A trojan horse fix

[railrider1920]

Hi Folks,
I downloaded a program last week. I checked it with AVG anti virus and it said that it was clean. I opened it and installed it and I got a trojan horse. At least I think it came in with that particular program. It was a .zblob type of trojan. The AVG that runs in the background popped up and said that the trojan was there, but it wouldn't get rid of it.

I tried a couple different types of spyware/maleware removal programs. Nothing found it. I turned of AVG and tried a couple of other anti virus and they didn't find it either.

Someone mentioned to my wife that microsoft had a maleware program that would find it. I did a search and came up with "onecare live"

http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt

I had to download a couple of files and it then searched my computer. It's an online search tool. It took a while for it to go through my computer, but it found the trojan horse and got rid of it. I ran it again and it wasn't found. Very happy about that. Now that I got rid of it, any thing specific I should do in regards with my computer?

I just thought that I would share this with everyone here in case you get a nasty virus that you can't get rid of.

happy surfing and turning

 

[cowchaser]

I will tell you that if you did not turn off your system restore before you ran it, it is not gone. It is still there.

 

[railrider1920]

OK. Why? So now what? Do I turn off the system restore and try it again? DO I try to set the computer back to a date before the download? I tried to set it back first and it wouldn't let me. Any suggestions are welcome?

Thanks

 

[toolcrazy]

Q. How do I delete restore points in System Restore?
A.

You can either delete all restore points except the latest one, or all the restore points
•

To delete all restore points except the latest one, use the Disk Cleanup utility. Click Start, All Programs, Accessories, System Tools, and then Disk Cleanup. Click on the more options tab and then select Clean up in the System Restore dialog box.
•

To delete all the restore points on your computer, disable and re-enable system restore on the system. Click Start, Control Panel, and then the System icon. Click on the System Restore tab in the dialog box, select the Turn off System Restore check box, and click Apply. Clear the check box again to re-enable System Restore and then click OK.
•

You can reduce the number of restore points saved by decreasing the total amount of disk space available to System Restore. Note that less available disk space will decrease the relative number of restore points.

---------------

You need to remove all system restore points, then run the scan again. Personally, I have the system restore turned off. It wastes disk space and it don't work most of the time.

 

[WWAtty]

See if this might help remove your zlob trojan:
http://www.f-secure.com/v-descs/zlob.shtml

Cheers

 

[GaryMGg]

I'm a big fan of TrendMicro; if you go to Trend they have free scanning and repair tools for home users.

 

[railrider1920]

Thanks to everyone for all the suggestions.

Toolcrazy, I turned off the system restore and ran the onecare live again and it didn't find anything.

Gary, I forgot about trendmicro, I'll run that one also.

WWatty, I'll look into that one.

Has anyone ever delt with Castlecops.com? I'm thinking about downloading and running the hijackthis program and posting the results on their site. I'm concerned about doing whatever they might suggest. I have no clue who they are. How do I know what they suggest will help and not hurt my computer any more?

Thanks again for all your help and suggestions

 

[WWAtty]

Be careful with some of those web-based apps and downloads. Some of them are malicious, and disguised as legit programs. There are also many "antivirus" and "antispyware" progs that are actually malware themselves.

Check reputable download sites like CNET, Tucows, etc., and read some of the reviews before downloading.

There is also a good, free browser plugin called McAfee Site Advisor. http://www.siteadvisor.com/
This places color-coded icons next to search results to give an indication as to whether the site has malware or not. Site Advisor isn't perfect, but it can help steer you away from some of the dubious sites out there.

Cheers.

 

[Aderhammer]

If it's hidden itself inside the registry the virus and spyware progs don't pick it up. Google for a free program called sd fix that must be run in safe mode. It resets and cleans out the registry. It's worked for me before. Oh and another note, only run one anti virus or anti spyware program at once, they don't work when there is multiple running.