Hello (possiable) helpers.

Im not the best person to figure out diffrent computer errors and so on, but I do know when I get an virus or any other kinde of addware that makes my computer mess up.

Today my virus scanner told me I had been infected by a downloading trojan called Zlob.fc, and I healed it plenty of times but keeps comming back. So I goggled the name and ended up getting ton of hits on diffrent ways of removing it. Sadly it seems im complitly retarded to do some of the guids.

I scanned it with

Qoofix v1.04 (noticed one of your helpers linking it)
CCLeaner (some other site mod told me to use this with some others)
Counterspy (same person as abow)
Spybot - Search & Destroy (same person)
And a few "trial" programs that I honestly didnt feel like spending 29$ for

I know that its quite alot of diffrent programs to be using, but I really want it to be gone so that I wont end up loosing anything valuable by this Virus

My brother helped me sort out how to use the program hijackme (renamed the program as another site mod said that some virus/adware can bypass it) Attached file is from the log

Hi TheLitch,

There is marks about Trojan.Vundo

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.Important note -- It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
==============================================================

Nuppi

I downloaded the program that you had suggested and did scan trough with it, didnt get anything from it thou. So I can imagen that its because Im no longer infected? I how ever did scan a new one with hijack

hi,
Please follow Those (http://www.short-media.com/forum/showthread.php?t=51142) instructions,

Scan with smithfraudfix with option #1 and send its rapport.txt

Followed te entire guide, including the check list for hijack just to be sure. Proved to no longer be a problem, and the program that you linekd was very easy to use so thansk for that here is the reprot log

Hi
Yes it seems good :)

Lets finish cleaning :

Please do the following...

1. Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.

Rescan with hijackthis, and Check those

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - D:\WINDOWS\system32\pmnnnol.dll (file missing)
O20 - Winlogon Notify: pmnnnol - pmnnnol.dll (file missing)

Close all programs exept hijack and click fix checked.

Boot comp

Im dling the program you linked as Im writing this, I got a question, what way of starting up your windows are you using, if you write msconfig in run, what havave you choosen. One of the other guids I had been linked to had told me to "Normal start" when I was using "customize start" (keep in minde Im translating from danish :/)

And can I do the part with hijack before I reboot into safe mod `?

Yes you can, I did see that yuo have danish windows :)

Yes, yiou can fix those lines before scanning by AVG :)

Allright it took a bit longer then expected as my pc had problems getting into safe mode, h ow ever that is fixed now and here are the two reports, hijack first and then spyware as the 2nd file

hijackLog is clean. As you see, AVGs raport. Nothing was cleaned. Study instructions and scan again :D


You dont have good firewall. Windows own is not good enough.

Please download one.

Just noticed that I had forgot to press the action button as the guid told me to. And if you think Im in need of a firewall, withc one can you personaly suggest ?

There are many good free firewalls,

Zone Alarm, Kerio, Outpost ... Try one off those :D

Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips (http://www.short-media.com/forum/showthread.php?t=39435) that Short-Media offers.

This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

If you are not the user who started this thread, you must start a new Thread (http://www.short-media.com/forum/newthread.php?do=newthread&f=57) instead :)

Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here (http://www.short-media.com/forum/showthread.php?t=29803)