• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Trojan.Zlob.Q

Almost every day I'm getting a Norton Security pop-up on startup of my laptop saying "Trojan.Zlob.Q blocked". Where is this Trojan coming from and how do I permanently get rid of it?

Replies

Kudos0

Re: Trojan.Zlob.Q

Please tell us what Norton is telling you regarding this event.

For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Run the LiveUpdates several times until no updates + machine Restart (not Shut down) and run full system scan from Norton product.

https://community.norton.com/en/forums/trojanzlob-constant-attack

Kudos0

Re: Trojan.Zlob.Q

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
10/6/2017 10:12:57 AM,High,An intrusion attempt by PAVILION15AB253 was blocked.,Blocked,No Action Required,System Infected: Trojan.Zlob.Q Activity,No Action Required,No Action Required,"PAVILION15AB253 (192.168.10.15, 52548)","secureb.info/u/?a=6-CjhQCP-jHdMazItYxQUEip_5810LXq5WHfzXGNLu_n1qSDIl1Wh_aqwcxqk4ldkeoEVndvloQjBiSmet9Yk6k97AWTPxu5h2kK05NzdNWT8Bi9EQPWSnrqhiR5HlxMFzlt25XBxrdhfGIVRHSSJihc9dWMhCNREANlwQZ2y7XaYemhBrr70vzgMErm5ozjd2_atMiFZxmvRULgHk6Z9IstFOPrFvl9gYr6KU65ouRQu2Cwg7sl4p2CATmzd8cOxZvhmFFbuEpTujpmUF0q5twy8Ekxu66jg1Rg98IyLbCBqJKbumbDQMWL0K_EFGGvKazYpsSlvAi7drmh_ZQ5RLA5R0CHHmP0hG5fKxyJ4rxqvf1EF-MNCYDfuyyEloQm1CIjsxXFWksT-5i8Lk-MXfmaZX6emfcb3Yuq2cYA0wJo5I0yPsIAtZ7bwpqh2E8xN1wRSjLfUwmBO5LA_vYCJE2Qm_xSDpiEG5iZLmRWm8wTVTrNqXlPJWFrCv6toWf-j-GLuHr8E069UlFN3kDcv3nm3uiXXu8qS31JtVAchE_NuUlHaFTHBVY7qvCruyHnr3Xd2lAYg3rijEJBiziRhLqwbLTxWy2iSMVr4rnRN3eujexJy1syameXcxeNh82LiAY_j3j4DX76IqrvCqE6PiHaJn37cUzN6QHHw3yiVpp-HH254EWIWEZi-LD_xhwQuJmNOTR_l0rHsmL6k9JDudINp7NqrOmwecaafuASHAZSSzgdDXOc8NDjAT6qq40Wud5p7m_jJ31yL5-gA4TCmlczOuGC--uNbTi3TGqZ9vQwJQFVIyqMCXorZJhVOc_zNzp8YfQ8-pf2Rv-NQC5jzfAWyOnQuHTF63yiydqZvh9LE21KJFZ-xvC6_tLm70b83U20iW0&c=pACN4wrwZxsI57cLGxb5n2CPGxRuIhMl8mm9RHB5ztc4ypzCIxmA0gouiUsJQMZ6-HQl7JVkK2QvaTvltT7PtUgRukrm_d-23IlTgCHFhkRQHRggatehF6eA0YLZIm2NIE9K3kr5dK1gOwju-qvE3z7NM3QeudhLw6SHZAQb7CjQ5Da2noCr6bRym-4RdSViYrGkPd_5fuQj6j7IE12HFVB0v94XtwzBxbpzHsMgnKZ-UFOwr4X3kU7Ru18p2hoPjkEXPiqtbhzZgJwtTC9yd7APEmejqe4XWUgXhbcOrjgzq0vsqM0NDtpVkkPlaP2zWA_L-5OQ7xZsGCwqg2aryrzbarNNSK2sOUm080VZXf4UtcUbZnrqUQzZL8eQ8rYSmAoDfvrgtFqo7Y5t2JT1yaJ-7YcEgm3z7AXdEnghYonrMZNkPcN4j3gwFpbD8mrSGPvtVtB-FfVh7NCRsTAhESdEYkk7qXHjvfog4rejVCRipKndKfifaglXg8y6WtQAWubxsV1r4yfkzxHQmONpVyvyCgld-1brYR2deAGcuJlAHmrnKKc3D7ZgAE_KJPYLUwx3JZUCfmtfAObZmiDfbhexU-faLfTceuGtVAhEqnTsCtDNnDHc--9ocEYmjcEF2mcHORXfOoS0XfnmM-zfQB3YiT1g1QBKCDCs6snUXc7ykeVZrwySSeaLUccTj3f875zazkAKg2xTqGTfrqpVxgg2-1R1g240XVMIvCyZWjSztkX0SaJNacTKJ9jJbIGgbZUmlavSmb8Uk8jEdd352Ht_XXLhdFof6dGkqoSxdx_RfJQ-QCl1rixhFO0Ml7dgLIh0VBsdsqCIQhLraLN9JD0WLyBopAoFWpKFVPo6JJhlS2uchvdNuzOIiGSwjmqLyZBorWfWi_a91dLwP0H&r=7872359636249131516","81.171.14.67, 80",PAVILION15AB253 (192.168.10.15),"TCP, Port 52548"
Network traffic from <b>secureb.info/u/?a=6-CjhQCP-jHdMazItYxQUEip_5810LXq5WHfzXGNLu_n1qSDIl1Wh_aqwcxqk4ldkeoEVndvloQjBiSmet9Yk6k97AWTPxu5h2kK05NzdNWT8Bi9EQPWSnrqhiR5HlxMFzlt25XBxrdhfGIVRHSSJihc9dWMhCNREANlwQZ2y7XaYemhBrr70vzgMErm5ozjd2_atMiFZxmvRULgHk6Z9IstFOPrFvl9gYr6KU65ouRQu2Cwg7sl4p2CATmzd8cOxZvhmFFbuEpTujpmUF0q5twy8Ekxu66jg1Rg98IyLbCBqJKbumbDQMWL0K_EFGGvKazYpsSlvAi7drmh_ZQ5RLA5R0CHHmP0hG5fKxyJ4rxqvf1EF-MNCYDfuyyEloQm1CIjsxXFWksT-5i8Lk-MXfmaZX6emfcb3Yuq2cYA0wJo5I0yPsIAtZ7bwpqh2E8xN1wRSjLfUwmBO5LA_vYCJE2Qm_xSDpiEG5iZLmRWm8wTVTrNqXlPJWFrCv6toWf-j-GLuHr8E069UlFN3kDcv3nm3uiXXu8qS31JtVAchE_NuUlHaFTHBVY7qvCruyHnr3Xd2lAYg3rijEJBiziRhLqwbLTxWy2iSMVr4rnRN3eujexJy1syameXcxeNh82LiAY_j3j4DX76IqrvCqE6PiHaJn37cUzN6QHHw3yiVpp-HH254EWIWEZi-LD_xhwQuJmNOTR_l0rHsmL6k9JDudINp7NqrOmwecaafuASHAZSSzgdDXOc8NDjAT6qq40Wud5p7m_jJ31yL5-gA4TCmlczOuGC--uNbTi3TGqZ9vQwJQFVIyqMCXorZJhVOc_zNzp8YfQ8-pf2Rv-NQC5jzfAWyOnQuHTF63yiydqZvh9LE21KJFZ-xvC6_tLm70b83U20iW0&c=pACN4wrwZxsI57cLGxb5n2CPGxRuIhMl8mm9RHB5ztc4ypzCIxmA0gouiUsJQMZ6-HQl7JVkK2QvaTvltT7PtUgRukrm_d-23IlTgCHFhkRQHRggatehF6eA0YLZIm2NIE9K3kr5dK1gOwju-qvE3z7NM3QeudhLw6SHZAQb7CjQ5Da2noCr6bRym-4RdSViYrGkPd_5fuQj6j7IE12HFVB0v94XtwzBxbpzHsMgnKZ-UFOwr4X3kU7Ru18p2hoPjkEXPiqtbhzZgJwtTC9yd7APEmejqe4XWUgXhbcOrjgzq0vsqM0NDtpVkkPlaP2zWA_L-5OQ7xZsGCwqg2aryrzbarNNSK2sOUm080VZXf4UtcUbZnrqUQzZL8eQ8rYSmAoDfvrgtFqo7Y5t2JT1yaJ-7YcEgm3z7AXdEnghYonrMZNkPcN4j3gwFpbD8mrSGPvtVtB-FfVh7NCRsTAhESdEYkk7qXHjvfog4rejVCRipKndKfifaglXg8y6WtQAWubxsV1r4yfkzxHQmONpVyvyCgld-1brYR2deAGcuJlAHmrnKKc3D7ZgAE_KJPYLUwx3JZUCfmtfAObZmiDfbhexU-faLfTceuGtVAhEqnTsCtDNnDHc--9ocEYmjcEF2mcHORXfOoS0XfnmM-zfQB3YiT1g1QBKCDCs6snUXc7ykeVZrwySSeaLUccTj3f875zazkAKg2xTqGTfrqpVxgg2-1R1g240XVMIvCyZWjSztkX0SaJNacTKJ9jJbIGgbZUmlavSmb8Uk8jEdd352Ht_XXLhdFof6dGkqoSxdx_RfJQ-QCl1rixhFO0Ml7dgLIh0VBsdsqCIQhLraLN9JD0WLyBopAoFWpKFVPo6JJhlS2uchvdNuzOIiGSwjmqLyZBorWfWi_a91dLwP0H&r=7872359636249131516</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

This thread is closed from further comment. Please visit the forum to start a new thread.