Dads computer hijacked?

[frostybrad]

Hay guys... Im having a issue with my dads computer. We start up the IE and a pop up shows up saying he has some sortta trojan on his computer by the name of TrojanZlob.x.a and wants us to install software to remove it.. obviously I know better.

Avg anitvrius doesn't seem to be finding it. Adaware SE hasn't picked anything up. I have shut off a few satart up programs via Winpatrol, but nothing has seemed to help. I know somethings wrong becasue on occasion when IE is started, it goes to some porn website homepage instead of Yahoo.....

anyone have any suggestions?? I am going to install NOD32 and see if that finds anything...... but all sugestions are welcome....

thanks

[Tech Geek Deluxe]

If the "nasty" will let you go to "trend micro's" housecall ... then may times that online scanner can clean your pc up.

If it is a sophisticated trojan with assorted bugs ... it may not let you connect.

Search for "housecall"

[polobunny]

Here's how I proceed normally when cleaning a computer with virus and spyware;
Run
AVG Antivirus Free
HiajckThis!
Spybot Search and Destroy
Windows Defender
Lavasoft Ad-Aware 2007
CCleaner
smitfraud fix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe)
VundoFix (VundoFix.exe - www.atribune.org)

[Carl Martin]

I've encountered various Zlob trojans and have always had success with SpyBot. (It's worked twice when Spy Sweeper failed.)

What ever you use, be sure to delete all system restore files to avoid reinfection.

Carl

[One4yu2c]

With a quick jaunt on Google, it looks like others haven't had much success catching it with anti-virus suites, either. As mentioned, turn your attention towards anti-spyware programs. If it were me, I'd scan with Spybot Search and Destroy, Adaware, A-Squared, and if it still persists, I'd recommending scanning with HijackThis! and post a log for us to look at (HijackThis! doesn't discern between good and bad entries, so don't delete/'fix' anything unless you're sure it doesn't belong).

And hey, thanks for bringing up a prime opportunity to pimp myself:
Heal and Inoculate Your PC - Paul Lilly

[halutzparilla]

i had same problem before and here is my thread i hope it help...

Pop Up annoyance

[polobunny]

Quote:

Originally Posted by One4yu2c

With a quick jaunt on Google, it looks like others haven't had much success catching it with anti-virus suites, either. As mentioned, turn your attention towards anti-spyware programs. If it were me, I'd scan with Spybot Search and Destroy, Adaware, A-Squared, and if it still persists, I'd recommending scanning with HijackThis! and post a log for us to look at (HijackThis! doesn't discern between good and bad entries, so don't delete/'fix' anything unless you're sure it doesn't belong).

And hey, thanks for bringing up a prime opportunity to pimp myself:
Heal and Inoculate Your PC - Paul Lilly

I tried free A-Squared. So-so program, even more since there's a resident program running always in the background (doing nothing) even when the program is closed...

[frostybrad]

Okay, not sure if I have it licked or not, but heres what I did...

ran Spybot and it found nothing..... Ran AVG and found nothing (then uninstalled it) . Ran Adaware Se and it found a few minor things but not the main virus. I installed Winpatrol which is a great little program (in my opinon its the program to have). This allowed me to disable the services that i didn't need running (should say "he") and narrowed the services down to what I thought was the bad one. this allowed me to stop the process and remove it from memory. I installed NOd32 and it found 7 traces of the infection in various parts of the computer, and I also did a disk cleanup and also shut off system restore to erase the restore points..... I wouldnt have done that so thanks for that tip!!

and so far the message has not come back, even after rebooting. Winpatrol tells me there is a startup program asking for permission to start when windows starts, and I beleive this is the file.... %^&%Rotate.dll (can't remember at the moment whats infront of the word rotate), but at least with Winpatrol I just say no, and it won't activate....... obviously I need to remove that file still, but its cornerd and won't start!!


thanks for the thoughts and help guys..... muchly appreciated as always, thanks..

[polobunny]

Use HijackThis! to remove the rogue file. It's almost guaranteed to work. :)

[Stormcrow]

Yep, HijackThis! has removed various trojans from the family Dell computer.
|MG| Trend Micro HijackThis 2.02
It runs in it's own folder, no need to install it. After it scans your computer, leave it open but save the .txt file it generates.
Then go here: HijackThis Logfileauswertung
Upload the logfile, and it'll display the results of whats a nasty infection and whats not. The site is used worldwide and each threat is rated by people who use the program, so I have no trouble finding whats a virus/trojan/malware.
Then just match up the trojan it finds with the same name as one in the program itself (this is why you didn't close it), and fix it. Pretty straightforward, might make a good guide to write to include pictures and such.
Also as mentioned, delete your system restore files so that it doesn't reload the trojan by mistake.