Trojan Zlob Removal - Malwarebytes

Trojan Zlob Removal - Malwarebytes
Use this tool to remove the zlob trojan from your computer. (whats is the zlob trojan?)

Malwarebytes Anti-Malware is a surprisingly effective freeware antimalware tool. It's a relatively speedy malware remover, with the quick scan taking about 8 minutes even with other high-resource programs running. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and dangerous apps.

The app has some nice features rolled in, too. It supports multiple drive scanning including networked drives, context menu options including a scan-on-demand for individual files, and the FileAssassin option under the More Tools section for removing locked files. The interface is simple, but pleasant-looking and well-organized. Tabs live just below the oversized logo, with few options per tab to keep down the clutter. The installation process was fast enough, but interestingly offered up the well-kept changelog and an instant definition file update.

Do note that the real-time protection is restricted to the paid version, as is the scheduler for updates and scans. Overall, though, Malwarebytes Anti-Malware is a responsive malware remover that does what it should with a minimum of fuss.


Removal of Zlob Trojan

Removal of Zlob Trojan
Spyware Doctor With Antivirus : This is one of the leading anti spyware and anti virus clients on the market and does remove Zlob. We use it all the time in the field and the only protection software sold to out customers.
What is the Zlob Trojan?

Notes about Zlob Trojan Removal

Anti-malware programs listed below are not targeted at particular fake applications installed by Zlob virus. Instead, they include necessary definitions and algorithms to fight a wide range of malware brought to Windows computers by Zlob.

This means that whether you are struggling to delete AntiVirGear of VirusProtect Pro, one single program from the list above can erase both - and lots more.

Therefore I see no point in listing files and directory names of any particular Zlob-driven fake security program because the list would be endless. It is important to kill the cause of annoying ads and PC misbehaving - which is Zlob itself. All those rogue progams are tip of the iceberg, so removing them alone and leaving main infection intact doesn't make any harm to Zlob.

malware bell Zlob Trojan Removal
Files Secure Trojan Zlob Removal
IE Antivirus Trojan Zlob Removal

Steps to remove Zlob manually

Listing all the filenames that can be generated by Zlob is out of the scope of this. The list would be too long to place it here, and still would miss newest mutations of the trojan. I tend to give a broader view of this malware so that everyone could take necessary steps to cure the infection with as little effort as possible, at minimal cost.

Manual removal of Zlob is complicated since each case of infection is different from others; this trojan makes a system-wide impact. However, deleting a couple of entries can significantly help to remove Zlob, and facilitate the task for Zlob removers to clean out the system completely.

1. Delete the Registry key of nvctrl.exe if present.

Go to Start-->Run, type in regedit.exe and click OK. The Windows Registry Editor will open.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Locate the value "nvctrl.exe" = "nvctrl.exe" and delete it.

2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

and delete the subkey: {724510C3-F3C8-4FB7-879A-D99F29008A2F}

3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

and delete the key: {724510C3-F3C8-4FB7-879A-D99F29008A2F}

4. Close the Registry Editor.

Deleting these keys increases the chancees to successfully remove Zlob in the shortest time possible.

Zlob Automatic Removal

SmitFraudFix is a free tool created to remover certain variations of Zlob trojan.

Download the application and save it to your desktop. Double-click to launch the rescue program. No installation is required - this is a click & run tool.

When the credits screen displays, select the option 2 (clean) and press Enter.

After a series of scans and cleanups, SmitFraudFix will ask if you want to repair the Registry. Answer Y and hit Enter. Then restart your computer.

After reboot, the tools will check wininet.dll and if infection is found, it will ask to replace the infected file. Select Y followed by Enter.

Reboot your computer once more. When logged on again, a log file will be displayed on the desktop or created in the root drive (normally C:\rapport.txt)

Download: SmitFraudFix
RogueFix Zlob Remover

RogueFix is another free tool that targets a number of malware threats including Zlob.

This remover performs best if run in Safe Mode. The set of instructions on the download page is pretty exhaustive, so there's no need to describe the steps. Advanced users will find them pretty simple and easy to follow.

Download: RogueFix.

F-secure Zlob Removal Tool

F-secure, a security software maker from Finland, added a little program to the set of zlob free virus removal tools. One more trojan Zlob removal weapon should be used to stop malware services and prevent them from running again. To use F-secure removal, it's necessary to logon in Windows Safe Mode.

Download: F-secure Zlob Removal Tool.

GMER Rootkit & Malware Detector

GMER is a free tool developed to reveal what's hiding inside the system. Rootkits, stealth malware, hidden modules and services are shown by this software. Because of its powerful detection system, GMER can greatly help to identify and remove Zlob parts.

Download: Gmer.
After Removing Zlob Trojan

It happens that once Zlob has been removed, a computer may lose access to the Internet. This is a side-effect of the Zlob trojan activity (one more reason to be protected against Zlob infection than struggle later to remove it). To repair the network settings and restore web access, a tool called LSPFix can be used.

Some commercial programs normally tackle the problem of lost Internet connection automatically.

Download LSPfix

NOTE: This is a non-installable file. When archive unzipped, double-click the executable file. The screenshot below is a sample only - your configuration may look differently.
LSPfix Trojan Zlob Removal


How Could You Be Infected?

You may ask yourself, “how in the world could I have been infected by this zlob trojan.” (what is the zlob trojan?) There are many different ways that this Trojan could have infected you. It is mainly found in sites for messaging and gaming. There are many different messaging sites that could have given you this trojan. Some sites to be specially mentioned are Yahoo instant messenger, AOL instant messenger, and Windows live messenger. The zlob trojan has also been hidden and transferred in online games. In gaming the games to be infected by online are mainly War craft, Call to Arms, and Counter Strike. These games have been known to hide the zlob trojan.

It's interesting to know how zlob distributes itself. Email spam has remained in the days gone. Hence, not many people use email anymore so the creators of the zlob troan needed to find a better way to get from computer to computer. Presently the zlob trojan is presented in the form of video codec. Videos are available on millions of websites on the web. Flash animation is ubiquitous. Multimedia content is everywhere. Because there are quite many formats of video and audio encoding, it's not uncommon to come across a website that requires some special plugin, browser add-on, or codec update. The creators of the zlob trojan exploited multimedia abundance by creating codecs with integrated malicious code. When a surfer is redirected to a website (or goes directly from a search engine), an innocently-looking windows pops up informing them about there "missing codec". Then it takes just a mouse-click to get infected with the zlob trojan and start receiving continuous ads about spyware infection, registry errors and the like.

One of the more common ways that this Trojan infects you is by popup windows. The popup will appear as some sort of apparent Windows notification. Then, once you click anywhere within the popup, even trying to close it, additional spyware will being to install itself and this is typically when Zlob installs itself.

All you need is the proper protecting and to be careful when looking at an apparent windows notification. If you are careful then you wont have to worry about any viruses and or trojans; however, if you are already infected you just need to follow some easy steps in order to fix your computer. Hopefully this has helped open your eyes and keeps you from getting infected in the future. If you follow these guides, then you wont have to lookup how to remove the zlob trojan again =]. Also view some Free Trojan Removal Software.


Removing DNSChanger Trojan aka trojan Zlob

What is a Trojan?

A Trojan is a program that enables an attacker to get nearly complete control over an infected PC. Frequently used tool by malicious hackers. When this program executes, the program performs a specific set of actions. This usually works toward the goal of allowing the trojan to survive on a system and open up a backdoor.

What is DNSChanger Trojan, aka the Trojan Zlob?

Trojan DNSChanger is name of group of trojans (zlob dns changer, Troj/Rustok-N, W32/Tidserv …) that hijacking your DNS settings and then redirecting you to malicious websites and stealing personal identities.

Like I said, DNSChanger trojan is not new, but according to the net-security, this new kind of DNSChanger trojan ‘now conducts brute-force attacks against the administration web interface of popular routers. The malware performs a “dictionary attack” based on a list of hardcoded credentials, consisting of the web interface URLs to popular routers – such as from vendors D-Link, Linksys and others -, and their default user names and passwords. This poses a great security risk for those users that do not change their router’s factory default settings. The Trojan tries one combination per approximately 100 milliseconds, which makes 600 combinations per minute.’
Trojan DNSChanger symptoms

* Windows Update redirects you to
* Search results in Google, Yahoo, MSN and other redirect you to other non related sites.
* Google/Yahoo/MSN results redirects you via or another fake site.
* Google/Yahoo/MSN has become slower when doing searches.
* Facebook and youtube redirects to different sites.

How To Remove DNSCHanger Trojan

1. Disable and remove trojan drivers.
Skip the step, if TDSSserv.sys or TDSSxyz.sys where xyz are random characters , msqpdxserv.sys, seneka.sys drivers are not listed in the list of drivers.

* Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
* Click Properties.
* Click Hardware Tab.
* Click Device Manager.
* In the top menu, click View and click Show Hidden Drivers.
* Scroll down to non Plug and Play drivers.
* Click + at left.
* In the list of drivers right click TDSSserv.sys or TDSSxyz.sys where xyz are random characters, msqpdxserv.sys, seneka or seneka.sys.
* Click Disable.
* Click YES for confirm.
* Close all windows and reboot your computer.
* Download Avenger from here and unzip to your desktop.
* Run Avenger, copy,then paste the following text in Input script Box:

Drivers to delete:

Files to delete:

Folders to delete:

Then click on ‘Execute’.
* You will be asked Are you sure you want to execute the current script?. Click Yes.
* You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
* Your PC will now be rebooted.

2. Remove DNSChanger trojan files, registry keys and any associated malware..

* Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
* Once downloaded, close all programs and Windows on your computer (including this one).
* Double-click on the icon named mbam-setup.exe to install the application.
* When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select “Perform Quick Scan”, then click Scan.
* MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* MBAM will now delete all of the files and registry keys and add them to the quarantine.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

3. Repair your Internet settings (Set option “Obtain DNS servers automatically”).
Skip the step, if computer works fine.

* Go to Start -> Control Panel ->Network Connections.
* Right click your default connection, usually Local Area Connection or Dial-up Connection, if you are using Dial-up, and left click on Properties.
* Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice.
* Go to Start -> Run, enter CMD and click OK.
* At the Dos Prompt Screen, type in cd and then press ENTER.
* Now type in ipconfig /flushdns and then press ENTER. (notice the space after ipconfig)
* Close the command prompt window.
* Reboot your PC and try to open any website.

4. Clear DNSChanger infected machines using your router and reset router/modem settings.
Use the step if after reboot the trojan DNSChanger still there when you scan with Malwarebytes Anti-malware again.

* If you have a home network or other DNSChanger infected machines using the your router, you should clear them with the above steps.
* Now your should reset your router (trojan DNSChanger can change the router’s DNS settings). Click reset button on back side of the router.
* You may also need to consult with your Internet service provider to find out which DNS servers you should be using.

View my blog to learn more about the Trojan Zlob Virus and how to remove it


a-squared HiJackFree - Trojan Zlob Removal Tool

a-squared HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms. This is one of the best trojan remover tools that I know of.More specifically this works for zlob removal.

  • Manage all types of Autoruns on your system
  • Control all Explorer and Browser plugins (BHOs, Toolbars, etc.)
  • Manage all running Processes and their associated modules
  • Control all Services, even those Windows doesn't display
  • View open ports and the associated listening processes
  • View all DNS entries in the hosts file
  • Manage installed Layered Service Providers (LSPs)
  • Analyze the system configuration with using our live online analysis
  • Download a-squared HiJackFree now! It's free for private use!
    It comes with language packs for English, German, French, Spanish, Italian, Japanese and many more.
  • Visit my website for more info about the Trojan Zlob
(For further details, please refer:


Using SmitFraudFix to remove Trojan Zlob

Instructions for SmitFraudFix (by S!Ri)

SmitFraudFix only works with Windows XP, 2000, and Windows Vista

SmitFraudFix removes Desktop Hijack malware: AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, MalwareWiped, MalwareWipePro, MalwareWiper, PestCapture, PestTrap, PSGuard,, Registry Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareQuake, SpywareKnight, SpywareSheriff, SpywareStrike,, TitanShield Antispyware, Trust Cleaner,, Virtual Maid, VirusBlast, VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec, eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec, Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec, trojan Zlob (what is the zlob trojan?) and many more...

Use this URL to download the latest version (the file contains both English and French versions):

Mirrors: Alternate official download locations for Smitfraudfix.exe


* Search:
o Double-click smitfraudfix.exe
o Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
cmd trojan zlob removal


* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click smitfraudfix.exe
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
cmd trojan zlob
* Optional:
o To restore Trusted and Restricted site zone, select 3 and hit Enter.
o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

View my blog to learn more ways to remove the trojan zlob from your computer


Spybot Search and Destroy

This is a free way to remove the zlob trojan (what is the zlob trojan?)

Spybot - Search & Destroy has been in the antispyware game for a long time offering features we've come to expect in the best apps in the category, but bugs and false positives make it difficult to recommend.

The program checks your system against a comprehensive database of adware and other system invaders. It also features several interface improvements, including multiple skins for dressing up its appearance. Scan results now appear arranged by groups in a tree, and a sliding panel lets you instantly view information about a selected item to help you decide whether to kill it or not. The Immunize feature blocks a plethora of uninvited Web-borne flotsam before it reaches your computer. Other useful tools, including Secure Shredder, complement the program's basic functionality for completely destroying files. Hosts File blocks adware servers from your computer, and System Startup lets you review which apps load when you start your computer.

Unfortunately, the program has the tendency to lock up at times and even during the install process for this review, we encountered several errors. The ambitious feature list and functionality make Spybot a good choice for those in search of a second antispyware program, and recent updates have made it run faster. It still makes errors in flagging spyware that isn't, and overall there are others in the category that do a better job.

Publisher's description
From Patrick M. Kolla :

Spybot - Search & Destroy can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer. Modules chosen for removal can be sent directly to the included file shredder, ensuring complete elimination from your system. For advanced users, it allows you to fix Registry inconsistencies related to adware and to malicious program installations. The handy online-update feature ensures that Spybot always has the most current and complete listings of adware, dialers, and other uninvited system residents.

for zlob removal information visit my website


Best Trojan Removers in 2008

Whenever I'm asked to name a couple of best programs to remove trojan virus for free (such as the Zlob Trojan), I find myself speechless. It's just impossible to find a best program in the world of security software. Not because there are tons of them (and new products appear montly), but because what is best and what is worst is a subject to debates. I prefer to put it mildly: best trojan remover is only an addition to safe browsing habits and conscientious surfing.

In case with free trojan removers, the situation is changing all the time. About 3 years ago IT pros would name TDS-3 among best of breed programs created to remove trojan viruses. But the program ceased to exist, its support was discontinued. Other products appeared on the scene as promising trojan fighters, but their developers either lost enthusiasm or quit the programming, leaving the software 'half-cooked '.

So in brief, what was well-performing yesterday, might have been left in dust by new products. Some of the old players managed to keep up the pace, too. Therefore my short list of software effective in removing trojan viruses includes only programs that scored awards from trusted reviewers and security labs. I personally tested each program to ensure none of them contains serious bugs.

It is worth noting that popular antivirus software and Internet Security Suites from world-renowned manufacturers show relatively weak trojan virus detection capability. Even identified trojans happen to be too tough for an antivirus to erase them from the system. There are practically no exceptions to this sad fact; no matter what antivirus industry leaders promise to potential customers, their products perform as trojan cleaners with imperfect algorithms.

Spybot Search and Destroy: Perhaps the best free client software ever. Does not give active protection so you canstill get re-infected. Easy to use program and sure to hep out.

Malwarebytes free version: Our second choice for it being a free client. Good stuff. Does not give active protection so you canstill get re-infected

Smitfraudfix.exe: Free program that helps to remove Smitfraud and fake security clients. Very easy to use and does help with

A-Squared HiJackFree: is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms. More specifically this works for zlob removal. =]

Why was Zlob Created?

Single Reason Behind Creating Zlob


I know many unlucky victims of Zlob believe this trojan downloader was created with the single purpose to mess up their computers. But any blue screen of death (BSOD) or performance deterioration are nothing but side effects of Zlob activity. It's main and evidently only purpose is to download executable code of fake security programs.

And those are numerous. I counted over a hundred of all sorts of system keepers, antispyware guards and antivirus protectors advertized by Zlob.

To name a few:

* Spy Heal
* System Doctor
* AntiSpy Zone
* VirusProtectPro
* AntiVirGear
* VirusRanger
* AntiSpyCheck
* Virus Blast
* AntiviralGolden
* Virus Rescue
* Pest Trap
* SpyAxe
* SpyFalcon
* SpywareStrike
* many, many, many more...

It's a pity that after already 3 full years of Zlob existence on the Web its victims still believe those shiny ads and continue to buy so-called licenses in a desperate hope to stop the ads loop. Unfortunately, that's a waste of non-refundable money. Judging by the activity of Zlob trojan programmers and promoters, considering the number of fake aplications created and absolutely insane number of domains involved in promoting Zlob-based programs, I conclude that Zlob is a very profitable investment for a team of cyber criminals.

Which means they will not stop pushing Zlob onto Windows computers unless imprisoned. Consequently, all Internet users should be concerned about this danger and take proper steps to ensure their PC's are protected against Zlob intrusion. Or, if already infected, remove zlob in as little time as possible.

Note: I will not give a single example of a domain promoting Zlob because I'm not going to send them victims. Those domains are VERY dangerous for visitors. As of now, I've counted well more than a hundred websited directly advertising Zlob trojan downloader. New websites appear every month.


What is the Zlob Trojan?

What is the zlob Trojan?
Zlob, commonly refered to as the zlob trojan, attacks your computer systems Active X. Zlob trojan is nothing but a trojan horse which masquerades as a needed video codec in the form of Active X. Once this zlob trojan gets installed, it shows some adds of pop ups. These adds will look exactly like the warning popups of the windows operating system. They will inform you that your system has been infected with spyware, and prompt you to download some anti-spyware. Weather you exit it or click it, the popup window will try to automatically download some pirated programs of anti-spyware such as Ms Antivirus, Virus heat exc. The zlob trojan will be well hidden in this stuff that is automatically downloaded.

The Discovery of the Zlob Trojan
The Zlob trojan was discovered for the first time on the
23rd of April in 2005. It was not well known until June of 2006 because that is when it was first updated.

A firm of computer security called "F secure" have discovered about 32 different types of Zlob Trojan. Some of these types are: rogue DNS, DNS changer etc. This
process is still going on for the discovery of more of them. They attempt to hack the routers to change the settings of DNS. (This is usually easy because most people don't change the default passwords on there routers) Hence it results in potential rerouting of some illegal websites. These viruses also have links in downloading the instalments of anti virus exe.

The trojan has also been linked to downloading atnvrsinstall.exe which uses the Windows Security shield icon to look as if it is an Anti Virus installation file from Microsoft. Having this file initiated can wreak havoc on computers and networks. One symptom is random computer shutdowns or reboots with random comments. This is caused by the programs using Scheduled Tasks to run a file called "zlberfker.exe".

What are the Symptoms of Zlob?
As is the case with many other spyware infections, the symptoms can vary and not every Zlob trojan infection will show the same set of symptoms. That being said, here is a list of some of the more common things you will see: an alert informing you of a critical infection, poor scan reporting, false positives in your scanning, deceptive advertising within applications, extremely slow computer performance, the settings of your computer changed, your computer automatically shutting down and restarting, and changes to your desktop (such as the background or icons moved). Click here if you need free zlob trojan removal software.