Zlob attack.....

fruitcake_2

I can't believe I fell for this one, my laptop is completely unusable right now, am on another pc trying to sort it out....it's such a malicious trojan, can't believe how fast it started to attack everything!

I made the fatal mistake of opening a "codec to upgrade windows media". Just a warning for anyone out there, please check your sources or you may end up like me...can't even load any virus scanners or spybot, jeeps telling me administrator has disabled the registry changes. System restore won't work and nothing will load in safe mode....any ideas....or do I need to face the inevitable and format....

DCFC79

fruitcake wrote: »

I can't believe I fell for this one, my laptop is completely unusable right now, am on another pc trying to sort it out....it's such a malicious trojan, can't believe how fast it started to attack everything!

I made the fatal mistake of opening a "codec to upgrade windows media". Just a warning for anyone out there, please check your sources or you may end up like me...can't even load any virus scanners or spybot, jeeps telling me administrator has disabled the registry changes. System restore won't work and nothing will load in safe mode....any ideas....or do I need to face the inevitable and format....

id start it in safe mode and run anti virus but i could be wrong mind

gaming_guy

tried doing a scan with the kaspersky AV boot disk?

just burn it to a cd, make sure the laptop is set to boot from cd and away you go. it may be best to try it overnight as from experience it takes ages

edit

DCFC79 wrote: »

id start it in safe mode and run anti virus but i could be wrong mind

fruitcake wrote: »

System restore won't work and nothing will load in safe mode....any ideas....or do I need to face the inevitable and format....

Reluctant_spender

Malware Bytes

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Browntoa

yep, Malwarebytes will do it

2nd vote

bingo_bango

Specifically for Zlob attacks, I found SmitFraud Fix to be ideal. Saved me a lot of grief, and doesn't take any more than about 10 mins to do a full scan and delete. Found 70 copies of Zlob on my machine, and that was after I had disconnected from net. Do follow the instructions thoroughly, as it took me two goes to get it right (must remember to try things like this sober from now on!).

fruitcake_2

gaming_guy wrote: »

tried doing a scan with the kaspersky AV boot disk?

just burn it to a cd, make sure the laptop is set to boot from cd and away you go. it may be best to try it overnight as from experience it takes ages

edit

Thank will try this as, I can't actually run or save any software on to the desktop ....whether in safe mode or not.....will let you know....;)

Donnie

fruitcake wrote: »

Thank will try this as, I can't actually run or save any software on to the desktop ....whether in safe mode or not.....will let you know....;)

I actually recommend you use the Avira Rescue System to create the CD, as it doesn't require anything else to work to full utilisation.
Alternative image file

Info here.

Using an uninfected computer, place a blank CD in to the drive, run the .exe file and follow the instructions. Once the CD is created you can use it on boot up with the infected computer.

Here is a simple usage guide

MothballsWallet

fruitcake: I had a similar problem fixing a friend's laptop, as Browntoa will tell you and advised me on.

I ended up creating a boot CD with an antivirus toolkit's rescue set on it (a minimal Linux system with a menu-driven scan and repair tool), used that to clean off carp as much as possible, then was able to boot Windows and run MBAM, along with AVG8, Spybot, Ad-Aware and Spyware Blaster just to be safe.

So, that's another vote for MBAM and a rescue disk from me - especially if Safe Mode won't load for love nor money.

Linbox

I had the same problem last week - I used this info http://forums.majorgeeks.com/showthread.php?t=139313 to clean it up.

HTH