Zlob is a large family of multiple-component trojans that use several threats in coordination to hijack your web browsers and install malicious programs. Zlob is particularly closely-associated with rogue security applications like Windows AV Component that create fake infection warnings and other inaccurate system alerts. The goal of any rogue security program is to steal your credit card information and money, and Zlob assists them in that endeavor through a variety of methods that attack your web browser and potentially your security programs. If you've found an unusual security program installed on your PC for no reason, you may be the victim of a Zlob attack. Despite the wide variety of Zlob in the wild, any good anti-virus program can remove Zlob from your computer along with any related threats.
Learning the Signs of a Possible Zlob Infection Attack
Zlob trojans can occur in an almost countless number of slight variations that are designed to attack your computer in slightly different ways or are affiliated with slightly different types of rogue security programs. Some common types of Zlob threats include Trojan:Win32/Zlob.gen!S, TrojanDownloader:Win32/Zlob.AMP, TrojanDownloader:Win32/Zlob.gen!AU, Trojan:Win32/Zlob.AU and TrojanDownloader:Win32/Zlob.gen!T. Zlob Trojan constantly updates and switches to whatever rogue anti-spyware program the rogue creator wants to distribute at any given time. Zlob may pop up a message saying that your computer is infected with the following infections: Spyware.CyberLog-X, W32.Myzor.FK@yf, and Trojan-Spy.Win32.mx. Zlob installs many popular rogue anti-spyware programs, among them are XP Antivirus 2012, Win 7 Security 2012, XP Security 2012, IEDefender, AntiVirGear, SpyShredder, WinAntiVirus Pro 2007, Ultimate Cleaner, and SecurePCCleaner.
Zlob Trojan is still widely distributed by at least two distinct methods:
- You may install a Zlob Trojan unwittingly by downloading a fake codec or other video player update from a dangerous website.
- In other cases, visiting a dangerous website will cause Zlob to be installed onto your PC even if you don't install anything. This is usually managed via script exploits; disabling Java and Flash for untrustworthy sites can improve your defense against this type of Zlob attack.
Some types of Zlob are even installed by other Zlob variations, and different Zlob trojans can vary widely in the forms they take. Some Zlob trojans are installed in the form of Browser Help Objects or BHOs, and although most Zlob attacks place preference on hijacking Internet Explorer, other Zlob trojans may hijack other types of web browsers.
Since rogue security programs are closely linked to Zlob, you should assume that the presence of one may indicate the presence of the other. Using anti-virus software to scan your entire PC for Zlob and other threats should detect all possible dangers to your PC. Updating your anti-virus software prior to a scan will help you detect Zlob, which may be vital, given that Zlob is available in dozens of variations and has seen updated versions as recently as June 2011.
Zlob - The Trojan That Wants You to Have a False Sense of Security
Despite their many possible differences, almost all Zlob versions have two traits in common with regards to their intended attacks or payload:
- Zlob will attempt to install other threats onto your computer, most prominently including rogue security programs. Rogue programs create a fake impression of being useful security software while indicating that your PC is highly infected.
However, rogueware, including recent examples like Windows Proofness Guarantor, Windows Inviolability System, Windows Necessary Firewall and Windows Inviolability System, can't detect or delete real PC threats. The only purpose of these rogue programs is to steal your money and credit card information.
Zlob may use fake error messages while installing its rogue programs to trick you into thinking that these rogue programs are legitimate. Fake Microsoft Security Essential Alert variants will even imitate Microsoft's Security Essentials Alert windows. Remember that Microsoft will never ask you to install security software from an unusual source or ask you to install software without specifying what the software is.
- The second factor most Zlob threats have in common is their tendency to attack your web browser with hijacking techniques. Hijacks can perform many different browser-related functions, including changing your homepage to a malicious one, displaying fake error screens, altering online content or redirecting you from one website to another one.
In the usual case, Zlob will use these hijacks to reinforce the rogue program that it's designed to support. You may find that your homepage is changed to a rogue program's website. Alternately, you may be unable to access real security websites. In extreme cases, all websites except the one for the rogue threat will be blocked by Zlob.
More aliases (20)
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Zlob may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
iesplugin.dllFile name: iesplugin.dll
Size: 25.6 KB (25600 bytes)
Detection count: 69
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009