ZLOB.F TROJAN (mysystemupdate.com) won't delete...

I recently had a similar problem with my Inspiron laptop. I would run the system, shut down and it would not change. This is the process I used to get rid of my problems. May seem a little redundant but give it a shot.

Run LiveUpdate; Do a full scan with Norton Antivirus; go through the process of deleting the files; do another LivedUpdate then another full scan WITHOUT SHUTTING DOWN. I then ran a free program called spybot and it removed the settings that the virus had affected.

Good luck.

I've created a removal tool for this problem. Check it out here:

Removal Tool - Puper/Alemod/SmitFraud/Sinnaka/SpyAxe Ads

 

Have you tried running Spybot. It is a free adware removal program you can find at Cnet.com

Good Luck!

This is amazing.. your removal tool was just one click and solved my problem immediately..

Thank you very much!

This is what I got from SmitFraudFix v2.53

Scan done at 10:27:18.36, Fri 06/02/2006
Run from C:\Documents and Settings\MAYO\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\country.exe FOUND !
C:\WINDOWS\kl.exe FOUND !
C:\WINDOWS\ms1.exe FOUND !
C:\WINDOWS\sdkqq.exe FOUND !
C:\WINDOWS\tool1.exe FOUND !
C:\WINDOWS\tool2.exe FOUND !
C:\WINDOWS\tool3.exe FOUND !
C:\WINDOWS\tool4.exe FOUND !
C:\WINDOWS\tool5.exe FOUND !
C:\WINDOWS\toolbar.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\dfrgsrv.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\paytime.exe FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\sysjv32.exe FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAYO\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAYO\FAVORI~1

C:\DOCUME~1\MAYO\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

 

hello,
The trojan came back, but now it seems to have a variation, becase it appears as mysystemupTOdate.com and the tool removal doesnt work anymore. Any ideas?

Please help..

layout courtesy of:Bamajim....


Go here and download Hijackthis

http://dsvs.org/5/HijackThis.exe


Save it in a convenient permanent folder such as C:\\HJT\\, double click HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents AT THE LINK BELOW



http://forums.us.dell.com/supportforums/board?board.id=si_hijack

and include a description of the problem along with your log


Please do not be tempted to "fix" on your own. Hijackthis is a very powerful tool, if used incorrectly can cause system problems


Steve