SOS-Infected With Ad/Spyware Trojan (maybe zlob?)! Best Remover?

[jayfan]

Hello Raymond (and others)!

I really know nothing about computers, so please bear with me! The other day, I was working on my laptop (XP) and downloaded some type of a virus/malware while doing a yahoo search. I knew immediately that something bad was happening, so I payed attention to everything that followed.

First, ads for sites like "privacyconductor" and "securepccleaner" appeared. They took over the entire screen and clicking on the "X" in the upper righthand corner was to no avail.

Then, upon re-booting the computer the next morning, a symbol with "!" on a yellow triangle appeared in the bottom right toolbar (where the volume and battery indicator are). Upon pushing that (I know, I shouldn't have, but it looked just like the microsoft warning symbol), a message appeared saying that viral porn was on the computer- with a picture woman. That then transformed into a full-page ad for "trustedantivirus" with a warning that the antivirus must be run.... This could not be deleted, either.

I then did the following:

1. checked "add/remove programs," and there was nothing suspicious there.

2. did an "all files/folders" C drive search for any file created around the time I downloaded the virus- about 4 pm on 1/29, and when I turned on the computer the next morning- 10:54 am on 1/30. I found the following files, created at the following times:

a. Text Doc cookies-
user@2840 [2] 3:58.16
user@privacyconductor [1] 3:58.17
user@shop.privacy conductor[1] 3:58.57
user@adserver [1] 4:00
user@pcprivacytool [1] 4:01.43
user@yourprivacyguard [1] 4:01.43
user@2840 [3] 4:01.43
user@shop.securepccleaner [2] 4:02.07
user@securepccleaner [2] 4:02.47
user@gomyhit [1] 10:54.21 am, 1/30
user@trustedantivirus [2] 10:54.22 am, 1/30
user@2840 [4] 10:54 am, 1/30

b. System 32-
sjsfugff C:\WINDOWS\system32\drivers 20 kb DAT File 3:58.15
machine guide C:\WINDOWS\system32\Restore 1 kb Text doc. 4:01.24
Restore C:\WINDOWS\system32 File Folder 4:01.36

c. Other-
sch20ddshlp C:\docs&settings\user\local settings\temp 52 kb GIF IMAGE 3:58.13
ctpdfefl C:\docs&settings\user\local settings\temp 1 kb config. settings 3:58.15
lysigyur C:\docs&settings\user\local settings\temp 5 kb DAT File 3:58.15
RUNDLL32.EXE 1BC55A4F.pf C:\WINDOWS\Prefetch 35 kb PF File 4:02.28

Since this happened, I have downloaded the following, at the advice of others:

Ad-Aware- latest free version
AVR anti-virus- latest free version
AVR spyware- free version
SpyHunter 3- free version

Neither the AVR programs nor the Ad-Aware program found anything, including the Text cookies. Spyhunter did find the Text cookies, but none of the other files. I deleted the Text cookies manually, but i know that doesn't fix anything.

Have I provided enough info for you to be able to determine what trojan/virus I have? PLEASE advise as to which spyware removal program I should install to get rid of this! Free or pay, doesn't matter. Whatever works well is what I want! I am unfortunately very busy with work and don't have a lot of time to do manual removals (although I've spent quite a bit of time writing this! Sorry!)

Thank you very much for your help!

[Ceyfer √]

If u have net connection ...why not try Scan ur pc with decent online scanner !

here is the latest article "Comprehensive List and Review of FREE Online AntiVirus Scanners" by sir Raymond...

http://www.raymond.cc/blog/archives/2008/01/29/comprehensive-list-and-review-of-free-online-antivirus-scanners/

Goodluck !

[gravitygun]

Hey jayfan, scan with SpyBot Search and Destroy with latest includes and updates. This will remove some registry entries and dll files and every thing must become normal. I did the same with my friends PC and was succesfull.

P.S.: If you desire to share your laptop with your buddies you to keep it clean, never search for the same in Yahoo, Google and click upon some links, coz i know what my friends searched for. Try using some trusted sites or torrent.

[yao90]

@gravitygun torrents may also contain trojans and viruses, :D

[nivek_hcerg]

If you want you can also use portable software like the ones showin at portableapps.com. They offer various softwares that don't need to be installed on a hard drive but a usb like ClamWin Antivirus - Portable. If you download it and its databases you can scan the memory.

[jayfan]

Ceyfer, thanks much for the tip. I read through the list of scanners. Is there a particular one that you'd recommend for my situation? Is the list ranked in a particular order (if you know)? Thanks again.

[Ceyfer √]

Trend Micro Housecall and Bitdefender are topnotch!

For spywares try Ewido Micro Scanner and a2 malware scanner

< U could try all of them if u want ? from 1-5 > Able to Scan and Remove infections

Read the reviews : Some of the scanners are for On Demand detection only!

[jayfan]

Update- New Problem!

My AVG 7.5 now gives the following warning when opening a program:

Security Threat!-

While opening file: C:\system32\blackbo.dll

Trojan Horse Delf.DRX

After selecting the "clean" option, AVG says it is done, and that I need to restart the computer. Once the computer restarts, the same warning comes back as soon as open a program!

Help?

[Ceyfer √]

turn off ur system restore ! before full scan ... AVG free? however it has a bad disinfection rating...

Also try to Install AVG Antispyware 7.5 ( trial version will be come free version after 30days of use...) Use it as second scanner...

Did u try to scan ur pc with online scanner??

[Raymond]

jayfan, download HijackThis from the link below.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Run it, accept the agreement, click Do a system scan and save a logfile. Paste the logfile contents here.