Unsolved
This post is more than 5 years old
21 Posts
0
14603
ZLOB.F TROJAN (mysystemupdate.com) won't delete...
I have followed all the removal instructions from Symantec, I managed to delete the value "nvctrl.exe" from the regedit and no more annoying pop ups, but every time I open the IE, my home page still changes to
www.mysystemupdate.com and haven't been able to delete it.
I ran the antivirus again and didn't find anything.
Please help.
Thank you.
vnlgomez5
5 Posts
0
December 17th, 2005 22:00
I recently had a similar problem with my Inspiron laptop. I would run the system, shut down and it would not change. This is the process I used to get rid of my problems. May seem a little redundant but give it a shot.
Run LiveUpdate; Do a full scan with Norton Antivirus; go through the process of deleting the files; do another LivedUpdate then another full scan WITHOUT SHUTTING DOWN. I then ran a free program called spybot and it removed the settings that the virus had affected.
Good luck.
secured2k
246 Posts
0
December 19th, 2005 14:00
I've created a removal tool for this problem. Check it out here:
Removal Tool - Puper/Alemod/SmitFraud/Sinnaka/SpyAxe Ads
vnlgomez5
5 Posts
0
December 26th, 2005 06:00
Have you tried running Spybot. It is a free adware removal program you can find at Cnet.com
Good Luck!
RICARIZA
21 Posts
0
December 26th, 2005 13:00
This is amazing.. your removal tool was just one click and solved my problem immediately..
Thank you very much!
secured2k
246 Posts
0
December 26th, 2005 17:00
RICARIZA
21 Posts
0
June 2nd, 2006 13:00
This is what I got from SmitFraudFix v2.53
Scan done at 10:27:18.36, Fri 06/02/2006
Run from C:\Documents and Settings\MAYO\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\country.exe FOUND !
C:\WINDOWS\kl.exe FOUND !
C:\WINDOWS\ms1.exe FOUND !
C:\WINDOWS\sdkqq.exe FOUND !
C:\WINDOWS\tool1.exe FOUND !
C:\WINDOWS\tool2.exe FOUND !
C:\WINDOWS\tool3.exe FOUND !
C:\WINDOWS\tool4.exe FOUND !
C:\WINDOWS\tool5.exe FOUND !
C:\WINDOWS\toolbar.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\dfrgsrv.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\paytime.exe FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\sysjv32.exe FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAYO\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAYO\FAVORI~1
C:\DOCUME~1\MAYO\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Security Toolbar\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
RICARIZA
21 Posts
0
June 2nd, 2006 13:00
hello,
The trojan came back, but now it seems to have a variation, becase it appears as mysystemupTOdate.com and the tool removal doesnt work anymore. Any ideas?
Please help..
zbestwun2001
8.8K Posts
0
June 8th, 2006 21:00
Go here and download Hijackthis
http://dsvs.org/5/HijackThis.exe
Save it in a convenient permanent folder such as C:\\HJT\\, double click HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents AT THE LINK BELOW
http://forums.us.dell.com/supportforums/board?board.id=si_hijack
and include a description of the problem along with your log
Please do not be tempted to "fix" on your own. Hijackthis is a very powerful tool, if used incorrectly can cause system problems
Steve