problem

helen1 · July 12, 2006, 1:27pm

hi,
when i scan whole system cav detect some troian and soon later the system fall(restart).What can it be?Troian is detected in windows folder.

justin1278 · July 12, 2006, 5:01pm

Hello Helen1,

What is the Trojan Name, and the file. That information can help us in seeing what your problem is and fixing it.

helen1 · July 13, 2006, 4:34am

Trojan-downloader.win32.zlob.xw
c:\windows\system32\id100.tmp
sometimes trojan is in c:\windows\system32\id101.tmp
Do i need to reinstal my computer?

HHHHHHHHHEEEEEEEEEEEEEELLLLLLLLLPPPPPPPPPPPPPP!!!

m0ng0d · July 14, 2006, 7:36am

If I’ve found the right information… and yours is a variant…

[i]This trojan is dropped in the %System% directory as TGBRFV_.dll by another piece of malware and executed.

It sets the following registry value so that it is run when a user logs on:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = “Userinit.exe” appending itself to the end of the value:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = “Userinit.exe,TGBRFV_”

Zlob.B attempts to inject itself into the explorer.exe process in order to mask its presence on the infected machine.[/i]

Check your registry for this key and revert the key to the original setting may stop the execution of the trojan at bootup, if the above information is still accurate.

In order to remove the files before you rebot, I’d suggest using a tool like WhoLockMe [url]MajorGeeks.Com - MajorGeeks, that installs into the right-click context menu of windows… so you can browse to the file on your HD, right-click it, select WhoLockMe, kill the process that has it locked, and remove the file.

helen1 · July 14, 2006, 7:46am

I reinstaled my computer.

but thanks

m0ng0d · July 14, 2006, 7:49am

That option is never a wrong one. Not always the most convenient… but never wrong.