How did this Trojan appear?

  • Thread starter Thread starter wrkg_onit@yahoo.com
  • Start date Start date
W

wrkg_onit@yahoo.com

My system configuration: Win XP SP2 with all updates, firewall on,
behind a router. AVG anti-virus. At the time of the incident I had
several Opera browser windows open, and pointed to respectable
financial sites like finance.yahoo. Outlook Express was loaded and may
or may not have been downloading email. Microsoft Excel was the only
other user application running.

What happened was AVG suddenly reported an attempt by "Trojan horse
downloader Zlob.ABQ" to load into one of my system restore
subdirectories. How can this happen without me clicking on an
attachment or popup, etc.?
 
So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971

Zlob usually installs when you click on a fake message prompting you to
download a new Codec or ActiveX Control to view a video cf.
http://msmvps.com/blogs/hostsnews/default.aspx

Such infections are usually accompanied by Vundo and SDBot infections these
days.

No anti-virus application can protect you from all hijackware, and AVG is
the worst-performing AV app of the lot.

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal...n:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2....emoving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/



wrkg_onit@yahoo.com wrote:
> My system configuration: Win XP SP2 with all updates, firewall on,
> behind a router. AVG anti-virus. At the time of the incident I had
> several Opera browser windows open, and pointed to respectable
> financial sites like finance.yahoo. Outlook Express was loaded and may
> or may not have been downloading email. Microsoft Excel was the only
> other user application running.
>
> What happened was AVG suddenly reported an attempt by "Trojan horse
> downloader Zlob.ABQ" to load into one of my system restore
> subdirectories. How can this happen without me clicking on an
> attachment or popup, etc.?
 
From:

| My system configuration: Win XP SP2 with all updates, firewall on,
| behind a router. AVG anti-virus. At the time of the incident I had
| several Opera browser windows open, and pointed to respectable
| financial sites like finance.yahoo. Outlook Express was loaded and may
| or may not have been downloading email. Microsoft Excel was the only
| other user application running.
|
| What happened was AVG suddenly reported an attempt by "Trojan horse
| downloader Zlob.ABQ" to load into one of my system restore
| subdirectories. How can this happen without me clicking on an
| attachment or popup, etc.?

One possibility for a ZLob Trojan...
You visited some video site. Maybe a p0rno video site. When you went there it indicated
that to play the video you needed to install a Video Codec or Video ActiveX whicgh it was
neither. It was a ZLob.

Please provide more specific information such as the fully qualified name and path to the
file deemed infected with the ZLob Trojan.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Wow. Lots of link. I've got a simpler advice.
Get a Mac.
http://www.apple.com/getamac



PA Bear [MS MVP] felt like saying:

> So How Did I Get Infected Anyway?
> http://www.wilderssecurity.com/showthread.php?t=27971
>
> Zlob usually installs when you click on a fake message prompting you to
> download a new Codec or ActiveX Control to view a video cf.
> http://msmvps.com/blogs/hostsnews/default.aspx
>
> Such infections are usually accompanied by Vundo and SDBot infections these
> days.
>
> No anti-virus application can protect you from all hijackware, and AVG is
> the worst-performing AV app of the lot.
>
> Unexplained computer behavior may be caused by deceptive software
> http://support.microsoft.com/kb/827315
>
> Run a /thorough/ check for hijackware, including posting your hijackthis log
> to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal...n:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2....emoving_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
> by an expert in such matters, not here.**
>
> If the procedures look too complex - and there is no shame in admitting this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
 
Back
Top