Prev: locate.exe
Next: Ccollgatee Virus
From: David on 16 Dec 2005 05:13 Hi My sons PC When I boot it up a small window pops up on the right side of the taskbar with " Download a spyware " I do a scan with Lavasoft Adware 6 and Quarantined 9 items. In the middle of the scanning a window pops up with "Virus Alert and says 'ZLOP.CL in System 32' I then do a scan with Grisoft AVG Free Edition and send the virus to the Vault. This obviously does not get rid of the virus because when I enter an URL in the address bar of the IE .For example if I type in www.google.co.uk it quickly turns into www.dns404.net and the little window pops up again in the right hand side of the taskbar with "Download a spy ware" If I click on this then different spyware programme try's to upload. What is the remedy please. Ta
From: Malke on 16 Dec 2005 07:44 David wrote: > Hi > My sons PC > When I boot it up a small window pops up on the right side of the > taskbar with " Download a spyware " > I do a scan with Lavasoft Adware 6 and Quarantined 9 items. In the > middle of the scanning a window pops up with "Virus Alert and says > 'ZLOP.CL in System 32' > I then do a scan with Grisoft AVG Free Edition and send the virus to > the Vault. > This obviously does not get rid of the virus because when I enter an > URL in the address bar of the IE .For example if I type in > www.google.co.uk it quickly turns into www.dns404.net and the little > window pops up again in the right hand side of the taskbar with > "Download a spy ware" If I click on this then different spyware > programme try's to upload. What is the remedy please. > Ta Your computer is not clean. Go through the following malware removal steps systematically: http://www.elephantboycomputers.com/page2.html#Removing_Malware I would start by scanning with either Sysclean (links and information at site above) or Dave Lipman's Multi-AV: http://www.ik-cs.com/multi-av.htm Scans must be done with updated tools in Safe Mode. Malke -- MS-MVP Windows User/Shell Elephant Boy Computers www.elephantboycomputers.com "Don't Panic"
From: David H. Lipman on 16 Dec 2005 09:06 From: "David" <art(a)davidartgallery.co.uk> | Hi | My sons PC | When I boot it up a small window pops up on the right side of the taskbar | with " Download a spyware " | I do a scan with Lavasoft Adware 6 and Quarantined 9 items. In the middle of | the scanning a window pops up with "Virus Alert and says 'ZLOP.CL in System | 32' | I then do a scan with Grisoft AVG Free Edition and send the virus to the | Vault. | This obviously does not get rid of the virus because when I enter an URL in | the address bar of the IE .For example if I type in www.google.co.uk it | quickly turns into www.dns404.net and the little window pops up again in the | right hand side of the taskbar with "Download a spy ware" If I click on this | then different spyware programme try's to upload. | What is the remedy please. | Ta | Ad-aware 6 is no longer supported nor updated and it is way ot of date ! It needs to be removed and replac ed with the Ad-aware SE v1.06 (soon to be replaced by Ad-aware 2006). For non-viral malware... Please download, install and update the following software... * Ad-aware SE v1.06 http://www.lavasoft.de/ http://www.lavasoftusa.com/ * SpyBot Search and Destroy v1.4 http://security.kolla.de/ After the software is updated, I suggest scanning the system in Safe Mode. I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects that may be on the PC. * BHODemon http://www.definitivesolutions.com/bhodemon.htm http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d For viral malware... * Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: David on 16 Dec 2005 14:59 Thank you Malke & David I will have a go at all your instructions when I visit my son to-morrow. Thanks again David "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23WBspnkAGHA.216(a)TK2MSFTNGP15.phx.gbl... > From: "David" <art(a)davidartgallery.co.uk> > > | Hi > | My sons PC > | When I boot it up a small window pops up on the right side of the taskbar > | with " Download a spyware " > | I do a scan with Lavasoft Adware 6 and Quarantined 9 items. In the middle of > | the scanning a window pops up with "Virus Alert and says 'ZLOP.CL in System > | 32' > | I then do a scan with Grisoft AVG Free Edition and send the virus to the > | Vault. > | This obviously does not get rid of the virus because when I enter an URL in > | the address bar of the IE .For example if I type in www.google.co.uk it > | quickly turns into www.dns404.net and the little window pops up again in the > | right hand side of the taskbar with "Download a spy ware" If I click on this > | then different spyware programme try's to upload. > | What is the remedy please. > | Ta > | > > Ad-aware 6 is no longer supported nor updated and it is way ot of date ! > It needs to be removed and replac ed with the Ad-aware SE v1.06 (soon to be replaced by > Ad-aware 2006). > > > For non-viral malware... > > Please download, install and update the following software... > > * Ad-aware SE v1.06 > http://www.lavasoft.de/ > http://www.lavasoftusa.com/ > > * SpyBot Search and Destroy v1.4 > http://security.kolla.de/ > > After the software is updated, I suggest scanning the system in Safe Mode. > > I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects > that may be on the PC. > > * BHODemon > http://www.definitivesolutions.com/bhodemon.htm > > http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d > > For viral malware... > > * Download MULTI_AV.EXE from the URL -- > http://www.ik-cs.com/programs/virtools/Multi_AV.exe > > To use this utility, perform the following... > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } > Choose; Unzip > Choose; Close > > Execute; C:\AV-CLS\StartMenu.BAT > { or Double-click on 'Start Menu' in C:\AV-CLS } > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your > FireWall to allow it to download the needed AV vendor related files. > > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} > This will bring up the initial menu of choices and should be executed in Normal Mode. > This way all the components can be downloaded from each AV vendor's web site. > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. > > You can choose to go to each menu item and just download the needed files or you can > download the files and perform a scan in Normal Mode. Once you have downloaded the files > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key > during boot] and re-run the menu again and choose which scanner you want to run in Safe > Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. > > When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help > file. http://www.ik-cs.com/multi-av.htm > > > * * * Please report back your results * * * > > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > >
From: Retro on 16 Dec 2005 21:43
http://www.f-secure.com/weblog/archives/archive-122005.html#00000739 "David" <art(a)davidartgallery.co.uk> wrote in message news:%23OlIJtnAGHA.2900(a)TK2MSFTNGP10.phx.gbl... > Thank you Malke & David > I will have a go at all your instructions when I visit my son to-morrow. > Thanks again > David > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:%23WBspnkAGHA.216(a)TK2MSFTNGP15.phx.gbl... >> From: "David" <art(a)davidartgallery.co.uk> >> >> | Hi >> | My sons PC >> | When I boot it up a small window pops up on the right side of the > taskbar >> | with " Download a spyware " >> | I do a scan with Lavasoft Adware 6 and Quarantined 9 items. In the > middle of >> | the scanning a window pops up with "Virus Alert and says 'ZLOP.CL in > System >> | 32' >> | I then do a scan with Grisoft AVG Free Edition and send the virus to >> the >> | Vault. >> | This obviously does not get rid of the virus because when I enter an >> URL > in >> | the address bar of the IE .For example if I type in www.google.co.uk it >> | quickly turns into www.dns404.net and the little window pops up again >> in > the >> | right hand side of the taskbar with "Download a spy ware" If I click on > this >> | then different spyware programme try's to upload. >> | What is the remedy please. >> | Ta >> | >> >> Ad-aware 6 is no longer supported nor updated and it is way ot of date ! >> It needs to be removed and replac ed with the Ad-aware SE v1.06 (soon to > be replaced by >> Ad-aware 2006). >> >> >> For non-viral malware... >> >> Please download, install and update the following software... >> >> * Ad-aware SE v1.06 >> http://www.lavasoft.de/ >> http://www.lavasoftusa.com/ >> >> * SpyBot Search and Destroy v1.4 >> http://security.kolla.de/ >> >> After the software is updated, I suggest scanning the system in Safe >> Mode. >> >> I also suggest downloading, installing and updating BHODemon for any > Browser Helper Objects >> that may be on the PC. >> >> * BHODemon >> http://www.definitivesolutions.com/bhodemon.htm >> >> > http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d >> >> For viral malware... >> >> * Download MULTI_AV.EXE from the URL -- >> http://www.ik-cs.com/programs/virtools/Multi_AV.exe >> >> To use this utility, perform the following... >> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } >> Choose; Unzip >> Choose; Close >> >> Execute; C:\AV-CLS\StartMenu.BAT >> { or Double-click on 'Start Menu' in C:\AV-CLS } >> >> NOTE: You may have to disable your software FireWall or allow WGET.EXE to > go through your >> FireWall to allow it to download the needed AV vendor related files. >> >> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in >> C:\AV-CLS} >> This will bring up the initial menu of choices and should be executed in > Normal Mode. >> This way all the components can be downloaded from each AV vendor's web > site. >> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and > Reboot the PC. >> >> You can choose to go to each menu item and just download the needed files > or you can >> download the files and perform a scan in Normal Mode. Once you have > downloaded the files >> needed for each scanner you want to use, you should reboot the PC into > Safe Mode [F8 key >> during boot] and re-run the menu again and choose which scanner you want > to run in Safe >> Mode. It is suggested to run the scanners in both Safe Mode and Normal > Mode. >> >> When the menu is displayed hitting 'H' or 'h' will bring up a more > comprehensive PDF help >> file. http://www.ik-cs.com/multi-av.htm >> >> >> * * * Please report back your results * * * >> >> >> >> -- >> Dave >> http://www.claymania.com/removal-trojan-adware.html >> http://www.ik-cs.com/got-a-virus.htm >> >> > > |