Guest rod Posted September 16, 2008 Posted September 16, 2008 We have that infernal Zlob trojan, nothing else seems to remove it, maybe we need to reload Windows? Thanks.
Guest Alias Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? rod wrote: > We have that infernal Zlob trojan, > nothing else seems to remove it, > maybe we need to reload Windows? > > Thanks. > > > Reloading Windows with a clean install is the for sure way. Or you can spend hours fighting with it and not knowing if there is anything else that the apps you've used haven't detected. Alias
Guest nass Posted September 16, 2008 Posted September 16, 2008 RE: Can Zlob be removed by using a restore point? "rod" wrote: > We have that infernal Zlob trojan, > nothing else seems to remove it, > maybe we need to reload Windows? > > Thanks. If the Restore Point not infected then you can. Try and then run a scan and see if it all clear or still lurking and infecting your restore points too.
Guest PA Bear [MS MVP] Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? Unexplained computer behavior may be caused by deceptive software http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjuction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://aumha.net/viewforum.php?f=30, http://forums.spybot.info/forumdisplay.php?f=22, http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, or other appropriate forums for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ rod wrote: > We have that infernal Zlob trojan, > nothing else seems to remove it, > maybe we need to reload Windows? > > Thanks.
Guest David H. Lipman Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? From: "nass" <nass@discussions.microsoft.com> | If the Restore Point not infected then you can. | Try and then run a scan and see if it all clear or still lurking and | infecting your restore points too. Actually many forms of malware corrupt or disable the System restore cache. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest nass Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? "David H. Lipman" wrote: > From: "nass" <nass@discussions.microsoft.com> > > > | If the Restore Point not infected then you can. > | Try and then run a scan and see if it all clear or still lurking and > | infecting your restore points too. > > Actually many forms of malware corrupt or disable the System restore cache. > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp True, but some milke you out (??) first then start to be destructive and try to hide and erase their footprint! HTH, nass --- http://www.nasstec.co.uk
Guest David H. Lipman Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? From: "nass" <nass@discussions.microsoft.com> | True, but some milke you out (??) first then start to be destructive and try | to hide and erase their footprint! | HTH, | nass | --- | http://www.nasstec.co.uk I don't understand :-( -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest nass Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? "David H. Lipman" wrote: > I don't understand :-( > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Meaning some viruses will not start to be destructive from the start of its being loaded and excuted on the User machine. Ex..Password stealers, Pop-Up/marketing Trojans (fake alert)/StartUp page, Trojan dropper..etc These viruses patterns not destructive at first, but rather resident program sending data (Commands/Data packets) from and to the user machine to the intruder server !!!
Guest David H. Lipman Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? From: "nass" <nass@discussions.microsoft.com> | Meaning some viruses will not start to be destructive from the start of its | being loaded and excuted on the User machine. | Ex..Password stealers, Pop-Up/marketing Trojans (fake alert)/StartUp page, | Trojan dropper..etc | These viruses patterns not destructive at first, but rather resident program | sending data (Commands/Data packets) from and to the user machine to the | intruder server !!! Yes, these types of malware do NOT want to give themselves away. They want to keep performing their respective payload as long as possible. However, how doe that tie-in with the system restore Cache ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest nass Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? "David H. Lipman" wrote: > From: "nass" <nass@discussions.microsoft.com> > > > | Meaning some viruses will not start to be destructive from the start of its > | being loaded and excuted on the User machine. > | Ex..Password stealers, Pop-Up/marketing Trojans (fake alert)/StartUp page, > | Trojan dropper..etc > | These viruses patterns not destructive at first, but rather resident program > | sending data (Commands/Data packets) from and to the user machine to the > | intruder server !!! > > Yes, these types of malware do NOT want to give themselves away. They want to keep > performing their respective payload as long as possible. > > However, how doe that tie-in with the system restore Cache ? > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Back to the Old game Cat and Mouse Dave LOL
Guest The Real Truth MVP Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? Use my Remove-it software, it will remove that malware from your system. Choose yes for all options when prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm -- Ignore any posts made by the Stalker Leythos, he's still in love with me. He started stalking me after I spurned his advances towards me. He said he would stop Stalking me If I stopped mentioning his name. As you can see that does not work. He is a sick obsessive STALKER. "rod" <pookiethai@NOSPAMiprimus.com.au> wrote in message news:%23JM2Kf%23FJHA.616@TK2MSFTNGP06.phx.gbl... > We have that infernal Zlob trojan, > nothing else seems to remove it, > maybe we need to reload Windows? > > Thanks. > > >
Guest rod Posted September 16, 2008 Posted September 16, 2008 Re: Can Zlob be removed by using a restore point? Thank you to everybody who replied. I appreciate your help very much. Rod. "rod" <pookiethai@NOSPAMiprimus.com.au> wrote in message news:%23JM2Kf%23FJHA.616@TK2MSFTNGP06.phx.gbl... > We have that infernal Zlob trojan, > nothing else seems to remove it, > maybe we need to reload Windows? > > Thanks. > > >
Guest rod Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? Just a FYI I tried numerous times for system restore, employing differing dates, the process went thorough to reboot, then a pop up screen arrived saying it could not restore and that nothing had changed. I guess the trojan is responsible. "rod" <pookiethai@NOSPAMiprimus.com.au> wrote in message news:%23JM2Kf%23FJHA.616@TK2MSFTNGP06.phx.gbl... > We have that infernal Zlob trojan, > nothing else seems to remove it, > maybe we need to reload Windows? > > Thanks. > > >
Guest Leythos Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? In article <OyXzk.362$eb4.8@flpi147.ffdc.sbc.com>, toidi@tpap.com says... > Use my Remove-it software, it will remove that malware from your system. > Choose yes for all options when prompted. Download it here > http://pcbutts1.com/downloads/tools/pirate.htm > > > Ignore any posts made by the Stalker Leythos, he's still in love with me. > He started stalking me after I spurned his advances towards me. > He said he would stop Stalking me If I stopped mentioning his name. > As you can see that does not work. He is a sick obsessive STALKER. > Do you really want to trust someone that was banned from posting directly to Microsoft Usenet servers, someone that has posted links to pornographic materials on HIS WEBSITE, who's website is in the MVP HOST Block list, and who provides a tool for your use that will block access to reputable anti-malware sites without telling you he's doing it? And do you really want to trust someone that has had to change their posting identity after being busted by MS as a fake MVP? Stalking, even in usenet is a crime, there are enough pages from your filthy site to prove you're stalking me in your posts, I have them documented and certified authentic - it's your call now Stalker. -- Leythos - spam999free@rrohio.com (remove 999 to email me) Public Service Warning: Learn about PCButts before you trust: http://www.velocityreviews.com/forums/t513604-author-of-removeit.html http://www.google.com/search?hl=en&q=pcbutts1+thief
Guest Alias Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? rod wrote: > Just a FYI > > I tried numerous times for system restore, employing differing dates, > the process went thorough to reboot, then a pop up screen > arrived saying it could not restore and that nothing had changed. > I guess the trojan is responsible. By now you could have reinstalled XP. That's what I would do. Alias > > > "rod" <pookiethai@NOSPAMiprimus.com.au> wrote in message > news:%23JM2Kf%23FJHA.616@TK2MSFTNGP06.phx.gbl... >> We have that infernal Zlob trojan, >> nothing else seems to remove it, >> maybe we need to reload Windows? >> >> Thanks. >> >> >> > >
Guest PA Bear [MS MVP] Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? Ignore this MVP imposter! For some background on this well-known thief, see David Lippman's posts in this thread: http://groups.google.com/group/microsoft.public.security.homeusers/browse_frm/thread/5172ca5571f3e54f/656904085932c872 Specifically http://groups.google.com/group/microsoft.public.security.homeusers/msg/213247814fb4d61e and http://groups.google.com/group/microsoft.public.security.homeusers/msg/e19fce884897662f -- ~Robear Dyer MS MVP-IE, Mail, Security, Windows Desktop Experience https://mvp.support.microsoft.com/default.aspx/profile/robear.dyer The Real Truth MVP wrote: > Use my Remove-it software, it will remove that malware from your system. > Choose yes for all options when prompted. Download it here > MUNGE://pcbutts1.com/downloads/tools/tools.htm > > > > > "rod" <pookiethai@NOSPAMiprimus.com.au> wrote in message > news:%23JM2Kf%23FJHA.616@TK2MSFTNGP06.phx.gbl... >> We have that infernal Zlob trojan, >> nothing else seems to remove it, >> maybe we need to reload Windows? >> >> Thanks.
Guest David H. Lipman Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? From: "rod" <pookiethai@NOSPAMiprimus.com.au> | Just a FYI | I tried numerous times for system restore, employing differing dates, | the process went thorough to reboot, then a pop up screen | arrived saying it could not restore and that nothing had changed. | I guess the trojan is responsible. No. It is not the Trojan's fault. If you *must* do a system restore, I suggest performing it in Safe Mode. Doing it in Safe Mode has a greater chance that it will succeed. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest rod Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? Yes, you are of course, correct, alas! I am human...and hope springs eternal (wry grin) "Alias" > By now you could have reinstalled XP. That's what I would do. > > Alias
Guest rod Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? Thank you David, I hadn't considered that, I give it a go. Its either that or reload windows, I deleted something along the way (maybe Vista drive.exe) and I have lost my quick launch bar icons. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:u6ZNA%23FGJHA.4480@TK2MSFTNGP06.phx.gbl... > From: "rod" <pookiethai@NOSPAMiprimus.com.au> > > > > | Just a FYI > > | I tried numerous times for system restore, employing differing dates, > | the process went thorough to reboot, then a pop up screen > | arrived saying it could not restore and that nothing had changed. > | I guess the trojan is responsible. > > No. It is not the Trojan's fault. > > If you *must* do a system restore, I suggest performing it in Safe Mode. > Doing it in Safe Mode has a greater chance that it will succeed. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > >
Guest rod Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? Restore failed in safe mode on 4 dates. It would run through to reboot, as soon a I typed in the administrators password, the fail pop up screen arrived. I found the quick launch bar. >> If you *must* do a system restore, I suggest performing it in Safe Mode. >> Doing it in Safe Mode has a greater chance that it will succeed. >> Dave >> http://www.claymania.com/removal-trojan-adware.html >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest David H. Lipman Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? From: "rod" <pookiethai@NOSPAMiprimus.com.au> | Restore failed in safe mode on 4 dates. | It would run through to reboot, as soon a I typed | in the administrators password, the fail pop up screen arrived. Like I wrote, malware can corrupt the System Restore cache. Either the following or a wipe and OS reinstall... Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe Then post the contents of the HJT log in your post in one of the below expert forums... { Please - Do NOT post the HJT Log here ! } Forums where you can get expert advice for HiJack This! (HJT) Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.malwarebytes.org/forums/index.php?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest nass Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? Then you way is a clean install, don't hang about for more experments unless you want to do so! Step-By-Step Windows XP: Installation http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx Step-By-Step Windows Vista: Installation http://www.w-tweaks.com/html/windows_vista_setup__step_by_s.html HTH, nass --- http://www.nasstec.co.uk "rod" wrote: > > Restore failed in safe mode on 4 dates. > It would run through to reboot, as soon a I typed > in the administrators password, the fail pop up screen arrived. > > I found the quick launch bar. > > > >> If you *must* do a system restore, I suggest performing it in Safe Mode. > >> Doing it in Safe Mode has a greater chance that it will succeed. > >> Dave > >> http://www.claymania.com/removal-trojan-adware.html > >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > >
Guest rod Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? Thank you for your continued support. Look, I honestly don't know how it occurred, but my computer seems stable and there have been no further pop up screens, I feel I have actually nailed the bugger. I used Rootkit revealer, unhackme, hijack this, along with others, and pcbutts , I followed the advice to the letter and it seems shot. The only thing I feel left to do, is to follow "Spycachers" advice and cleanse my "restore folder" and make a new restore point. Thanks to everybody, this thing is a real nasty, AFAIK I got it when executing a Codec exe, for a supposed clip upgrade. I wont be going anywhere near those again thank you. You fellas (and lady) do a great job. Rodney "nass" <nass@discussions.microsoft.com> wrote in message news:A4A28AEA-6DCB-44B7-86D7-C59F6F597592@microsoft.com... > > > Then you way is a clean install, don't hang about for more experments > unless > you want to do so! > Step-By-Step Windows XP: Installation > http://www.microsoft.com/windowsxp/using/setup/winxp/install.mspx > Step-By-Step Windows Vista: Installation > http://www.w-tweaks.com/html/windows_vista_setup__step_by_s.html > > HTH, > nass > --- > http://www.nasstec.co.uk > > > "rod" wrote: > >> >> Restore failed in safe mode on 4 dates. >> It would run through to reboot, as soon a I typed >> in the administrators password, the fail pop up screen arrived. >> >> I found the quick launch bar. >> >> >> >> If you *must* do a system restore, I suggest performing it in Safe >> >> Mode. >> >> Doing it in Safe Mode has a greater chance that it will succeed. >> >> Dave >> >> http://www.claymania.com/removal-trojan-adware.html >> >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp >> >> >>
Guest David H. Lipman Posted September 17, 2008 Posted September 17, 2008 Re: Can Zlob be removed by using a restore point? From: "rod" <pookiethai@NOSPAMiprimus.com.au> | Thank you for your continued support. | Look, I honestly don't know how it occurred, | but my computer seems stable and there have been no further | pop up screens, I feel I have actually nailed the bugger. | I used Rootkit revealer, unhackme, hijack this, along with others, | and pcbutts , I followed the advice to the letter and it seems shot. | The only thing I feel left to do, is to follow "Spycachers" advice | and cleanse my "restore folder" and make a new restore point. | Thanks to everybody, this thing is a real nasty, AFAIK I got it when | executing a Codec exe, for a supposed clip upgrade. | I wont be going anywhere near those again thank you. | You fellas (and lady) do a great job. | Rodney The fact that you could NOT perform a restoration from a system Restore point even in Safe mode and the fact that you still note problems goes back to what I previously posted. That is post to an Expert Forum or wipe the PC and reinstall the OS. As for Butts software. It is plagiarized and stitched software that uses simple constructs to delete files and registry entries. Its ability to remove malware that integrates malware into the OS is poor at best. Since it is plagiarized Butts has no comprehension of its abilities and disabilities. If you allow it to install a etc/hosts file it will also BLOCK legitimate anti malware sites. I'll post this one last time in case you are willing to work at removing the malware and in fixing any problems created by the malware. Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe Then post the contents of the HJT log in your post in one of the below expert forums... { Please - Do NOT post the HJT Log here ! } Forums where you can get expert advice for HiJack This! (HJT) Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.malwarebytes.org/forums/index.php?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest rod Posted September 18, 2008 Posted September 18, 2008 Re: Can Zlob be removed by using a restore point? Thanks David, understood. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23pv2gnQGJHA.1456@TK2MSFTNGP03.phx.gbl... > From: "rod" <pookiethai@NOSPAMiprimus.com.au> > The fact that you could NOT perform a restoration from a system Restore > point even in Safe > mode and the fact that you still note problems goes back to what I > previously posted. > That is post to an Expert Forum or wipe the PC and reinstall the OS.
Recommended Posts