Posted: March 28, 2006
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
|First Seen:||July 24, 2009|
Zlob is a large family of multiple-component trojans that use several threats in coordination to hijack your web browsers and install malicious programs. Zlob is particularly closely-associated with rogue security applications like Windows AV Component that create fake infection warnings and other inaccurate system alerts. The goal of any rogue security program is to steal your credit card information and money, and Zlob assists them in that endeavor through a variety of methods that attack your web browser and potentially your security programs. If you've found an unusual security program installed on your PC for no reason, you may be the victim of a Zlob attack. Despite the wide variety of Zlob in the wild, any good anti-virus program can remove Zlob from your computer along with any related threats.
Learning the Signs of a Possible Zlob Infection Attack
Zlob trojans can occur in an almost countless number of slight variations that are designed to attack your computer in slightly different ways or are affiliated with slightly different types of rogue security programs. Some common types of Zlob threats include Trojan:Win32/Zlob.gen!S, TrojanDownloader:Win32/Zlob.AMP, TrojanDownloader:Win32/Zlob.gen!AU, Trojan:Win32/Zlob.AU and TrojanDownloader:Win32/Zlob.gen!T. Zlob Trojan constantly updates and switches to whatever rogue anti-spyware program the rogue creator wants to distribute at any given time. Zlob may pop up a message saying that your computer is infected with the following infections: Spyware.CyberLog-X, W32.Myzor.FK@yf, and Trojan-Spy.Win32.mx. Zlob installs many popular rogue anti-spyware programs, among them are XP Antivirus 2012, Win 7 Security 2012, XP Security 2012, IEDefender, AntiVirGear, SpyShredder, WinAntiVirus Pro 2007, Ultimate Cleaner, and SecurePCCleaner.
Zlob Trojan is still widely distributed by at least two distinct methods:
- You may install a Zlob Trojan unwittingly by downloading a fake codec or other video player update from a dangerous website.
- In other cases, visiting a dangerous website will cause Zlob to be installed onto your PC even if you don't install anything. This is usually managed via script exploits; disabling Java and Flash for untrustworthy sites can improve your defense against this type of Zlob attack.
Some types of Zlob are even installed by other Zlob variations, and different Zlob trojans can vary widely in the forms they take. Some Zlob trojans are installed in the form of Browser Help Objects or BHOs, and although most Zlob attacks place preference on hijacking Internet Explorer, other Zlob trojans may hijack other types of web browsers.
Since rogue security programs are closely linked to Zlob, you should assume that the presence of one may indicate the presence of the other. Using anti-virus software to scan your entire PC for Zlob and other threats should detect all possible dangers to your PC. Updating your anti-virus software prior to a scan will help you detect Zlob, which may be vital, given that Zlob is available in dozens of variations and has seen updated versions as recently as June 2011.
Zlob - The Trojan That Wants You to Have a False Sense of Security
Despite their many possible differences, almost all Zlob versions have two traits in common with regards to their intended attacks or payload:
- Zlob will attempt to install other threats onto your computer, most prominently including rogue security programs. Rogue programs create a fake impression of being useful security software while indicating that your PC is highly infected.
However, rogueware, including recent examples like Windows Proofness Guarantor, Windows Inviolability System, Windows Necessary Firewall and Windows Inviolability System, can't detect or delete real PC threats. The only purpose of these rogue programs is to steal your money and credit card information.
Zlob may use fake error messages while installing its rogue programs to trick you into thinking that these rogue programs are legitimate. Fake Microsoft Security Essential Alert variants will even imitate Microsoft's Security Essentials Alert windows. Remember that Microsoft will never ask you to install security software from an unusual source or ask you to install software without specifying what the software is.
- The second factor most Zlob threats have in common is their tendency to attack your web browser with hijacking techniques. Hijacks can perform many different browser-related functions, including changing your homepage to a malicious one, displaying fake error screens, altering online content or redirecting you from one website to another one.
In the usual case, Zlob will use these hijacks to reinforce the rogue program that it's designed to support. You may find that your homepage is changed to a rogue program's website. Alternately, you may be unable to access real security websites. In extreme cases, all websites except the one for the rogue threat will be blocked by Zlob.
More aliases (20)
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Zlob may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.The following files were created in the system:
iesplugin.dllFile name: iesplugin.dll
Size: 25.6 KB (25600 bytes)
Detection count: 69
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009