doug925 0 #1 December 10, 2008 Watch out for a fictitious Microsoft Security Center Alert of "... Warning firewall blah blah blah has detected trojan.zlob on your computer. Click here to enable protection" This is a rogue spyware extorting people to buy Antivirus 2009! I know most of us are smart enough NOT to click on it, but my I.T. buddies are seeing it everywhere. (and my wife mistakenly clicked on it too) If you do get it, it is a BITCH to get rid of, as MOST anti spyware programs won't touch it right now. Here is a quick way to disinfect: This solution works for the latest Trojan.Zlog.G popup problem where no internet connection works and repeated fake warnings to 'activate' Defender anti-virus program. No use running any ant-virus/soyware programs, they don't seem to detect this latest Trojan. Only manual removal works perfect: Start in safe mode (press F8 at startup) Delete following: kjzna1562565.exe spcffwl.dll T-Scan (entire folder) their location would be C:\Documents and Settings\{username}\Application Data\Google\ It looks so simple in hindsight, entire day wasted in efforts. This is just FYI Doug.I have never developed indigestion from eating my words. Winston Churchill Quote Share this post Link to post Share on other sites
marcandalysse 0 #2 December 10, 2008 Here's a simpler solution that I used. There are other variations on this Trojan too.... Go to the link below Download the software Download the updates from the update tab Run the quick scan. Click show results Fix the selected results Reboot your machine http://majorgeeks.com/downloadget.php?id=5756&file=10&evp=693ee0b20204960edfd909666f809b26 Also use a disk cleaner like http://majorgeeks.com/CM_DiskCleaner_d4012.html "The reason angels can fly is that they take themselves so lightly." --GK Chesterton Quote Share this post Link to post Share on other sites
PhreeZone 15 #3 December 10, 2008 This never stopped going around. Its currently in its 5th generation of code. Most AV picks it up in some form if you have the updates applied and have huresitcs enabled. The hijacked site will not be picked up but as soon as you click the "run" button it picks up the code. I know way more about this piece of code then I ever care to know... Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
doug925 0 #4 December 10, 2008 You are right. It has popped up with its newest revision. Marcanddalyse, The "malwarebytes" has worked for some, but not all. Even then you are waiting for 30-45 minutes to scan the drives. I was only pointing out he quick way of deleting it. Just another option. Doug. I have never developed indigestion from eating my words. Winston Churchill Quote Share this post Link to post Share on other sites
kansasskydiver 0 #5 December 10, 2008 i just had a guy at work get it yesterday. I use mbam to clean it up, works great where others miss things mbam always cleans up.<--- See look, pink dolphins DO exist! Quote Share this post Link to post Share on other sites
virgin-burner 1 #6 December 10, 2008 WTF are you guys doing, i mean, i surf PLENTY of pornsites, but i never get shit like that.. i think i got one virus in a lifetime or something.. “Some may never live, but the crazy never die.” -Hunter S. Thompson "No. Try not. Do... or do not. There is no try." -Yoda Quote Share this post Link to post Share on other sites
doug925 0 #7 December 10, 2008 Quote WTF are you guys doing, i mean, i surf PLENTY of pornsites, but i never get shit like that.. i think i got one virus in a lifetime or something.. You need to delve deeper into the porn realm Sir! Sheesh, you're not looking at good enough porn unless the viruses embedded make your computer explode!I have never developed indigestion from eating my words. Winston Churchill Quote Share this post Link to post Share on other sites
wildcard451 0 #8 December 10, 2008 Quote WTF are you guys doing, i mean, i surf PLENTY of pornsites, but i never get shit like that.. i think i got one virus in a lifetime or something.. Yeah, but that one that you can't get rid of is all that you need. Quote Share this post Link to post Share on other sites
PhreeZone 15 #9 December 10, 2008 I just pulled the database up and I am counting 500+ file names on page 1 of my query as the logged names that we have for this so far. These "instructions" might get a subvariant of it but if you only follow these instructions you will miss a ton of the variants and dropped files.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
doug925 0 #10 December 10, 2008 Quote I just pulled the database up and I am counting 500+ file names on page 1 of my query as the logged names that we have for this so far. These "instructions" might get a subvariant of it but if you only follow these instructions you will miss a ton of the variants and dropped files. Uh, oh shit! I might need to borrow said list.I have never developed indigestion from eating my words. Winston Churchill Quote Share this post Link to post Share on other sites
chiquita24 0 #11 December 11, 2008 My dad clicked on one of those fake link about a few months ago and we ended up with Anivirus 2009 on our desktop. I spent hours trying to get it off of the computer! I went it and removed it manually, but it took me a bit to figure out all the path names and files that it went into. I think that I have it all removed now. Quote Share this post Link to post Share on other sites
chiquita24 0 #12 January 26, 2009 My friend got this on his laptop but it won't let him get to the internet to download the software to remove it. How do you do it manually? Do you have to go into the registry? Quote Share this post Link to post Share on other sites
Teigen 0 #13 January 26, 2009 You could download the legit removal software onto another pc and copy it over i guess.. Personally i use the antivirus program called "Avast" its one of the best out there! and requires very little memory to run! Quote Share this post Link to post Share on other sites
TrophyHusband 0 #14 January 26, 2009 i got it last weekend and i have avast. we were out of town so we just tried to use the computer until we got home so i could try to fix it, but by the time we got home my computer was locked up so bad i couldn't get online or do much of anything. i ended up reformating my hard drive and reinstalling windows. this was the reason for the thread about computer help i started earlier this week. fortunately all i had stored was a few pics i had taken over the weekend and i was able to get them transfered to a flash drive. i've heard from other sources as weel that avast is one of the best ones out there as well. i was beginning to doubt that when i caught the virus, but is nothing else is picking it up right now, maybe it is a good av program. "Your scrotum is quite nice" - Skymama www.kjandmegan.com Quote Share this post Link to post Share on other sites
PhreeZone 15 #15 January 26, 2009 This is up to its 1000+ variant right now from a few vendors. Looking at the code its really easy to get it pass all but the bleeding edge AV drivers since it is a server side polymorphic that generates unique code for each person that clicks on the link. This trojan and others in its family will only get installed if you actually click and tell it to download the file. Most vendors are able to add detection to it in the next update or so but some samples will remain undetected until the sample gets sent in for analysis by the researcher since its code is one that they have not seen yet. If you know how to collect a sample and send the files to your AV company they can normally updated their driver and get full cleaning for it with in a day or two.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites