What's Zlob Trojan?
Zlob Trojan is a backdoor Trojan which can give an anonymous attacker remote control over your PC. Zlob Trojan also lets the attacker execute commands on your PC, so that the attacker can gain control of your system and disable your security. Zlob Trojan puts your personal and financial information at risk.
Do I have Zlob Trojan?
Slow computer performance
New desktop shortcuts or switched homepage
Annoying popups on your PC
How did I get Zlob Trojan?
Freeware or Shareware
Peer-to-Peer Software
Questionable Websites
Remove Zlob Trojan Manually!To remove Zlob Trojan manually, you need to delete Zlob Trojan files.
Step 1 : Use Windows File Search Tool to Find Zlob Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "Zlob" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "Zlob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob in the following manual removal steps. Step 2 : Use Windows Task Manager to Remove Zlob Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for "Zlob" process by name.
Select the "Zlob" process and click on the "End Process" button to kill it.
Remove the "Zlob" processes files:
msmsgs.exe
nvctrl.exe
msmsgs.exe
nvctrl.exeStep 3 : Use Registry Editor to Remove Zlob Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Zlob" value, right-click on it and select the "Delete" option.
Locate and delete "Zlob" registry entries:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe, msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe Step 4 : Use Windows Command Prompt to Unregister Zlob DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Zlob" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Zlob" DLL files:
uimcu.dll
antzozc.dll
dtjby.dll Step 5 : Detect and Delete Other Zlob Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Zlob" process and click on the "End Process" button to kill it.
Remove the "Zlob" processes files:
uimcu.dll
antzozc.dll
dtjby.dll
dumpserv.com
zxserv0.com
vnp7s.net
Protect
RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
msmsgs.exe
nvctrl.exe
dumpserv.com
zxserv0.com
vnp7s.net
%UserProfile%\Application Data\Microsoft\Protect
%UserProfile%\Application Data\Microsoft\Crypto\RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
Note: Here "%System" is a variable referring to your PC's System folder. Maybe you renamed it, but by default your System folder is "C:\Windows\System32" on Windows XP, "C:\Winnt\System32" on Windows NT/2000," or "C:\Windows\System" on Windows 95/98/Me.
"%Program_Files", "%ProgramFiles", or "%Profile" is a variable referring to a folder in your PC where applications that aren't a part of your PC's operating system are installed by default. You may have changed this folder's name or moved it, but if you didn't touch it, find the folder as "C:\Program Files". If you're having trouble finding this folder, you can locate it by looking up registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir".
Also, "%UserProfile" is a variable referring to your current user's profile folder. If you're using Windows NT/2000/XP, by default this is "C:\Documents and Settings\[CURRENT USER]" (e.g., "C:\Documents and Settings\JoeSmith").
Add this code
No comments:
Post a Comment