partial control of your pc, and changes settings, which had me worried. Luckily I didn't completely download anything, didn't even start downloading the MP3, AVG halted it before it could even start. So I don't know if theres different versions or file types of this thing or what. Theres sites and people that list extensive removal procedures for the Zlob.Download. So there has to be some different versions of this file or something.

When I type in AVG ZLOB.Download False Positive I get threads similar to this in google search, but it seems this ZLOB.Download has several . prefixes after the Download or ZLOB, so does that make it a different file threat of its own ?
http://www.pamela-systems.com/forum/viewtopic.php?p=2862

It's kind of sad how out dated my Spybot, AVG, and Adaware was, makes me wonder why I never bothered updating sooner when I knew new versions were available. They all look nice, specially Adaware 2008 with the Carbon Skin, or default.

So I just finished the scan for AVG 8.0, Spybot 1.5.2.20, and Adaware 2008.

The results for Spybot say " Congratulations no Immediate Threats were found " .

The results for AVG say:
Infections Found - 0
Spyware Found - 0
Errors Encountered - 0

The results for Adaware 2008:
Zero

This whole thing could have been a false positive, which would be a little funny, but it got me to update all of my security programs. But then again it could have been the real thing as well.

Thanks for tagging along, So you Think I'm in the clear of anything harmful relating to Zlob.Download ?

After Closing Browser, then logging back in a few minutes later, can't find the Edit button on my previous post, so I'll have to double post. But yeah, the Spyhunter is a Subscription, with a 5 day money back Guarantee. I've read it's a scam, and Mcafee shows the site as Red rather than Green in the advisor bar, While AVG shows it as green.

http://www.siteadvisor.com/sites/spyhunter.com

Spybot 1.5.2 isn't compatible with AVG 8.0 as AVG wrongly detect Spybot's Immunization feature as Malware.

They must have corrected the problem because after a full AVG 8.0 Scan with Spy bot's 1.5 Immunization nothing detected on AVG as Malware related to Spy Bot. What's odd is that when I Launched spy bot, I got a message saying it detected that I have Lavasoft Adaware 2008 installed " Incompatibility ". I chose to ignore it and chose " don't show this message again ". Is there some kind of Rivalry going on between Adaware and Spy Bot ? :police:

5-day money back guarantee?!
I also recall that SpyHunter finds some false positives.

I personally agree with McAfee. However, I do not trust LinkScanner because it takes a heck of a long time to scan. I found some "bad" sites that AVG rated as Green while SiteAdvisor rated Red. Found that I was right.

And about the AdAware problem... that has been a thorn on my side.
http://forums.spybot.info/showthread.php?t=28394

When I first ran AVG 8.0 scan there were around 187 warnings. Turned out they were false positives.

In conclusion, JORDAN, if you applications does not detect anything YOU ARE CLEAN! AVG did it's job by halting the download. There should be nothing to be concerned about.