Hello everyone, 

I have a problem with removing the Trojan.zlob from my system. Any help would be greatly appreciated.   BackgroundThe virus came from a file which was on a virtual drive which I was installing a program from. I use NIS 2009 and all antivirus files are up-to-date. NIS reported the following:

64 files infected (bogus files created by the virus from what I can tell)

18 registry lines added/modified

+the virus has appended itself to the Internet explorer executable

 NIS cannot remove the virus in Normal mode. I followed the instructions and rebooted into Safe mode. But once there NIS cannot find the virus after performing a full system scan. I've googled and browsed around but have not found anyone with the same problem. I've also tried to open the NIS history log when I am in Safe mode, which works until I get to the Remove virus option, where NIS crashes (which I guess is because I am in Safe mode and not all NIS functionality works then).  

Why cant NIS find the virus in Safe mode? Can it have something do to with that the virus originated from a file on the virtual drive which is not longer accessible?  

As I see it now, one option is to manually remove the lines in the registry, the bogus files and the ie.exe file (then reinstall IE), and hope nothing important will be affected. This does not feel as an ideal way forward. I have made a backup of the registry (after the registry had become infected). Does anyone have a better suggestion?

Thanks in advance

This might help, i'm no expert at this but try it:

1) download the free version of malwarebytes from here:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

(the link is safe)

2) Install it then update

3) boot into safe mode

4) run a full scan in safe mode

5) malwarebytes should quarantine and remove the items found

6) hopefully zlob has been removed and then restart.

Once you have done that and the trojan has been removed run a full scan with Norton in safe mode.

I would recommend you upgrade to Norton Internet Security 2010 as it has much better protection.

Hi

You could try to run the free on demand malwarebytes and see what that finds.  Create a log and post it here and then await further instructions. Don't try removing the trojan on your own as this may cause further problems and then those who are qualified to help you won't be able to help. Don't try cleaning up the registry or anything else using tools that are meant for the professionals who know what they are doing. You could also try running a scan to see if there is any rootkit on your computer. Follow these instructions and post back the log using the add attachments located under the post button.

Please run a SysProt log for us so we can check your system for the rootkit .sys name. You will need to disable Norton auto-protect while you run the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply. (if available)

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

After running the scan, Please do not attempt to clean anything that the log may show by yourself. Just post the logs. Thanks.