25
Mar
Zlob
Overview
Zlob is a trojan taking advantage of popularity of video download and video streaming. It poses as a fake video codec, but instead it loads more threat.
Zlob may arrive as a downloaded file from a malicious Web site. Upon execution, it creates the following registry entry to ensure its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run
kernel32.dll = “{Path and file name of the executed malware}”
Similar to other TROJ_ZLOB variants, it connects to different Web sites to retrieve other URL links, where it could download other possible malicious files. Downloaded files are then executed on the affected system.
This Trojan affects systems running on Windows 98, ME, NT, 2000, XP, and Server 2003.
How to Detect and Remove Zlob?
Automatic Zlob Removal
1. Download Spyware and Adware Removal Tool. We have tested and reviewed the Top 3 Spyware/Adware Removal Software. You can download free from here.
2. After downloading, browse where the file was saved and double click to install it.
3. After installation, connect to internet and download all necessary updates to get the latest spyware definitions database.
4. Scan and Remove all Zlob files and other spywares found on your computer.
Note: To be highly effective, you may have to restart your computer in Safe mode and scan again to check for those memory-resident trojans that are running when not in Safe mode.
5. Restart your computer in Safe Mode.
-
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press “Enter”.
Choose your usual account.
6. Scan and detect and remove any Zlob or other spyware infections, when in Safe mode.
7. Reboot your PC and run another scan to ensure that your computer is clean of Zlob.
Manual Zlob Removal (Not recommended for those not familiar with Registry editing, see Note on Registry editing below)
Delete Zlob processes, registry keys, DLL files, and any other Zlob files from the computer. If possible, remove the Zlob files manually by going to Add/Remove Programs.
The Zlob processes to remove are: nvctrl.exe and msmsgs.exe and the registry values to delete are:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
Delete these files: nvctrl.exe, msmsgs.exe, hp[X].tmp, msvol.tlb, ncompat.tlb, RSA, Protect, vnp7s.net, zxserv0.com, and dumpserv.com
Variants of Troj/Zlob-QJ include: Trojan.Zlob.D, Trojan.Zlob, Trojan, Downloader.Win32.Zlob, {dz, ha, he}, Downloader-XC, Generic Downloader.gen.bd, Puper [McAfee], Troj/Zlob-CD, and TROJ_ZLOB {DR, DU, and FP}.
Notes on Editing the Registry
Before attempting to manually edit the registry, please refer to the following articles from Microsoft:
- HOW TO: Backup, Edit, and Restore the Registry in Windows 95, Windows 98, and Windows ME
- HOW TO: Backup, Edit, and Restore the Registry in Windows NT 4.0
- HOW TO: Backup, Edit, and Restore the Registry in Windows 2000
- HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Server 2003
Recommendation
Spyware/Adware such as Zlob can invade your privacy, bombard you with pop-up windows, slow down your computer, and even make your computer crash. So if you want to prevent spyware, you have to take back control of your PC today!
Important: Our suggestion for preventing future spyware and adware is to obtain a good online anti-spyware program, which will make sure that your system remains safe when you surf on the web. With this Spyware scanner, you’ll get updates twice a week ensuring that you get the latest Zlob variants and other malicious threats.
If you think your PC may already have Zlob, use Zlob remover software to find and remove Zlob and other common Spyware infections.
