How can I remove Trojan.Zlob.G????HELP!?

I have been running Malwarebytes and its not working! It is detecting Trojans and I keep removing them but it's not working...can someone please help???

Update:

I want a program that I can download for free!

45 Answers

Relevance
  • 1 decade ago
    Favorite Answer

    Remove it with superantispyware:

    SuperantiSpyware: http://www.superantispyware.com/

    Trojan.Zlob.G is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page.

    • Login to reply the answers
  • Anonymous
    1 decade ago

    Alex, You're the best!Around! Nothing's gonna ever keep you down.

    Out of all the blogs and crazy suggestions, Alex has the easiest and most effective way of handling this particular trojan. Just follow exactly what he says. If you do have trouble finding the Google folder, HEATHER is correct about changing your folder settings to reveal hidden folders. That was the case for me.

    In the google folder I had some random variation of the two files but they did start with dpl....., and kjna.....However, i did find the t-folder which i completely erased.

    Just make sure your system restore is set "off" before conducting Alex's method.

    Side note: If Alex methods doesn't work for some odd reason, try to follow the approach I took which was a slight modification of Alex in order to get rid of the trojan. It worked perfectly for me.

    *close all unnecessary programs.

    1) Turn off system restore

    2) download smitfraudfix

    3) open your windows task manager

    -under the processes tab look for "ctf.exe" and click

    "end process"

    4) restart comp in "safe mode"

    5) erase all cookies from your web browser (procedure varies from

    internet browsers)

    6) search C:\Documents and Settings\{username}\Application

    Data\Google\

    *If you cant find your Google folder just follow Heather's suggestions.

    7)delete the two files that have dpl....., and kjna..... or some kind of variratoin of them. Also, delete the whole T-scan folder.

    8) Empty recycle bin right away without opening it (right click on recycle icon and click empty bin)

    9) Open smithfraudfix

    -click run

    -press any key then press "enter"

    -then enter the number "2" for "clean (safe mode recomended)

    -after waiting about 3-5 minutes

    - it will ask you “Do you want to clean the registry?”

    Select "Y" for yes.

    -After the whole process is done, Restart your computer.

    SHAZZZZAAAMMM!!! Your Computer STD should be gone.

    Hopefully this helps.

    THANKS ALEX AND HEATHER

    Source(s): -
    • Login to reply the answers
  • 1 decade ago

    Alex J had the correct solution. I haven't had internet in several months, and the day I got it installed (just this Sunday), the same Security thing came up. I simply clicked keep blocking and tried going on my way.

    However, my most commonly used programs (web browser, messengers, etc) would take multiple (10+) attempts to load and stay open, and even then would randomly disappear and I'll have to go through the whole fighting process again.

    I was ready to totally go Office Space on my PC before I stumbled across here, and attempted Alex's answer, because the last thing I wanted to do was download more stuff on top of whatever was already wrong with this thing.

    I went into Safe mode and deleted the files Alex said to (kjzna1562565.exe, spcffwl.dll, T-Scan [entire folder] in C:\Documents and Settings\{username}\Application Data\Google\), and now I'm having absolutely no trouble at all!

    • Login to reply the answers
  • 1 decade ago

    I found that the Apps file is a hidden file. If you go to your control panel, click on Folder Options, click on view then highlight the button that says show hidden files and folders, the App folder should show up.

    I'm having this same problem, but I still can't resolve it. I just bought my new laptop Sunday, hooked everything up along with Norton. I was surfing last night on trusted websites I always go to and I have this same Trojan problem. I'm running Windows Vista, and even when I try to do the Apps/Google delete process that's been described I'm not finding those files. I've tried to delete what is in the "Google" file, but it's telling me I don't have permission! I'm the Admin, so what do I do now?

    HELP!

    • Login to reply the answers
  • How do you think about the answers? You can sign in to vote the answer.
  • 1 decade ago

    I too now have this awful trojan and could really do with some help as I know zilch about IT. When I try to follow Alex's directions (I have XP pro) I just end up at my normal personal folder full of word/excel docs. Nothing at all which states a google folder! Can anyone tell me what I'm doing wrong or at least put some info up that even a, ahem, 4 year old could understand please!?

    • Login to reply the answers
  • 1 decade ago

    To the person with Vista who is getting authorization error when trying to delete these two items. I had the same problem. Verify the names of the items you want to delete under the Google folder. Go to Task Manager and look at the processes running on your computer. If you look to the right of the running processes under the description tab, you should see one of those item names listed in description. End that process and you will be able ot delete the item in the Google folder. For the other item, end the Google Toolbar process in Task Manager and you will be able to delete the other item listed under the Google folder. Game over!

    • Login to reply the answers
  • Anonymous
    1 decade ago

    Trojan.Zlob.G

    I just removed this from two PC's this week. Trojan.Zlob.G will stop you from using MSCONFIG. IT runs a fake Services in Microsoft Services and almost all AV software will NOT detect it. The files are kjzna1562565.exe (or simular) AND spcffwl.dll, The DLL attaches its self to EVERY running process (bad).

    ****HijackThis did not find any runing processes. AVG, Antivir, Norton and McCaffe 2009 did not see this virus. MSCONFIG was detected by Trojan.Zlob.G and would not allow changes

    My process was this:

    Before you start

    *MSCONFIG may not work. virus will reboot your system

    *YOU MUST REBOOT and NOT open ANY browser or have any web applications running at startup (if possible)!!

    *Disconnect Internet. Use another PC and thumb drive to get tools if needed

    >>>>STEP ONE

    1. Turn off system restore

    Steps to turn off System Restore

    1. Click Start, right-click My Computer, and then click Properties.

    2. In the System Properties dialog box, click the System Restore tab.

    3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.

    4. Click OK.

    5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:

    You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

    Do you want to turn off System Restore?

    After a few moments, the System Properties dialog box closes.

    >>>>STEP TWO

    1. I shut down the fake service called Microsoft TZM in Services ( Start > Run > type in services.msc). Open the service and disable it.

    2. Go to C:\Documents and Settings\{username}\Application Data\Google\T-Scan: delete entire folder or try to delete the following malicious files: kjzna1562565.exe AND spcffwl.dll

    kjzna1562565.exe (or simular) AND spcffwl.dll

    ** Once I could not delete these and had to use unlocker.exe tool to unlock the system for shut down and remove spcffwl.dll

    http://ccollomb.free.fr/unlocker/

    After spcffwl.dll is unlocked from other processes both kjzna1562565.exe (or simular) AND spcffwl.dll can be deleted.

    Other safe file unlock tools can be used but I used Unlocker.exe because it was handy at the moment. http://ccollomb.free.fr/unlocker/

    After reboot both PC's were ok.

    Daniel

    • Login to reply the answers
  • 1 decade ago

    Simply go to "Accessories/System Tools/System Restore" Restore to a prior date. By the way, if you had not turned this feature on use your factory restore. I am assuming you're using either Windows Xp, or Windows Vista. When System Restore is turned on, a backup of the vitals is made each time a new program is installed, or you can manually tell the Operating Systems to set a restore point at a particular date.

    Source(s): Help menu Microsoft Vista or Windows Xp. RTM
    • Login to reply the answers
  • Anonymous
    1 decade ago

    Trojan.Zlob.G is an old modification of Zlob trojan (Symantec described this threat 3 years ago). But today russian scammers use "Trojan.Zlob.G" name to scare users and force to download and than purchase Perfect Defender 2009 rogue anti-spyware. Special trojan (usually Vundo) displays fake "Security center alert" stating that your PC is seriously infected with Trojan.Zlob.G infection.

    ------

    This solution works for the latest Trojan.Zlog.G popup problem where no internet connection works and repeated fake warnings to 'activate' Defender anti-virus program.

    No use running any ant-virus/soyware programs, they don't seem to detect this latest Trojan. Only manual removal works perfect:

    Start in safe mode (press F8 at startup)

    Delete following:

    kjzna1562565.exe

    spcffwl.dll

    T-Scan (entire folder)

    their location would be C:\Documents and Settings\{username}\Application Data\Google\

    It looks so simple in hindsight, entire day wasted in efforts.

    ------

    READ comments here http://removal-tool.blogspot.com/2008/12/remove-tr...

    for manual removal

    • Login to reply the answers
  • Bugz
    Lv 6
    1 decade ago

    Trojan.Zlob.G is another invention of Perfect Defender 2009 developers, that helps them to scare computer users and trick into installing and purchasing licensed version of Perfect Defender 2009. In fact Trojan.Zlob.G is imaginary application, main purpose of which is to mislead computer users. Usually Zlob or Vundo Trojan displays security alerts stating that your computer is seriously infected with Trojan.Zlob.G and your data and privacy are in danger. If you click on that alert you will be redirected to Perfect Defender 2009 download page.

    Download SUPERAntiSpyware from http://www.superantispyware.com/ or AdAware from http://www.lavasoft.com/products/ad_aware_free.php both are best at removing these Trojans...

    How to remove Trojan.Zlob.G manually:

    It's possible to remove Trojan.Zlob.G manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.

    The files to be deleted:

    * pd.dll

    * pdfndr.exe

    * pdmonitor.exe

    * PDInstall2009[1].exe

    * %WINDOWS%\system32\drivers\svchost.exe

    * %UserProfile%\Application Data\Google\ijdkq13324484.exe

    Remove registry entries:

    * HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Perfect Defender 2009

    Please be careful because manual removal of Trojan.Zlob.G may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So I strongly recommend you to use automatic removal tool.

    Okay Buddy? :o)

    • Login to reply the answers
  • 1 decade ago

    I tried a few well known malware removers too but they didn't find anything. Then I stumbled upon Alex J's comment here, and it worked perfectly! The exe and dll file in the Google folder were named a bit differently, and you really need to boot into safe mode first since they're "normally" in use and can't be deleted otherwise.

    • Login to reply the answers
Still have questions? Get your answers by asking now.