A few days ago I received an alert saying that I had a virus alert, TrojanDownloader:Win32/Zlob.
It was creating pop-ups of programs to download to get rid of them. After I did it, I quickly researched and I realized they were probably "The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections." So, I quickly removed those programs (MalwareCore, Virus Ranger) and everything that had to do with them.
I finally manually deleted/removed infected files that were detected: by ending process trees in the task manager and disabling them in the startup, I permanently deleted the files. (And also disabling them in the Internet Explorer add-ons)
I have been running Windows Defender and it removed the trojan.
So, I have ran Adware Alert scan and it has detected 260 infected files, but they are all registry keys. I don't want to purchase the program because I believe there is another way to remove it all. I've been reading other posts and saw there are other free removal programs, like spybot or ad-aware.
What it says:
Downloader: Zlob
Rogue AntiSpyware: MalwareCore
VirusRanger
VirusRescue
Trojan: BHO
Zlob
underneath each of these subjects is a list of registry keys infected.
At first I was tempted to delete these all myself, but I read that it wasn't smart to do.
I've also read that I can disable them by putting an apostrophe(') in front of the file name.
But, I don't want to disable them, I want to remove them.
In another post they were advised to restore the registry keys, but doing this makes me nervous.
Currently: I just ran both adware alert and windows defender: defender says everything running normally, adware still detects all the registry keys.
Oh yeah, I have Norton AntiVirus, and in its threat report it says that the delete failed for VirusRescue, and repair failed for Downloader.
Any advice in what I should do? Thank you, in advance, for your help.
February 21st, 2008, 6:02 pm
