Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 44

Thread: zlob.zip trojan

  1. #31
    Junior Member
    Join Date
    Jan 2016
    Posts
    27

    Default I'm back

    Ken - did post in forum 2 days ago & just now went to support @spybot & believe there is overall problem with my program kept getting scrip error on each step of the way giving them message. For ha-ha's I went to my event viewer & found errors in past 3 days in security log 1 is system files distributed com server local host; other is sync host 8d91dof - this I believe when I tried to upgrade spybot as fits time frame, another kernel power & NPT client. Just wondering if there is anything I can run while I'm waiting to hear back from spybot to see if I'm infected again (or still?) Sorry to bother you again, but trying to be viligant. Thank you!

  2. #32
    Junior Member
    Join Date
    Jan 2016
    Posts
    27

    Default

    sorry sent twice - first time said there was an error & wait 30 secs so thought it didn't go thru - the 2nd time it told me it was duplicate.

  3. #33
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You can try this free online virus scanner



    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan


    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.





    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.

    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push

    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #34
    Junior Member
    Join Date
    Jan 2016
    Posts
    27

    Default

    Does this mean I unstall spybot again before I use this eset scanner? I did write spybot directly for help & they gave me instructions on how to update & it worked. Going to run a scan now from spybot & will wait till I hear from you about what to disable before doing eset - does this mean Malware Bytes also? Thanks Ken.

  5. #35
    Junior Member
    Join Date
    Jan 2016
    Posts
    27

    Default spybot scan results

    As noted in last reply I did run spybot & it found adware threats - I saved the log (below) & when I went to fix problems I just got the swirling ball - so after 10 mins. of that went to close it & said that it was not finished - it never fixed problems & said malware program not responding. Don't know if this is any use to you but here it is:

    Search results from Spybot - Search & Destroy

    1/28/2016 7:27:47 PM
    Scan took 00:24:24.
    12 items found.

    MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3611819408-1750479240-3027513373-1000\Software\Microsoft\Microsoft Management Console\Recent File List

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3611819408-1750479240-3027513373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (12) (Browser: Cache, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)


    Adware.Agent.NXO: [SBI $SpybotAV] Executable (File, nothing done)
    C:\Users\Corinne\Downloads\api_Downloader (1).exe
    Properties.size=4671944
    Properties.md5=40997DF90235ADCDE6E5253ED5CA0082
    Properties.filedate=1373088876
    Properties.filedatetext=2013-07-06 00:34:35

    Adware.Agent.NXO: [SBI $SpybotAV] Executable (File, nothing done)
    C:\Users\Corinne\Downloads\api_Downloader (2).exe
    Properties.size=4671944
    Properties.md5=40997DF90235ADCDE6E5253ED5CA0082
    Properties.filedate=1373265253
    Properties.filedatetext=2013-07-08 01:34:13

    Gen:Variant.Adware.Kazy.517148: [SBI $SpybotAV] Executable (File, nothing done)
    C:\Users\Corinne\Downloads\api_Downloader (3).exe
    Properties.size=4677064
    Properties.md5=2B06DF6B05EB4824E11F55ACAF1BCCDB
    Properties.filedate=1373691752
    Properties.filedatetext=2013-07-13 00:02:32

    Gen:Variant.Adware.Kazy.517148: [SBI $SpybotAV] Executable (File, nothing done)
    C:\Users\Corinne\Downloads\api_Downloader (4).exe
    Properties.size=4677064
    Properties.md5=E2E7F4FEF629DDD6632340B568BD107A
    Properties.filedate=1374120741
    Properties.filedatetext=2013-07-17 23:12:21

    Gen:Variant.Adware.Kazy.517148: [SBI $SpybotAV] Executable (File, nothing done)
    C:\Users\Corinne\Downloads\api_Downloader (5).exe
    Properties.size=4677064
    Properties.md5=E2E7F4FEF629DDD6632340B568BD107A
    Properties.filedate=1374120771
    Properties.filedatetext=2013-07-17 23:12:51

    Gen:Variant.Adware.Kazy.559039: [SBI $SpybotAV] Executable (File, nothing done)
    C:\Users\Corinne\Downloads\api_Downloader (6).exe
    Properties.size=4868040
    Properties.md5=F44E3D7DE35C73E6B307E88A06CA4A25
    Properties.filedate=1374207167
    Properties.filedatetext=2013-07-18 23:12:46

    Application.Downloader.TT: [SBI $SpybotAV] Executable (File, nothing done)
    C:\Users\Corinne\Downloads\api_Downloader.exe
    Properties.size=4671432
    Properties.md5=F0749A4C86CAE476D649B123AA523BF9
    Properties.filedate=1372998396
    Properties.filedatetext=2013-07-04 23:26:35


    --- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

    2014-06-24 blindman.exe (2.4.40.151)
    2014-06-24 explorer.exe (2.4.40.181)
    2016-01-25 sd2-installer.exe
    2014-06-24 SDBootCD.exe (2.4.40.109)
    2014-06-24 SDCleaner.exe (2.4.40.110)
    2015-06-16 SDDelFile.exe (2.5.42.94)
    2013-06-18 SDDisableProxy.exe
    2014-06-24 SDFiles.exe (2.4.40.135)
    2015-06-16 SDFileScanHelper.exe (2.5.42.1)
    2014-06-24 SDFSSvc.exe (2.4.40.217)
    2015-06-16 SDHelp.exe (2.5.42.1)
    2014-04-25 SDHookHelper.exe (2.3.39.2)
    2014-04-25 SDHookInst32.exe (2.3.39.2)
    2014-04-25 SDHookInst64.exe (2.3.39.2)
    2014-06-24 SDImmunize.exe (2.4.40.130)
    2015-07-24 SDLicense.exe (2.4.40.0)
    2014-06-24 SDLogReport.exe (2.4.40.107)
    2015-06-16 SDOnAccess.exe (2.5.42.11)
    2015-06-16 SDPESetup.exe (2.5.42.3)
    2015-06-16 SDPEStart.exe (2.5.42.86)
    2015-06-16 SDPhoneScan.exe (2.5.42.28)
    2015-06-16 SDPRE.exe (2.5.42.22)
    2014-06-24 SDPrepPos.exe (2.4.40.15)
    2015-06-16 SDQuarantine.exe (2.5.42.103)
    2014-06-24 SDRootAlyzer.exe (2.4.40.116)
    2015-06-16 SDSBIEdit.exe (2.5.42.39)
    2014-06-24 SDScan.exe (2.4.40.181)
    2014-06-24 SDScript.exe (2.4.40.54)
    2014-06-24 SDSettings.exe (2.4.40.139)
    2015-06-16 SDShell.exe (2.5.42.2)
    2015-06-16 SDShred.exe (2.5.42.108)
    2015-06-16 SDSysRepair.exe (2.5.42.102)
    2015-06-16 SDTools.exe (2.5.42.157)
    2014-06-24 SDTray.exe (2.4.40.129)
    2014-06-27 SDUpdate.exe (2.4.40.94)
    2014-06-27 SDUpdSvc.exe (2.4.40.77)
    2014-06-24 SDWelcome.exe (2.4.40.130)
    2014-04-25 SDWSCSvc.exe (2.3.39.2)
    2015-03-25 spybotsd2-install-av-update-2015b.exe (2.4.40.0)
    2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
    2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
    2014-10-01 spybotsd2-install-scannerservice.exe (2.4.40.0)
    2014-07-31 spybotsd2-translation-esx.exe
    2013-06-19 spybotsd2-translation-frx.exe
    2015-03-25 spybotsd2-translation-hrx.exe
    2014-08-25 spybotsd2-translation-hux2.exe
    2014-10-01 spybotsd2-translation-nlx2.exe
    2014-11-05 spybotsd2-translation-ukx.exe
    2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
    2016-01-25 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2015-06-16 NotificationSpreader.dll (2.5.42.4)
    2015-06-16 SDAdvancedCheckLibrary.dll (2.5.42.98)
    2015-06-16 SDAV.dll (2.5.42.1)
    2014-06-24 SDECon32.dll (2.4.40.114)
    2014-06-24 SDECon64.dll (2.3.39.113)
    2014-06-24 SDEvents.dll (2.4.40.2)
    2015-06-16 SDFileScanLibrary.dll (2.5.42.14)
    2014-04-25 SDHook32.dll (2.3.39.2)
    2014-04-25 SDHook64.dll (2.3.39.2)
    2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
    2015-06-16 SDLicense.dll (2.5.42.0)
    2015-06-16 SDLists.dll (2.5.42.4)
    2015-06-16 SDResources.dll (2.5.42.7)
    2014-06-24 SDScanLibrary.dll (2.4.40.131)
    2015-06-17 SDTasks.dll (2.5.42.15)
    2014-06-24 SDWinLogon.dll (2.4.40.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2015-06-16 Tools.dll (2.5.42.36)
    2015-04-22 Includes\Adware-000.sbi (*)
    2015-08-05 Includes\Adware-001.sbi (*)
    2016-01-27 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2015-07-29 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-01-09 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2015-12-23 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-24 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2015-06-25 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2015-11-19 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-02-26 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2016-01-27 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2013-12-23 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2016-01-20 Includes\PUPS-C.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2014-01-07 Includes\PUPSC.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2015-12-02 Includes\Security-C.sbi (*)
    2014-01-21 Includes\Security.sbi (*)
    2014-01-21 Includes\SecurityC.sbi (*)
    2015-11-11 Includes\Spyware-000.sbi (*)
    2015-05-06 Includes\Spyware-001.sbi (*)
    2015-08-12 Includes\Spyware-C.sbi (*)
    2014-01-21 Includes\Spyware.sbi (*)
    2014-01-21 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-01-15 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2016-01-20 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-03-19 Includes\Trojans-005.sbi (*)
    2015-03-31 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-09 Includes\Trojans-008.sbi (*)
    2014-07-09 Includes\Trojans-009.sbi (*)
    2016-01-27 Includes\Trojans-C.sbi (*)
    2014-01-15 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-01-15 Includes\Trojans-ZB-000.sbi (*)
    2016-01-13 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-16 Includes\TrojansC-01.sbi (*)
    2014-01-16 Includes\TrojansC-02.sbi (*)
    2014-01-16 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-16 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)

  6. #36
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You can temporarily disable Spybot
    https://www.safer-networking.org/faq...d-temporarily/


    Malwarebytes
    Open Malwarebytes
    Go to setting
    Detection and Protection
    Disable Malware Protection
    Disable Malicious Website Protection
    Then OK your way out


    After you run ESET, besure to go back into both Spybot and Malwarebytes and re enable all protection
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #37
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Go into your Downloads folder and delete everything in there but not the downloads folder itself

    C:\Users\Corinne\Downloads
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #38
    Junior Member
    Join Date
    Jan 2016
    Posts
    27

    Default Esets scan

    Ken, here is list & I did run archives. Had to disable spybot different way than link you sent me as have home pro ver 2.4 & now will reapply protection. Thanks for your help

    C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$R1YRE24.exe a variant of Win32/BundleInstaller.D potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$R39816W.exe a variant of Win32/BundleInstaller.D potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RA7KN7V.exe a variant of Win32/BundleInstaller.D potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RB0R9XS.exe a variant of Win32/BundleInstaller.D potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RKL295Y.exe a variant of Win32/BundleInstaller.D potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RVGSXB2.exe a variant of Win32/BundleInstaller.D potentially unwanted application
    C:\$Recycle.Bin\S-1-5-21-3611819408-1750479240-3027513373-1000\$RW8PMI5.exe a variant of Win32/BundleInstaller.D potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\hk64tbZyn0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\hk64tbZyn2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\hktbZyn0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\ldrtbZyng.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\tbZyn0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\tbZyn1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Corinne\AppData\LocalLow\Zynga\tbZyng.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

  9. #39
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Nothing to worry about Corrine, 7 of those files are in your Recycle Bin and the other 7 are backups of what AdwCleaner removed.

    1. Right click on your Recycle Bin and select Empty Recycle Bin

    2. Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.




    3. Did you empty out your Downloads folder like I previously posted ??
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #40
    Junior Member
    Join Date
    Jan 2016
    Posts
    27

    Default

    Yes I did except for my spybot license & TDS killer in download folder hope it's OK to leave those?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •