Comments on: Virus Found - Possible Threat “Trojan.Zlob” Undetected in many front line scanner http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/ I would try to share what I have learnt Fri, 21 Nov 2008 04:21:10 +0000 http://wordpress.org/?v=2.6.3 By: ValanBose - Elite Team Vss http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1718 ValanBose - Elite Team Vss Wed, 14 May 2008 19:50:34 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1718 * Issue :- Getting lot of porn websites poping up. Getting lot of spyware popups. Does your computer infected with Trojan.Vundo. * Steps to Fix :- * Start your comp in safe mode with networking. * Go to the following location and look the following files if find those files Delete it.. C:\WINDOWS\pskt.ini C:\WINDOWS\SYSTEM32\DNnVyyay.ini C:\WINDOWS\SYSTEM32\DNnVyyay.ini2 C:\WINDOWS\system32\lTCfPqru.ini C:\WINDOWS\SYSTEM32\lTCfPqru.ini2 C:\Documents and Settings\Alan Borson\Application Data\CURITY~1 C:\Documents and Settings\Alan Borson\Application Data\SMBOLS~1 C:\Documents and Settings\Alan Borson\Application Data\SSTEM~1 C:\Documents and Settings\Alan Borson\Application Data\WinIFixer.com C:\Documents and Settings\Alan Borson\Application Data\WinTouch C:\Documents and Settings\Alan Borson\Application Data\WinTouch\wintouch.cfg C:\Documents and Settings\Alan Borson\My Documents\CROSOF~1.NET C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1 C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1\?ppPatch\ C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1\ati2evxx.exe C:\Documents and Settings\Alan Borson\My Documents\STEM~1 C:\Documents and Settings\Alan Borson\My Documents\WNSXS~1 C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\All Users\Application Data\Rabio C:\Program Files\JavaCore C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\mbols~1 C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Temporary C:\Program Files\webhancer C:\Program Files\webhancer\Programs\webhdll.dll C:\Program Files\webhancer\Programs\whinstaller.exe C:\WINDOWS\123messenger.per C:\WINDOWS\2020search.dll C:\WINDOWS\2020search2.dll C:\WINDOWS\apphelp32.dll C:\WINDOWS\asferror32.dll C:\WINDOWS\asycfilt32.dll C:\WINDOWS\athprxy32.dll C:\WINDOWS\ati2dvaa32.dll C:\WINDOWS\ati2dvag32.dll C:\WINDOWS\audiosrv32.dll C:\WINDOWS\autodisc32.dll C:\WINDOWS\avifile32.dll C:\WINDOWS\avisynthex32.dll C:\WINDOWS\aviwrap32.dll C:\WINDOWS\bjam.dll C:\WINDOWS\bokja.exe C:\WINDOWS\browserad.dll C:\WINDOWS\cdsm32.dll C:\WINDOWS\changeurl_30.dll C:\WINDOWS\cookies.ini C:\WINDOWS\default.htm C:\WINDOWS\didduid.ini C:\WINDOWS\licencia.txt C:\WINDOWS\megavid.cdt C:\WINDOWS\msa64chk.dll C:\WINDOWS\msapasrc.dll C:\WINDOWS\mspphe.dll C:\WINDOWS\mssvr.exe C:\WINDOWS\ntnut.exe C:\WINDOWS\pskt.ini C:\WINDOWS\saiemod.dll C:\WINDOWS\secure32.html C:\WINDOWS\shdocpe.dll C:\WINDOWS\shdocpl.dll C:\WINDOWS\start.exe C:\WINDOWS\stcloader.exe C:\WINDOWS\swin32.dll C:\WINDOWS\SYSTEM32\bedcajcc.ini C:\WINDOWS\system32\ccjacdeb.dll C:\WINDOWS\SYSTEM32\DNnVyyay.ini C:\WINDOWS\SYSTEM32\DNnVyyay.ini2 C:\WINDOWS\system32\fdwpscux.ini C:\WINDOWS\system32\iqhhytgm.ini C:\WINDOWS\SYSTEM32\lTCfPqru.ini C:\WINDOWS\SYSTEM32\lTCfPqru.ini2 C:\WINDOWS\system32\mgtyhhqi.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\tvyknjtf.ini C:\WINDOWS\system32\xucspwdf.dll C:\WINDOWS\telefonos.txt C:\WINDOWS\textos.txt C:\WINDOWS\voiceip.dll C:\WINDOWS\Web\default.htt C:\WINDOWS\winsb.dll "C:\WINDOWS\system32\yaywuuVn.dll" C:\WINDOWS\system32\urqPfCTl.dll C:\WINDOWS\system32\yaywuuVn.dll C:\WINDOWS\system32\whameprt.dll * yaywuuVn.dll -- This file could be winlogon entry. * So start > run> type regedit * Take a backup of registry. *HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify -- check for that file or folder if you find so delete it. * Search the file under registry also and delete it. * Now you can look for c:\program files\.....(any unwanted programs delete it). * Now you can delete all Temp files and prefetch. * Empty the recycle bin. * Restart the computer in normal mode. * Now try to access the IE check whether you find any poups. * I hope you wont get any poups..if so let me Know.. i will guide to run some removal tool to fix it.. ValanBose Vss Elite. * Issue :-
Getting lot of porn websites poping up.
Getting lot of spyware popups.
Does your computer infected with Trojan.Vundo.

* Steps to Fix :-
* Start your comp in safe mode with networking.
* Go to the following location and look the following files if find those files Delete it..

C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\DNnVyyay.ini
C:\WINDOWS\SYSTEM32\DNnVyyay.ini2
C:\WINDOWS\system32\lTCfPqru.ini
C:\WINDOWS\SYSTEM32\lTCfPqru.ini2
C:\Documents and Settings\Alan Borson\Application Data\CURITY~1
C:\Documents and Settings\Alan Borson\Application Data\SMBOLS~1
C:\Documents and Settings\Alan Borson\Application Data\SSTEM~1
C:\Documents and Settings\Alan Borson\Application Data\WinIFixer.com
C:\Documents and Settings\Alan Borson\Application Data\WinTouch
C:\Documents and Settings\Alan Borson\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Alan Borson\My Documents\CROSOF~1.NET
C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1
C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1\?ppPatch\
C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1\ati2evxx.exe
C:\Documents and Settings\Alan Borson\My Documents\STEM~1
C:\Documents and Settings\Alan Borson\My Documents\WNSXS~1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\mbols~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll
C:\Program Files\webhancer\Programs\whinstaller.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\licencia.txt
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\secure32.html
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\start.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\SYSTEM32\bedcajcc.ini
C:\WINDOWS\system32\ccjacdeb.dll
C:\WINDOWS\SYSTEM32\DNnVyyay.ini
C:\WINDOWS\SYSTEM32\DNnVyyay.ini2
C:\WINDOWS\system32\fdwpscux.ini
C:\WINDOWS\system32\iqhhytgm.ini
C:\WINDOWS\SYSTEM32\lTCfPqru.ini
C:\WINDOWS\SYSTEM32\lTCfPqru.ini2
C:\WINDOWS\system32\mgtyhhqi.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tvyknjtf.ini
C:\WINDOWS\system32\xucspwdf.dll
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\Web\default.htt
C:\WINDOWS\winsb.dll
“C:\WINDOWS\system32\yaywuuVn.dll”
C:\WINDOWS\system32\urqPfCTl.dll
C:\WINDOWS\system32\yaywuuVn.dll
C:\WINDOWS\system32\whameprt.dll
* yaywuuVn.dll — This file could be winlogon entry.
* So start > run> type regedit
* Take a backup of registry.
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify — check for that file or folder if you find so delete it.
* Search the file under registry also and delete it.
* Now you can look for
c:\program files\…..(any unwanted programs delete it).
* Now you can delete all Temp files and prefetch.
* Empty the recycle bin.
* Restart the computer in normal mode.
* Now try to access the IE check whether you find any poups.
* I hope you wont get any poups..if so let me Know..
i will guide to run some removal tool to fix it..

ValanBose
Vss Elite.

]]> By: layal http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1552 layal Thu, 24 Apr 2008 14:14:45 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1552 hi hi

]]> By: ValanBose - Elite Team Vss http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1472 ValanBose - Elite Team Vss Tue, 15 Apr 2008 16:45:47 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1472 Trojan Zlob\Trojan.Downloader :- =============================== It may come in an email asking you to check out a movie file or it may seek to push its way to your computer from malicious websites. In both cases a 'codec' will be offered in the guise of helping you watch a streaming video, but instead of showing the movie it will install a stealthy Trojan Downloader in your computer. That is Zlob Trojan. Trojan Zlob\Trojan.Downloader :-
===============================
It may come in an email asking you to check out a movie file or it may seek to push its way to your computer from malicious websites. In both cases a ‘codec’ will be offered in the guise of helping you watch a streaming video, but instead of showing the movie it will install a stealthy Trojan Downloader in your computer. That is Zlob Trojan.

]]> By: ValanBose http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1471 ValanBose Tue, 15 Apr 2008 16:39:31 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-1471 Trojan.Dropper - Its a virus,that could creat a base file under system32 location,whenever computer restarts the file will change and it drop the file in the same location. Trojan.Dropper - Its a virus,that could creat a base file under system32 location,whenever computer restarts the file will change and it drop the file in the same location.

]]> By: nikolaj http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-500 nikolaj Sun, 23 Dec 2007 15:43:17 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-500 thnx for the news thnx for the news

]]> By: Piyush http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-218 Piyush Wed, 31 Oct 2007 09:50:36 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-218 HO come u scan with alll the AV simltenously :O HO come u scan with alll the AV simltenously :O

]]> By: Piyush http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-217 Piyush Wed, 31 Oct 2007 09:49:22 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-217 Great................ Big guns are like.... Great…………….

Big guns are like….

]]> By: Utsav http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-210 Utsav Mon, 29 Oct 2007 15:44:50 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-210 lollzzzz. lollzzzz.

]]> By: ravi http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-209 ravi Mon, 29 Oct 2007 14:04:10 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-209 Top paid AV fails......... surprised!!!! Top paid AV fails………
surprised!!!!

]]> By: anandk http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-208 anandk Mon, 29 Oct 2007 12:33:15 +0000 http://www.chotocheeta.com/2007/10/29/virus-found-possible-threat-trojanzlob-undetected-in-many-front-line-scanner/#comment-208 really surprising to see 'big guns' failing... really surprising to see ‘big guns’ failing…

]]>