TrojanDownloader:Win32/Zlob

[jjryan]

It gives me the following information. I succesfully remove it and it magically appears so I'm not sure how to remove it. Any tips? Here's the info from Windows Defender:

Category:
Trojan Downloader

Description:
This program has potentially unwanted behavior.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
process:
pid:872

file:
C:\Program Files\Video Access ActiveX Object\isamini.exe

Summary:
Application Execution change occurred.

This agent scans software just before it runs. You are alerted if the software has a high potential for harming your computer.

Checkpoint:
Running Processes

http://www.microsoft.com/security/encyc...wnloader%3aWin32%2fZlob&threatid=16998

 

[meltdown75]

First try booting into and running the scan in safe mode.

If it persists, you should try a bonafide virus scanner such as AVG or Kapersky. I would let Ad-Aware and Spybot: S&D also do a run-through as well.

While Defender does provide a measure of protection, your best bet is to use a multi-layered response and safeguard, such as the aforementioned apps in conjunction with one another. Good luck.

 

[Schadenfroh]

See my sig

 

[RebateMonger]

One reliable way to get rid of this, along with anything else that may have gotten installed that you don't know about, is to do a System Restore. Restore the system to a date prior to when you got infected. That will remove anything that's been installed after that date.

 

[Tegeril]

System restore is by no means a guaranteed-remove-everything spyware removal tool.

 

[redbeard1]

Oh... that one is a nuisance. Use this tool to try and remove it.

C:\Program Files\Video Access ActiveX Object\isamini.exe

SmitFraud Fix

 

[John]

Originally posted by: Schadenfroh
See my sig

Mine too.

 

[Medea]

You've got a Smitfraud infection. Print this out because you'll be working in Safe Mode.

Download SmitFraudFix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.exe and save it to your desktop.

Make sure your anti-spyware app is updated.

Check your Trusted Zones in IE and note if there are entries that you didn't place there.

Reboot into Safe Mode

Open the SmitfraudFix Folder, then double-click smitfraudfix.exe file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

Reboot back into Safe Mode.

Clean out your Temp folders and empty your Recycle Bin.

IF you have unknown entries in your Trusted Zone, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Note: If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install them. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Run your anti-spyware app.

Reboot into Normal Mode

SmitfraudFix will create a log named rapport.txt on the root of your hard drive which you can review.

 

[Lemon law]

In the specific case----you can often google the malware name and get a very good and targeted removal tool---and its true here.

In the more general case--Finding a specific removal tool may always not work as well when your existing malware arsenal is identifying that you are infected but not removing the infection. Rather than willy nilly discarding your entire security set up---be aware of things you can try. And only a small sub set are mentioned in this thread. But to memtion some options that sometimes work that are mentioned in this thread---google for specific removal tool---use safe mode to run scans---and rolling back to an earlier date might work too.

I would add---use free on line scans from various vendors---try loading free trial offers of anti-malware products---learn how to download, run, and post a log file using hijackthis.
When I bought a used computer infested with malware-- it took all those methods to get it all---and check for rootkits also.

But also get the big clue--if you got nailed once--you will get nailed again unless you tighten up security.---you have some good links on this threads for a how to---and add a visit to spywarewarrior.com to your to do list.