Also known as Troj/Zlob-QJ, the Zlob spyware trojan affects the Windows operating system. The trojan is activated once it has launched itself into a file and downloaded and installed from remote locations. Once installed, the spyware Zlob inputs malicious code into the system processes. Results from this spyware ranges from modifying data on the computer, deleting files off the computer, stealing information, causing malware, downloading code from the internet, and installing itself into the registry.

Removing the Troj/Zlob-QJ is the same as removing any other trojans. Remember that trojans infects computers, but not the files itself. The files can be easily identified and removed. Often, the Troj/Zlob-QJ changes the registry or startup file so that it is executed during boot up, causing Zlob to be highly dangerous if left untreated. Antivirus and malware removal tools are the best way to remove not only this spyware, but also any other spyware as a whole. Instructions are to detect and delete Zlob processes, registry keys, DLL files, and any other Zlob files from the computer. If possible, remove the Zlob files manually by going to Add/Remove Programs.

The Zlob processes to remove are: nvctrl.exe and msmsgs.exe and the registry values to delete are:

  • HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
  • HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe

Delete these files: nvctrl.exe, msmsgs.exe, hp[X].tmp, msvol.tlb, ncompat.tlb, RSA, Protect, vnp7s.net, zxserv0.com, and dumpserv.com

Another Method

 

  1. Please download SmitfraudFix
    Extract the content (a folder named SmitfraudFix) to your Desktop.
    Don’t use it yet.
  2. Reboot into Safe Mode
    To get into the Safe mode as the computer is booting press and hold your “F8 Key”. Use your arrow keys to move to “Safe Mode” and press your Enter key.
  3. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #2 – Clean by typing 2 and press “Enter” to delete infected files.

    1. (Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwards
    2. You will be prompted : “Registry cleaning – Do you want to clean the registry ?”; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
    3. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
    4. The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.
    5. A text file will appear onscreen, with results from the cleaning process; save that log in case you need it to reply together with a hijackthislog. The report can also be found at the root of the system drive, usually at C:rapport.txt

 

Variants of Troj/Zlob-QJ include: Trojan.Zlob.D, Trojan.Zlob, Trojan, Downloader.Win32.Zlob, {dz, ha, he}, Downloader-XC, Generic Downloader.gen.bd, Puper [McAfee], Troj/Zlob-CD, and TROJ_ZLOB {DR, DU, and FP}.

To avoid furthering damaging the computer, use a good spyware cleaner/removal software and automatically remove Zlob, as well as any other spyware, adware, malware, Trojans, and viruses from the computer.