Posted: March 28, 2006
Threat Metric
Threat Level: 8/10
Infected PCs 75

Zlob Description

ScreenshotZlob is a large family of multiple-component trojans that use several threats in coordination to hijack your web browsers and install malicious programs. Zlob is particularly closely-associated with rogue security applications like Windows AV Component that create fake infection warnings and other inaccurate system alerts. The goal of any rogue security program is to steal your credit card information and money, and Zlob assists them in that endeavor through a variety of methods that attack your web browser and potentially your security programs. If you've found an unusual security program installed on your PC for no reason, you may be the victim of a Zlob attack. Despite the wide variety of Zlob in the wild, any good anti-virus program can remove Zlob from your computer along with any related threats.

Learning the Signs of a Possible Zlob Infection Attack

Zlob trojans can occur in an almost countless number of slight variations that are designed to attack your computer in slightly different ways or are affiliated with slightly different types of rogue security programs. Some common types of Zlob threats include Trojan:Win32/Zlob.gen!S, TrojanDownloader:Win32/Zlob.AMP, TrojanDownloader:Win32/Zlob.gen!AU, Trojan:Win32/Zlob.AU and TrojanDownloader:Win32/Zlob.gen!T. Zlob Trojan constantly updates and switches to whatever rogue anti-spyware program the rogue creator wants to distribute at any given time. Zlob may pop up a message saying that your computer is infected with the following infections: Spyware.CyberLog-X, W32.Myzor.FK@yf, and Trojan-Spy.Win32.mx. Zlob installs many popular rogue anti-spyware programs, among them are XP Antivirus 2012, Win 7 Security 2012, XP Security 2012, IEDefender, AntiVirGear, SpyShredder, WinAntiVirus Pro 2007, Ultimate Cleaner, and SecurePCCleaner.

Zlob Trojan is still widely distributed by at least two distinct methods:

  • You may install a Zlob Trojan unwittingly by downloading a fake codec or other video player update from a dangerous website.
  • In other cases, visiting a dangerous website will cause Zlob to be installed onto your PC even if you don't install anything. This is usually managed via script exploits; disabling Java and Flash for untrustworthy sites can improve your defense against this type of Zlob attack.

Some types of Zlob are even installed by other Zlob variations, and different Zlob trojans can vary widely in the forms they take. Some Zlob trojans are installed in the form of Browser Help Objects or BHOs, and although most Zlob attacks place preference on hijacking Internet Explorer, other Zlob trojans may hijack other types of web browsers.

Since rogue security programs are closely linked to Zlob, you should assume that the presence of one may indicate the presence of the other. Using anti-virus software to scan your entire PC for Zlob and other threats should detect all possible dangers to your PC. Updating your anti-virus software prior to a scan will help you detect Zlob, which may be vital, given that Zlob is available in dozens of variations and has seen updated versions as recently as June 2011.

Zlob - The Trojan That Wants You to Have a False Sense of Security

Despite their many possible differences, almost all Zlob versions have two traits in common with regards to their intended attacks or payload:

  • Zlob will attempt to install other threats onto your computer, most prominently including rogue security programs. Rogue programs create a fake impression of being useful security software while indicating that your PC is highly infected.

    However, rogueware, including recent examples like Windows Proofness Guarantor, Windows Inviolability System, Windows Necessary Firewall and Windows Inviolability System, can't detect or delete real PC threats. The only purpose of these rogue programs is to steal your money and credit card information.

    Zlob may use fake error messages while installing its rogue programs to trick you into thinking that these rogue programs are legitimate. Fake Microsoft Security Essential Alert variants will even imitate Microsoft's Security Essentials Alert windows. Remember that Microsoft will never ask you to install security software from an unusual source or ask you to install software without specifying what the software is.

  • The second factor most Zlob threats have in common is their tendency to attack your web browser with hijacking techniques. Hijacks can perform many different browser-related functions, including changing your homepage to a malicious one, displaying fake error screens, altering online content or redirecting you from one website to another one.

    In the usual case, Zlob will use these hijacks to reinforce the rogue program that it's designed to support. You may find that your homepage is changed to a rogue program's website. Alternately, you may be unable to access real security websites. In extreme cases, all websites except the one for the rogue threat will be blocked by Zlob.



Trojan.DL.Zlob.ATTMalwareScope.Downloader.Zlob.1TrojanDownloader.Win32.Zlob.98CETrojan/Puper.dllTroj/Zlobie-Gen [Sophos]Trojan.eCodec [Prevx1]Adware/GoldCodec [Panda]Win32/TrojanDownloader.Zlob.AKOZlob (threat-c) [Microsoft]Puper.dll.gen [McAfee]Trojan-Downloader.Win32.Zlob.bba [Kaspersky]Zlobie!tr [Fortinet]Downloader.Zlob.bba [eWido]Win32.Win32.Zlob.bba [eSafe]Trojan.Fakealert.217 [DrWeb]
More aliases (20)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Zlob may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

iesplugin.dll File name: iesplugin.dll
Size: 25.6 KB (25600 bytes)
MD5: e46bbd7733738efa1a3516ef1d4b19d3
Detection count: 69
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

More files

Related Posts


Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.