[nfbcs] Trojan aftermath: help needed.

Alan Wheeler awheeler at neb.rr.com
Fri Dec 12 15:19:14 UTC 2008 

Steve,
Okay, First of all, let's run down the programs:
1. Internet Explorer: I open it, and no matter what page I go to, I get a page saying "Internet Explorer cannot display the page.  In a separate message I will copy and paste the entire page for you to review.
2. iTunes and Juice: The programs open, but cannot, apparently, connect to download.  I discovered that Juice wasn't in my Firewall exceptions.  I added it, and it scanned the feeds but found nothing.  This leads me to suspect there is still a connectivity issue.  As for iTunes?  It doesn't seem to be able to connect to the proper servers at all.  I even ran a diagnostic on it, and had no luck.

I have run Spybot search and destroy, AVG Free antivirus, and even system mechanic trying to rid myself of any and all remnants of this trojan.

The trojan itself is a variant of the Zlob trojan.  It disguises itself as any number of antivirus/anti-spyware programs that claim to want to scan your system and then offer you a program to purchase to clean your computer.  This is merely a ploy to get credit card information.

Plus, instead of scanning your computer, it is infecting it.

Some of the examples of the fake program names include, but are not limited to:
antivirus Protection 2009,
AVP 2009,
VRT 2009 (VRT standing for Virus Removal Tool), etc.

Hope this helps.



+-+-+-

   For God so loved the world, that he gave his one and only Son, that whoever believes in him should not perish, but
 have eternal life. John 3:16
~~~

Alan D Wheeler
awheeler at neb.rr.com
IM me at: outlaw-cowboy at live.com
Skype: redwheel1
Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at www.theqonline.net

----- Original Message ----- 
From: "Steve Jacobson" <steve.jacobson at visi.com>
To: "NFBnet NFBCS Mailing List" <nfbcs at nfbnet.org>
Sent: Friday, December 12, 2008 08:36
Subject: Re: [nfbcs] Trojan aftermath: help needed.


> Alan,
> 
> I don't have a lot of faith that we can help you via long distance, but what do you mean when you say that Internet Explorer, I Tunes, and Juice don't work.  Let's 
> take Internet Explorer first.  What exactly happens when you run it?  All three of these application use your network so there could be network or firewall difficulties.  
> How did you get the Trojan off?  I don't mean that we need complete instructions, only did someone help you or did you follow instructions from a web site or run a 
> removal tool of some kind?  Are you using the same machine for e-mail and is that working all right?  Out of curiosity, do you know how you got this thing, I'd like to 
> avoid it.  
> 
> On Fri, 12 Dec 2008 07:35:45 -0600, Gary Wunder wrote:
> 
>>Hi Alan. I thought part of buying Dell was ongoing customer support. Might 
>>this be something that comes with your warranty? If worse comes to worse, do 
>>you have your original installation disks or the image they place on a 
>>protected part of the disk?
> 
>>Gary
> 
> 
>>----- Original Message ----- 
>>From: "Alan Wheeler" <awheeler at neb.rr.com>
>>To: "NFBCS list" <nfbcs at nfbnet.org>
>>Sent: Thursday, December 11, 2008 5:30 PM
>>Subject: [nfbcs] Trojan aftermath: help needed.
> 
> 
>>> Okay, so I got this zlob trojan/AntiVirus Protection 2009 trojan and 
>>> cleaned it off my system, as best I could, anyway, but now I cannot get 
>>> Internet Explorer to work, nor can I get iTunes or Juice Podcatcher to 
>>> work, either.
>>>
>>> I am assuming there is something in the registry I need to fix, but have 
>>> no clue what it is.  Can anyone help me with this?  Please bear in mind 
>>> that I am a regedit virgin, so to speak, and need detailed step-by-step 
>>> instructions and maybe some hand-holding, aftedr a fashion.  Can anyone 
>>> help with this?
>>>
>>>
>>> I am operating a Dell Optiplex 740; AMD Athlon 64 X2 Dual core processor 
>>> 4200+
>>> 1.79 Ghz, 1.93 GB of ram.  My OS is Windows XP Home, service pack 3.
>>>
>>> If you need any further info, please write me at awheeler at neb.rr.com and 
>>> ask.
>>>
>>> +-+-+-
>>>
>>>   For God so loved the world, that he gave his one and only Son, that 
>>> whoever believes in him should not perish, but
>>> have eternal life. John 3:16
>>> ~~~
>>>
>>> Alan D Wheeler
>>> awheeler at neb.rr.com
>>> IM me at: outlaw-cowboy at live.com
>>> Skype: redwheel1
>>> Check me out on the Q, Fridays from 10 AM to 1 PM eastern time at 
>>> www.theqonline.net
>>> _______________________________________________
>>> nfbcs mailing list
>>> nfbcs at nfbnet.org
>>> http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>> To unsubscribe, change your list options or get your account info for 
>>> nfbcs:
>>> http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/gwunder%40earthlink.net
>>> 
> 
> 
>>_______________________________________________
>>nfbcs mailing list
>>nfbcs at nfbnet.org
>>http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
>>To unsubscribe, change your list options or get your account info for nfbcs:
>>http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/steve.jacobson%40visi.com
> 
> 
> 
> 
> 
> _______________________________________________
> nfbcs mailing list
> nfbcs at nfbnet.org
> http://www.nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
> To unsubscribe, change your list options or get your account info for nfbcs:
> http://www.nfbnet.org/mailman/options/nfbcs_nfbnet.org/awheeler%40neb.rr.com


--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.176 / Virus Database: 270.9.17/1844 - Release Date: 12/11/2008 8:58 PM

More information about the NFBCS mailing list