Blog
Zlob – Evil Predator From Outer Space!
I wish it were true. Then we could call the Force to get rid of it! Unfortunately Zlob is a Trojan horse disguised as an essential video codec file that you need if you want to watch certain video content on the web. With the ever-increasing popularity of video on the internet these days, many people find themselves saddled with this horror in spite of probably knowing better. Zlob was first discovered in late 2005, and has been around in various forms since then. There are dozens of variants of this trojan, and more are being found all the time.
Zlob trojans are malware devices, close kin to the Vundo trojans that gives the attacking person or computer the ability to take over your computer remotely. It changes your computers setting and modifies files, rerouting your internet traffic through their server. Zlob starts when you start up Windows, and disguises its nefarious intentions by injecting code into explorere.exe. It then alows you to make remote connections and then proceeds to download and install additional software and in short, hijack your entire computer. Needless to say, Zlob can be very vicious.
Once it’s in there, Zlob displays popups that look amazingly similar to real Microsoft Windows warning popups, telling you that your computer is riddled with spyware, viruses and more. Their aim is to get you to click on these popups, pay for and download their useless “fix”, all the while offloading more and more problems onto your computer, not to mention your wallet!
Ultimately you are left with a machine that shuts down seemingly randomly and reboots with confusing text messages. One of the newer variations of Zlob can set up residence on your Wi-Fi router by going through a list of common default username and password combos, (like “admin,admin”) which many of us don’t ever change. This is, by the way, one of the better ways to help keep your sensitive information safer, by regularly changing these. It’s tedious, but necessary.
So what exactly did you do to get into this mess and how can you avoid it in the future? The usual way revolves around your attempts to download a video onto your PC, and you are then confronted with a screen that informs you that a special codec is required to actually view the video. So, you install the required “codec”. They may even ask you, (in the name of fake legitimacy!) to read and accept an End User License Agreement (EULA), which of course you neither read nor understand. The viola, then download proceeds and your problems intensify.
With the ever-growing dependence on video as a means of communicating on the Web, and our laxity in making sure just what we’re putting into our systems makes this an easy task for Zlob Trojans and their counterparts to thrive and multiply. Used with an enticing message, often deployed through e-cards, instant messages and other mediums we want to trust, Zlobs prey on our thirst for more information, entertainment and lack of vigilance.
The best way to ensure that you don’t have to deal with Zlobs is to make sure you are using a quality anti-spyware and anti-malware program such as Spyzooka to keep the Zlobs away!
Oderoor
Oderoor is a backdoor Trojan. Of all the Trojans, backdoor Trojans are among the most dangerous. It gives an attacker complete access to your computer. Oderoor runs on startup. The attacker then gains access to the infected computer via LAN or the Internet. Personal information, passwords, and all files are compromised once the computer is infected.
If you suspect spyware on your computer, run the free scan below.
VirusShield Removal
For easy automatic removal of Virus Shield we recommend Downloading SpyZooka which is confirmed to remove this spyware threat.
VirusShield Manual Removal Directions
VirusShield
AKA Virus Shield
Category: Rogue Antispyware
To manually remove Virus Shield you must follow these directions.
1. Create a backup of your PC
2 Remove the following Virusshield files:
ChkDisk.dll
ReleaseXP.exe
VSHIELD.exe
15.mof
vd952342.bd
shld.ini
Virus Shield 2009.lnk
Instructions.ini
3. Remove these VirusShield Processes
VShield.exe
4. Delete the following VirusShield registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallVirus Shield 2009
HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOTVShield.DocHostUIHandler
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform “69690903″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Virus Shield 2009″
5. Remove VirusShield directories:
%UserProfile%Application DataVirus Shield 2009
c:Documents and SettingsAll UsersApplication Data7c69f0c
c:Documents and SettingsAll UsersApplication Data7c69f0cProtectSystem
c:Documents and SettingsAll UsersApplication DataProtectSystem
VirusShield should now be removed from your PC. If you are still experiencing spyware problems after following these directions it’s recommended you run an antispyware scan to detect and remove VirusShield.
SpyZooka Blasts PcsProtector
Summary: PcsProtector is the latest malware to be destroyed by SpyZooka.
PcsProtector can be acquired by a computer when video codecs are installed from suspicious websites to watch online movies. This rogue antispyware program uses Trojans to infiltrate PCs with disastrous results. SpyZooka’s new software removes PcsProtector and keeps computers safe during future usage.
Pcs Protector comes from the Winisoft family of rogue applications and from pop-ups to security warnings, this junkware will tell you anything to try to dupe you into buying their product. Doing so will only lead to a loss from your bank account and added frustration.
Once this Trojan has gained access, it will embed itself into computer registries and configure itself to run automatically each time Windows is logged into. A deluge of fake security alerts will appear along with system scans that provide false results about innocuous infections. The files that are displayed are the same ones that are randomly named and placed there by PcsProtector itself.
PcsProtector encourages users to purchase their software to protect themselves from viruses PcsProtector has installed. A sample of the warning message displayed may look like this:
Spyware Alert!
Your computer is infected with spyware. It could damage your
critical files or expose your private data on the Internet. Click
here to register your copy of PcsProtector and remove
spyware threats from your PC.
SpyZooka software was created by the malware removal experts at ZookaWare. SpyZooka has been recognized by numerous independent agencies for its excellence. While attempting to combat spyware and threats to a computer it’s important to use a software company that has a history and a reputation of reliability. SpyZooka offers a money back guarantee which ensures consumer protection.
“PCsProtector’s warnings can look extremely authentic and alarming but do not be fooled. You will not be protected from anything,” said Carl Haugen of ZookaWare. “We encourage consumers to do research on any computer protection program before spending their money. We stand behind our product and welcome inquiries.”
Contact: Carl D. Haugen III, CdO, HsD
Company: ZookaWare
www.zookaware.com
Phone: 561-459-5393
Email: press@bluepenguinsoftware.com
WinCleaner 2009
WinCleaner2009 is a corrupt tool made by creators of ASC-AntiSpyware and Win Antivirus Vista/XP malwares. It is a rogue security program that shows false warning messages. It also shows misleading scan Results, a rogue anti-malware software from the same developers as Win Antivirus Vista/XP and ASC-AntiSpyware.WinCleaner2009 is also known as WinCleaner2009 v.3.0.21. The name makes no difference in this case: Win Cleaner 2009 is a malicious program and it shouldn’t be trusted. This particular rogue uses false advertising, exaggerated results, and Trojans to promote itself. The engine behind WinCleaner2009 is the open source security engine called ClamWin.
WinCleaner2009 is designed like a security tool, but it is unable to scan a computer or to delete infections. The reports of nonexisting infections are made to scare people in such way that they perform to the paid version of the tool. Once the computer is infected, it will slow down the performance, will repet scans, warnings, and you iy will show web sites on your desktop.
Registry Elite
Registry Elite is a malicious and manipulative fake registry cleaner. It’s a malware and it’s a clone of two other infections named PC Doc Pro and Spy Doc Pro. It is also known as Registry Elite or Registry.Elite. This malware makes your pc to display bogus RegistryElite AV pop ups and fake scans, to determine you to buy it. It will ask you to upgrade or to purchase a license key for this fake protection program.
After the installation, your computer slows down dramatically and it is almost impossible to browse the internet, and things on your pc are changing by themselves.
AntivirusXP2010
AntivirusXP2010 is just one part of a huge group of rogue security program operations and spread over the Internet utilizing a Trojan and fake online virus scanner. For the beginning a Trojan is released and may infect your computer in some different ways. The internet browser will redirect you to a online virus scanner that will start immediatlely a fake scan of your pc. The solution will be a download of AntivirusXP2010 that will remove the threats detected during the scan.
Antivirus XP 2010 is a variation of XP Internet Security 2010 and once it comes into your system it will start scanning constantly your pc. It will detect files created in advance and recognized as malicious. This virus infects usually computers that are running on Windows XP. Using a Trojan horse, AntivirusXP2010 is usually makes you think that is a real program, creating fake virus scans. In most of the cases the program is installed with the user accept, but it is fake and doesn’t work. It will modify system settings, so you can’t open webpages and open programs.
Antivirus XP2010 may display some symptoms like if your computer is operating slower than it normally operates, receiving annoying pop ups, some of the things changing on your machine, that you didn’t change yourself, the computer generating scary system security notifications and ask to to buy a full version in order to rectify these problems or is possible to your internet connection acting differently to usual.
Win32.Kobyla Trojan
Finding Win32.Kobyla on your PC should fill you with some dread. This is a dangerous program known as a backdoor Trojan. Unlike viruses that spread quickly through a network, backdoor Trojans use a different means of distribution. Using Peer-to-Peer software, visiting unsafe websites and downloading freeware and shareware programs are tried and true ways to becoming infected with these malicious pests. Because they are designed to run silently and avoid arousing suspicion, they are quite difficult to detect. They will enter and configure themselves in such a way that they will run on each Windows startup without your knowledge.
Win32.Knokk Trojan
Win32.Knokk is known to be a dangerous backdoor Trojan program. It is comprised of 65033 bytes, is written in C + + and is packed using UPX. Once it has infiltrated, it will copy itself into this directory: % System% \ explore.exe. The program will wait for directions from its author. The author who is actually a hacker will send the program instructions on e-mail addresses of sites that he wants him to connect to.
Win32.Knockex Trojan
Backdoor Trojan pest, Win32.Knockex, will definitely “knock” your system for a loop. Designed to enter a PC without the knowledge of the user, this Trojan will open up an additional port to wait for further word from its hacker. Upon receiving its instructions, it will continue its malicious work. Opening files and running applications is just the beginning. You are at serious risk of having your identity stolen with this program. The worst of it is having total control go over to the hacker, which is the ultimate goal of this program.
Win32.Knightseven Trojan
Win32.Knightseven is a backdoor spyware program. It functions in the same way that many legitimate remote administration programs do. The difference is these programs use the access to your PC as a way to gather data or use your machine to its dirty work. This pest will leave the following fingerprint f39f27410b37e9d1.
However, understand these backdoor programs are typically very difficult to detect. Win32.Knightseven will hide its processes for the sole purpose of making itself unseen. Some signs of infection include a slow computer, strange files and programs cropping up, missing files and e-mails being sent without your knowledge or consent.
Win32.Shark Trojan
Win32.Shark is a backdoor Trojan horse program. This nasty program downloads other malware onto your already infected system. Win32.Shark will spread itself through spam e-mails, pornographic websites and file-sharing programs. Once it has entered, it will inject malicious files into your registry that will activate annoying pop-up advertisements. In addition to turning off your security software, this pest gives control of your computer over to its hacker. Now, nothing one your system is off limits!
