System Alert!! Fake! Re: anti-vermins.com

J_D · 01-06-2007, 10:51 PM

Hi

Today my brother managed to get his computer infected. He was on the net when he was asked to install a Active X control which he unwisely did and since then his homepage was changed and was presented with numerous adds etc but also his System tray now showed a new icon which is there all the time flashing and tells him about system detected virus activity etc. the balloon info and icon are supposed to look like a Windows security centre notification, but when you click on the balloon info speech bubble you are sent to a website (www.anti-vermins.com) and are invited to download their antivirus protection, which he thankfully has not done, because on Further research this would have made his system very open to hackers etc.

Anyway I’ve spent quite a bit of time on it because it was in a bad way.

I firstly I ran his antivirus, Norton internet security scan which showed up nothing, but then my brother decided to tell me its been out of date since last June so no wonder it didn't pick anything up!!.

Because I am pretty anti Norton, I decided to get rid of his ageing 2005 version and replaced it with Kaspersky

On a full system scan with an up-to-date kaspersky antivirus, I found 47 items, here is a copy of these items: which I have deleted

Protection
----------
Total scanned: 72483
Detected: 47
Untreated: 0
Start time: 06/01/2007 19:46:51
Duration: 00:50:07

Detected
--------
Status Object
------ ------
not found: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\isamini.exe
not found: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\isamonitor.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\pmsngr.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\pmmon.exe//PE_Patch//UPack
not found: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\ISADDON.DLL//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc Running module: isamonitor.exe\isamonitor.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc Running module: isamini.exe\isamini.exe
not found: Trojan program Trojan-Downloader.Win32.Zlob.awu File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0019751.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.atn File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0019769.exe//PE_Patch.UPX//UPX//data0007
deleted: Trojan program Trojan-Downloader.Win32.Zlob.awu File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0019769.exe//PE_Patch.UPX//UPX//data0008
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022453.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022454.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022455.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjb File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022464.exe//PE_Patch.UPX//UPX//stream//data0006
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022479.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022480.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022481.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022495.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022496.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022497.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022510.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022511.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022512.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bdi File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022520.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022527.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022528.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022529.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022546.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022547.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022548.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022570.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022571.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022572.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022586.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022587.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022588.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022995.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022996.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022997.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023095.dll//PE_Patch
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023096.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023097.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023106.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023107.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023108.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Downloader.Win32.Zlob.ask File: C:\Documents and Settings\Ray\My Documents\Download Files\keycodec.912.exe//UPX//data0007
deleted: adware not-a-virus:AdWare.Win32.Comet.ac File: C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll

After I had cleared these up I did a reboot. Everything seemed fine apart from the System tray notification thing.

I have had a look at msconfig startup files, I found nothing suspicious

I have used "BT yahoo Antispy" (it was on the system already so I might as well give it a go
That found the following:

I am currently scanning with Windows Defender. This has detected Zlob.

So far everything is back normal apart from the system tray notification icon see image:

I really don’t know how to get rid of that could anyone please help
Cheers

Additional info about problem that I have found:
http://www.daniweb.com/techtalkforums/thread66091.html

01-06-2007, 10:51 PM	#1 (permalink)
J_D Gold Member Join Date: Dec 2006 Location: Sussex, England Age: 20 Posts: 281	System Alert!! Fake! Re: anti-vermins.com Hi Today my brother managed to get his computer infected. He was on the net when he was asked to install a Active X control which he unwisely did and since then his homepage was changed and was presented with numerous adds etc but also his System tray now showed a new icon which is there all the time flashing and tells him about system detected virus activity etc. the balloon info and icon are supposed to look like a Windows security centre notification, but when you click on the balloon info speech bubble you are sent to a website (www.anti-vermins.com) and are invited to download their antivirus protection, which he thankfully has not done, because on Further research this would have made his system very open to hackers etc. Anyway I’ve spent quite a bit of time on it because it was in a bad way. I firstly I ran his antivirus, Norton internet security scan which showed up nothing, but then my brother decided to tell me its been out of date since last June so no wonder it didn't pick anything up!!. Because I am pretty anti Norton, I decided to get rid of his ageing 2005 version and replaced it with Kaspersky On a full system scan with an up-to-date kaspersky antivirus, I found 47 items, here is a copy of these items: which I have deleted Protection ---------- Total scanned: 72483 Detected: 47 Untreated: 0 Start time: 06/01/2007 19:46:51 Duration: 00:50:07 Detected -------- Status Object ------ ------ not found: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\isamini.exe not found: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\isamonitor.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\pmsngr.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\Program Files\Video ActiveX Object\pmmon.exe//PE_Patch//UPack not found: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\ISADDON.DLL//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc Running module: isamonitor.exe\isamonitor.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc Running module: isamini.exe\isamini.exe not found: Trojan program Trojan-Downloader.Win32.Zlob.awu File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0019751.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.atn File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0019769.exe//PE_Patch.UPX//UPX//data0007 deleted: Trojan program Trojan-Downloader.Win32.Zlob.awu File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0019769.exe//PE_Patch.UPX//UPX//data0008 deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022453.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022454.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022455.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjb File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022464.exe//PE_Patch.UPX//UPX//stream//data0006 deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022479.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022480.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022481.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022495.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022496.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022497.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022510.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022511.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022512.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bdi File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022520.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022527.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022528.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022529.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022546.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022547.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022548.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022570.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022571.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022572.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022586.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022587.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022588.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022995.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022996.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0022997.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023095.dll//PE_Patch deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023096.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023097.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023106.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023107.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.bjc File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP287\A0023108.exe//PE_Patch//UPack deleted: Trojan program Trojan-Downloader.Win32.Zlob.ask File: C:\Documents and Settings\Ray\My Documents\Download Files\keycodec.912.exe//UPX//data0007 deleted: adware not-a-virus:AdWare.Win32.Comet.ac File: C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll After I had cleared these up I did a reboot. Everything seemed fine apart from the System tray notification thing. I have had a look at msconfig startup files, I found nothing suspicious I have used "BT yahoo Antispy" (it was on the system already so I might as well give it a go That found the following: I am currently scanning with Windows Defender. This has detected Zlob. So far everything is back normal apart from the system tray notification icon see image: I really don’t know how to get rid of that could anyone please help Cheers Additional info about problem that I have found: http://www.daniweb.com/techtalkforums/thread66091.html __________________ 4 Year old "Tiny" PC OS: Microsoft Windows Xp SP2 MoBo: MSI P4MAM-V/L (socket 478) CPU: Intel Celeron D 320 @ 2.4Ghz RAM: 2x512Mb DDR PC2700 GPU: Nvidia Geforce 7600GT 256Mb AGP PSU: 300 Watt "Generic" HDD: 200GB Optical 1: Sony DVD-ROM DDU1613 Optical 2: VOM-12E48X (DVD-RW)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Intel vs. AMD.... what do you prefer?	McG	CPUs and Overclocking	30	09-07-2009 02:23 PM
Can't run System Restore	bobtheninja	Operating Systems	7	11-06-2005 02:47 AM
$2000 for a Gaming System	NewComputer	Desktop Computers	9	10-13-2005 02:50 AM
Parsytec PowerXplorer	Daminc	Desktop Computers	7	03-24-2005 09:38 AM
avg anti virus system help	marty	General Computer Chat	6	09-25-2004 04:17 PM