Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 06-12-2006, 10:42 PM   #1
Baseband Member
Join Date: Jun 2006
Posts: 21
Default Virus alert?

I keep getting this suspicious virus alert in my toolbar telling me that i have critical errors, i know i do of course but i'm wondering if this this virus alert on my toolbar is actually windows or just more spyware? also I have contracted the
zlob downloader. Is this the zlob trojan? also everytime i fix the zlob downloader in spybot search and destroy i'll scan my computer again and zlob downloader will be back up there even though i have already cleaned it. can anyone help me????? I really do not want to have to re-install windows. plus i don't have the disc. PLEASE HELP ME!!!!!!!!!!!

Gnarly is offline   Reply With Quote
Old 06-12-2006, 11:15 PM   #2
Baseband Member
Join Date: Jun 2006
Posts: 21
Default Re: Virus alert?

PLEASE!!!! reply?!

Gnarly is offline   Reply With Quote
Old 06-12-2006, 11:51 PM   #3
Baseband Member
Join Date: Jun 2006
Posts: 42
Send a message via AIM to V3RT1G0 Send a message via MSN to V3RT1G0 Send a message via Yahoo to V3RT1G0
Default Re: Virus alert?

well i think i once had a zlob downloader but i deleted but yes it is a trojan downloader sadly for you but if it comes to you having to reinstall windows just reformat you will have to lose all your data though ... and to keep it from coming back just turn system restore off (google) log into safe mode (F8 when you reboot, press it constantly) and scan your computer with anti virus and adware/spyware tools and try to remove it...
Dell E310 | Intel Pentium 4 HT 521 AKA Prescott 2.8 ghz Dual Threads | 512mb Samsung DDR2 RAM | Intel Extreme Gfx
(lol) soon to be upgraded | 17 inch CRT Screen (lol) | My Website - www.fuseix.com
V3RT1G0 is offline   Reply With Quote
Old 06-13-2006, 08:17 AM   #4
Golden Master
Join Date: Apr 2006
Posts: 7,534
Default Re: Virus alert?

Try to download HiJackThis and then post your log here, if possible.
LA061 is offline   Reply With Quote
Old 06-13-2006, 09:43 AM   #5
Golden Master
dude_se's Avatar
Join Date: Nov 2004
Posts: 8,632
Send a message via AIM to dude_se Send a message via MSN to dude_se
Default Re: Virus alert?

you can also post your hijack this log on "hijackthis.de" and it will tell you whats harmful. "trend micro" or any other online virus scanners are good aswell. look all through your c drive (use the search if you want) and remove all traces of the zlob thing.
Laptop spec: ASUS X53E, i5 2430m 2.4ghz, 3gb ram, 320gb hdd, intel hd graphics, usb 3.0
dude_se is offline   Reply With Quote
Old 06-13-2006, 01:12 PM   #6
Baseband Member
Join Date: Jun 2006
Posts: 23
Default Re: Virus alert?

You have what is commonly referred to as a "Smitfraud" infection.

There's no need to reformat or reinstall Windows to remove this infection. It just requires the correct tools.

Download SmitfraudFix by S!Ri from either of these mirrors to your desktop:

SmitfraudFix Mirror 1
SmitfraudFix Mirror 2

Right click SmitfraudFix.zip and Extract (unzip) the SmitfraudFix folder inside to your desktop.

Open the SmitfraudFix folder and double-click "smitfraudfix.cmd"

Select option #1 - "Search" by typing 1 and pressing "Enter".

Copy & paste the contents of the text file which appears back here please.


Also post a hijackThis log as previously suggested.

Download HJTsetup.exe to your desktop.

Double-click HJTsetup.exe icon on your desktop to start the installation.

By default it will install to C:\Program Files\Hijack This.

Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.

Put a check by Create a desktop icon then click Next again.

Continue to follow the rest of the prompts from there.

At the final dialogue box click Finish and it will launch Hijack This.

Click the Do a system scan and save a logfile button. It will scan and the log should open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and Paste the log (Ctrl+V) in your next reply.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
John McKenna is offline   Reply With Quote
Old 06-13-2006, 04:48 PM   #7
Baseband Member
Join Date: Jun 2006
Posts: 21
Default Re: Virus alert?

alright but i'm also wondering about the virus alert box that keeps popping up in my toolbar. Its just a red box that says Virus Alert!! you have critical system errors and etc. is that spyware? If it is will it go away after i get rid of the smitfraud?
Gnarly is offline   Reply With Quote
Old 06-13-2006, 05:01 PM   #8
Baseband Member
Join Date: Jun 2006
Posts: 23
Default Re: Virus alert?

It shall indeed. The first part of the fix will tell us which files are present on your system. The second part of the fix will remove them and the fake virus alert on your desktop.
John McKenna is offline   Reply With Quote
Old 06-13-2006, 05:15 PM   #9
Baseband Member
Join Date: Jun 2006
Posts: 21
Default Re: Virus alert?

alright here is my smitfraudfix file log
SmitFraudFix v2.60

Scan done at 17:12:34.21, Tue 06/13/2006
Run from C:\Documents and Settings\charlie enders\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode






C:\WINDOWS\system32\acvgxw.dll FOUND !
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

C:\Documents and Settings\charlie enders\Application Data

Start Menu


C:\DOCUME~1\CHARLI~1\FAVORI~1\Antivirus Test Online.url FOUND !


C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !

C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !
C:\Program Files\SpywareQuake.com\ FOUND !

Corrupted keys

Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName"="My Current Home Page"

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]



Scanning wininet.dll infection

Gnarly is offline   Reply With Quote
Old 06-13-2006, 05:17 PM   #10
Baseband Member
Join Date: Jun 2006
Posts: 21
Default Re: Virus alert?

first part of hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 5:14:30 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\AOL\1135526062\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\charlie enders\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O2 - BHO: Great Offers Displayer - {CE05B815-6F98-4ADD-AEB7-60BB2D4264F1} - c:\WINDOWS\bh.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

Gnarly is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 11:04 PM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0