New spyware trojans that hi-jacks windows active desktop. Zlob trojan.an
Date: Thursday May 1, 2008Posted in: Computer IT, Windows XP, computer virus removal
If you get this trojan virus, you will notice a small yellow triangle that says System Alert! Your computer is infected. windows has detected a spyware infection. Of course these are not authentic messages coming from windows. They are caused by Spyware or Malware trojan virus called Smitfraud. I think the one I got is called Troj.vlob.an
This virus is so evil that it will disable your task manager, change you wallpaper and send you lots of popup to advertise fake anti-spyware programs. Do not click on these ads or you will keep getting more spyware, trojans and virus. It will eventually slow down your pc so much that you will have to call me.
Yesterday I went to repair another computer for a customer and she had this bad virus. She had the same type of Zlog trojan that I also wrote about last week. That time I decided to reinstall windows, but this time since I had read some articles about it, so I went prepared with a few tools to clean it. First I had the smitfraudfix.exe and I also had a fixtaskmanger.exe as well as a few other basic antispyware and antivirus programs. I thought that the smitfraudfix.exe would be the perfect tool. I went ahead and ran it in safe mode and let it do its things. But even after it was finished and rebooted, this virus kept reappearing. I also noticed that the task manager was still disabled. So now I ran the other tools. I ran the task manager fix tool and it did get me back the access to the taskmanager. I continued to clean using some original methods of regedit and msconfig. This PC had Windows XP home edition. I found a few entries for rundll followed by the name of some strange dlls. So I deleted these from the startup paths and also from the registry Hkey local machine, software, microsoft, windows, run key etc.
I also booted back into safe mode and deleted the strange dll’s which I know are the virus files. But I noticed that even in safe mode, I was still getting the highjacked wall paper and the little yellow triangle that this Zlob trojan causes. it looks like this is a new variant that not even smitfraudfix.exe can get rid off. I also ran Adaware, Spybot and trojanhunter. None of these programs could kill this virus. I was ready to reinstall windows. But I decided to try one more tool. I downloaded a SuperAntiSpyware free version and I tried that too. This program which I once I thought was spyware actually helped clean up many more adware, trojans and spyware programs. It only left the fake wallpaper and I removed that, but I still have a feeling that this virus is still hiding somewhere else.But where can it be hiding? I think it has somehow infected the files that windows uses to display the active wallpaper. I will have to go back this evening and this time I will have to try a self booting antivirus program and see if it find the effected files. If anybody who reads this post knows a better way I will be glad to here from you. I may even offer you a small reward!
I know that I will see this virus again. Next time I want to be even better prepared for it. Please post any helpful comments below. Thanks in advance.
BTW I just found a few more tools and will bring them to the PC tonight:
SmitRemove and Rouge remover. I also will run ccleaner and install the latest antivirus version as I can find.
5 Comments
SuperAntiSpyware works to get rid of this Virus. I have it used it a few times and it actually works on this.
Comment by Jake on May 20th, 2008 @ 12:40 pmSmitfraud is definelty bad stuff. The first time I came across this I had a ton of problems removing it. Now whenever I run into this I do a system restore first then run the free smitfraudfix tool and then run a full scan with Spyware Doctor. If you have Smitfraud I can gurantee you are infected with other threats as well and that is way you need to use other software besides just the smitfraud fix tool.
Comment by Smitfraud on July 17th, 2008 @ 1:32 pmThis virsu blocks the task manager from working. I found a tool that will fix the task manager, but you have to get rid of this virus. I think it better sometime to just reistall the whole computer. This virus messes up so much stuff that it is better to do that.
Comment by Javier on July 21st, 2008 @ 9:57 amI found this on another blog, which appeared to help a few people with the Trojan Vlob virus. Here’s the link:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t140951.html
Essentially, they recommended the Smitfraud in SafeMode. After cleaning the system, then they recommend downloading, Malwarebytes, and run it for another clean to pick up the remaining virus’. After restarting it again, then they recommend restoring it to an earlier date, so you don’t become reinfected. Gives more detailed, step-by-step process, but this is the jist of it. Hopefully this helps.
Comment by mike on August 13th, 2009 @ 7:33 pmLine and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Zlob can be tough stuff. It’s not hard to remove it but the other traces it downloads lik Virtumonde and SMitfraud can be a big pain to remove. I suggest trying a system restore first then updating your anti-spyware softwara eand run a full scan.
Comment by Zlob on May 9th, 2008 @ 3:18 pm