RECOMMENDED

FREE Spyware Scan with SpyHunter
SpyHunter's spyware scanner last
updated on 06/30/2009.
  

Free Security Tool

FREE Conficker Removal Tool
Click here for more info on Conficker.
  

Top Parasite Threats

  

Recent Parasite Threats

  

Resources and Tools

  

Recent Articles

  

Subscribe To

  • AddThis Social Bookmark Button
  • AddThis Feed Button
  
HomeHome Spyware DatabaseSpyware Database Zlob Removal Guide"Zlob Removal Guide"

Zlob Removal Guide

line

Zlob Description

Spyware Image
It is a backdoor designed to give the attacker remote control over a compromised PC. It changes essential computer settings and modifies certain files. Zlob starts automatically on every Windows startup and hides its activities by injecting code into explorere.exe. It waits for remote connections and allows the attacker to download and install additional software, execute certain commands and manage the entire computer. Zlob can be very dangerous. Use antivirus and malware removal tools in order to get rid of this spyware.

Zlob Trojan installs many popular rogue anti-spyware programs, among them are IEDefender, AntiVirGear, SpyShredder, WinAntiVirus Pro 2007, Ultimate Cleaner and SecurePCCleaner.

Aliases: Zlob-X.a, Zlob-XA. Troj/Zlob-XA.

It may popup with message saying that your computer is infected with the virus/trojan below:
Spyware.CyberLog-X
W32.Myzor.FK@yf
Trojan-Spy.Win32.mx
Disclaimer:

  1. SpywareRemove.com IS NOT associated, affiliated, consorted, or connected with the publishers Zlob.
  2. We object, reject, and disapprove all the malicious and objectionable business practices of the publishers of Zlob.
  3. Our goal and objective is to completely eliminate the promotion of Zlob and other malware publishers off the Internet. In addition, we seek the complete deletion of all the malware programs, including all their polymorphic variants, which are developed and distributed all over the Internet, in the same manner as the publishers of Zlob.
The readers of this posting should not confuse, mistake, or associate this article to be a promotion or advertisement of Zlob, since the aim of this posting is to educate users on how to detect and eliminate Zlob off their computer. Any information provided is "as is" for reference and educational purposes only.

How can I Detect Zlob?

The most common spyware removal tactic is to uninstall Zlob by using the "Add/Remove Programs" utility. However, as there may still be hidden Zlob files, it's possible that Zlob will reappear after reboot. Follow the Zlob detection and removal methods below.

Zlob Automatic Detection (Recommended)

Is your PC infected with Zlob? To safely & quickly detect Zlob, we highly recommend you...

Download SpyHunter's Malware Scanner Download SpyHunter's Malware Scanner.

SpyHunter's free version is only for malware detection. If SpyHunter's malware scanner detects Zlob on your PC, you will need to purchase SpyHunter's malware removal tool to remove Zlob and other malware threats.

Zlob Manual Removal Instructions

Below is a list of Zlob manual removal instructions and Zlob components listed to help you remove Zlob from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

Note: This manual removal process may be difficult and you run the risk of destroying your computer. We recommend that you use SpyHunter's malware detection tool to check for Zlob.

Step 1 : Use Windows File Search Tool to Find Zlob Path

  1. Go to Start > Search > All Files or Folders.
  2. In the "All or part of the the file name" section, type in "Zlob" file name(s).
  3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
  4. When Windows finishes your search, hover over the "In Folder" of "Zlob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob in the following manual removal steps.

Step 2 : Use Windows Task Manager to Remove Zlob Processes

  1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  2. Click on the "Image Name" button to search for "Zlob" process by name.
  3. Select the "Zlob" process and click on the "End Process" button to kill it.
  4. Remove the "Zlob" processes files:

  5. Read more about How to kill Zlob Processes

Step 3 : Use Registry Editor to Remove Zlob Registry Values

  1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
  2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
  3. To delete "Zlob" value, right-click on it and select the "Delete" option.
  4. Locate and delete "Zlob" registry entries:

  5. Read more about How to Remove Zlob Registry Entries

Step 4 : Use Windows Command Prompt to Unregister Zlob DLL Files

  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
  2. Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob DLL file is located, use the "dir" command to display the directory's contents.
  3. To unregister "Zlob" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
  4. Search and unregister "Zlob" DLL files:

  5. Read more about How to Remove Zlob DLL Files

Step 5 : Detect and Delete Other Zlob Files

  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
  2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
  3. To change directory, type in "cd name_of_the_folder".
  4. Once you have the file you're looking for type in "del name_of_the_file".
  5. To delete a file in folder, type in "del name_of_the_file".
  6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
  7. Select the "Zlob" process and click on the "End Process" button to kill it.
  8. Remove the "Zlob" processes files:

  9. Read more about How to Delete Harmful Files

Zlob Recommendation

RECOMMENDED: To avoid the unnecessary risk of damaging your computer, we highly recommend you use a good malware remover to track Zlob and automatically remove Zlob as well as other spyware, adware, trojans, and virus threats in your PC.

If you believe you have Zlob installed on your computer, check for Zlob with SpyHunter's Malware Scanner.


SpyHunter's free version is only for malware detection. To remove Zlob and other malware threats, you will need to purchase SpyHunter's malware removal tool. Since new Zlob files are constantly being released, it is normally advised to run SpyHunter's scanner weekly to get the latest updates on Zlob and other malware threats.

To learn more on Zlob, see our Zlob resource section below.

Zlob Technical Details

The following Zlob components and their MD5s:

File NameFile SizeMD5
iesplugin.dll25600ebfa464c1338269f7e7730b7f4624df0
iesplugin.dll25600e46bbd7733738efa1a3516ef1d4b19d3


More Zlob Resources

What is Backdoors?


Zlob is a type of Backdoors.

Backdoors exploit vulnerabilities of installed software to obtain remote, unauthorized access to your computer. Usually, backdoor spyware is secretly installed by viruses, worms, or sometimes even malicious adware programs. As the name suggests, backdoor spyware works sneakily, making it very difficult for you to find and disable without using anti-spyware technology.

Think you have Zlob? Run SpyHunter's malware scan and automatically detect Zlob on your PC.

Back to Top

Zlob Prevention Rules


Protect your computer from Zlob and other spyware by following these four easy prevention rules.

Rule #1: Keep your Windows Security up-to-date

Microsoft provides updates weekly and can always be downloaded manually from the Microsoft website.
Tip: Regularly visit Windows Update and set your computer to receive security & critical updates automatically.

To get Microsoft Update, go to IE > Tools > Windows Update > Product Updates, and select "ALL High-Priority Security Updates" from the list.

Then open IE and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level."

Rule #2: Download and install a reliable anti-spyware software

A good anti-spyware software that recognizes current Zlob spyware as well as other forms of spyware can can be the answer to all your security issues. Listed below is an anti-spyware program that can effectively reverse the damage of your computer and detect Zlob automatically.

Download SpyHunter's Malware Scanner Download SpyHunter's Malware Scanner

SpyHunter's free version is only for malware detection. To remove Zlob and other malware threats, you will need to purchase SpyHunter's malware removal tool.

Rule #3: Install and keep your firewall turned on

A firewall is essential for a complete protection of your PC. Make sure that your firewall is always turned on. A firewall can prevent unwanted software like Zlob from infecting your computer.

Rule #4: Keep your anti-spyware definitions up-to-date

Since new Zlob files can be created every day, it is important to keep your anti-spyware program up-to-date. Your anti-spyware scanner should have an update feature where with a click of a button you can get new spyware definitions instantly. Often, an anti-spyware software will open an update window reminding you that there are new updates available.

Back to Top

Zlob Screenshots


View Zlob screenshots below and see for yourself how Zlob looks like. Learn how to recognize Zlob when it infects your machine.

(click on Zlob image to enlarge)

Spyware Image  

Back to Top

Publication Date

Tue Mar 28 2006 12:19:23 EDT

User Comments


Username:  Rebecca    Date Posted:  2007-07-27 18:32:55   
Comment:

Thanks for posting this, I've found 3 Zlob's already.

Username:  Ellen Botelho    Date Posted:  2007-08-31 15:01:31   
Comment:
You repeated entries for the registry and command prompt, which made copying this information tedious. Also, it is customary to write registry locations using the back slash\ between folders. You didn't do this, which makes following to the proper location difficult.

Username:  tiziano    Date Posted:  2007-11-10 02:33:07   
Comment:

Thank you

Username:  Sebi    Date Posted:  2007-11-21 10:14:15   
Comment:

I AM USING AVAST 4.7 LATEST VERSION and detects a "sample" of win32:Zlob [Drp] alware everytime i connect to the internet i've tried to remove it but it is really a great nuisance could anybody help me?

Username:  Scott    Date Posted:  2007-12-18 11:25:41   
Comment:

All removal comments assume you can gain access to the windows command prompt. My sons computer immediately boots to the html page to renew or update the false blocker. I cannot gain access to the operating system. Cannot start Task Manager, cannot get to desktop at all.... What is the best course of action? I was thinking of removing the drive, slaving it to another and proceede with removal instructions then, however I am cautious as I do not wish to propogate the zlob on my drive. Thank you in advance, any help would be greatly appreciated. Scott

Username:  bbrecken    Date Posted:  2008-02-08 11:36:15   
Comment:

Ok, I have Spyhunter and have run it, finding zlob files and removed them. But it keeps coming back! When I search for the files listed in the manual instructions, I find them. It seems the files listed as zlob files in the manual removal instructions do not match the files found and removed by Spyhunter. Any ideas?

Username:  ghostrider01    Date Posted:  2008-02-12 10:40:47   
Comment:

bbrecken,

Zlob files are regenerating themselves very often and it may be very hard to remove this parasite from your computer. If you're having full SpyHunter version, you should contact our support team and they will solve your problems.

Username:  Dave    Date Posted:  2008-02-29 18:35:46   
Comment:

regeneration is the least of my worries. I have 5 junk pc's. I guess i have a lethal version that has written to the HD in a supposed unwritable area "8 meg buffer" and as well written an unrecoverable write to the BIOS. Ive tried flashing and hard reset. Still there!!!! Any ideas would be great!! I am going to try the Spyhunter but i thnk it has its limitations.

Username:  Tom    Date Posted:  2008-03-05 15:43:35   
Comment:

I'm only getting zlob in the registry, and not finding any files. I'm following the instructions with removing, but it keeps coming back. Any thoughts?

Username:  velocity    Date Posted:  2008-04-03 19:09:27   
Comment:

i recently bought a computer from a friend and took the harddrive out of it and put it into mine as a second drive as it was much larger, it was eat up with virus, worms, spyware, etc. i have bitdefender and removed everything except for "Trojan.Downloader.Zlob.ABMT" which is in "D:\System Volume Information\_restore{980765FE-9B1B-4382-B1B3-DA0C645CD6A0}\RP245\A0160591.exe=](NSIS o)=]bzip2_solid_nsis0000" ...bitdefender will not delete, move or do no action as it is in the system restore folder...i tried to turn off system restore, ran bitdefender again and again it found it. so i turned system restore back on, and still bitdefender finds it....is there no way to get rid of this? i know it is inactive because it is in the system restore folder but if i ever have to restore my computer i am afraid it will activate it. any hlep on this matter would be appriciated.

Username:  luke    Date Posted:  2008-04-04 15:48:31   
Comment:

if your having trouble with the zlob virus, why dont you back up your file's and do a full reinstall!! thanks luke

Username:  Ed    Date Posted:  2008-04-11 17:19:02   
Comment:

Is there any truth to turning off the system restore, booting up in safe mode, running the scan/removal, then rebooting in normal mode?

Username:  risky    Date Posted:  2008-04-21 20:34:52   
Comment:

keep up the good work man u really saved me and gave me tons of info i did not know millions of thanks to the guy that did all this :D

Username:  risky    Date Posted:  2008-04-21 20:36:54   
Comment:

rofl thanks for the info i found 16 zlobs ROFL

Username:  Micheal Hamberg    Date Posted:  2008-09-18 09:52:16   
Comment:

I advise before you all begin to scan using any antivirus... make sure to turn off System Restore (For Windows XP). Then erase all the files in Windows\Prefetch. If this can't be workin, the try go to safe mode and scan again.

Username:  adrian    Date Posted:  2008-10-08 18:12:00   
Comment:

thank you very much for making this info available , it helped me out greatly as this trojan (ZLob) was particularly nasty and difficult to remove , i no next to nothing about computers but in my attempts to remove the dll files mainly iebt.dll i found i oculdnt even from the command line it would always give me error messages i figured out a trick , i cpied and zipped the file , then it let me remove it right from the folder directory for some reason , i dont understand why this worked maybe i tricked it into thinking it had copied itself , also another trick i figured out when it mutates after you remove it , it will reapear other places it seems if you catch it erlay enough you can remove dll filed while the search command is still in progress , but you cant once it has completed , once again i do not understand why this worked , but while it was still searching i simply dragged it to the recycle bin , and this worked , hope this info helps someone.....

Username:  wje66    Date Posted:  2008-12-12 04:33:58   
Comment:

i keep having a security center alert pop-up on my screen every 5minutes or so. this ad says its trojan.zlob.g and is going to stop infro. theft.nothing has stop it from continuely popping back-up? any help ?thanks.

Username:  anselmo Banos    Date Posted:  2008-12-22 03:59:16   
Comment:

TANKS SO MUCH


Leave a Reply


*
To prove you're a person (not a spam script), type the security word shown in the picture.
Security Image

Back to Top

Remove Zlob