Zlob.MovieBox Removal Question

Discussion in 'Computer Support' started by penguin676, May 24, 2007.

  1. penguin676

    penguin676 Guest

    Greetings;

    Win98SE, P3 800MHz processor, 256 Mb RAM.

    Spybot S&D has told me that I have the "Zlob.MovieBox" trojan on my
    computer at location "C:\Windows\System\kdtir.exe".

    Spybot says it can't delete the trojan because it's "in use" in the
    memory and it prompts me to reboot my system, but every time I reboot
    and run Spybot again it keeps saying the same thing about the trojan
    being in use in the memory and it again prompts me to reboot, etc., etc.

    I can't find the file kdtir.exe. I do a "Find File" to search for both
    Zlob.MovieBox and kdtir.exe and come up with nothing. I Google for
    "Zlob.MovieBox removal" but all I come up with are programs that will
    remove it for a fee.

    Can anyone tell me how to get this infernal trojan out of my machine?
    I'd really alot appreciate it. Thanks.

    Penguin must run. Have cookie will travel.
    -Chris

    Play a game and get bitten by a vampire.
    http://world4.monstersgame.co.uk/?ac=vid&vid=47142933
     
    penguin676, May 24, 2007
    #1
    1. Advertisements

  2. penguin676

    gangle Guest

    Print this message, then try this:

    Boot into DOS mode.

    At the prompt:
    Type "cd C:\Windows\System" (no quot. marks) ENTER Key
    (Note: there is a space after "cd.")

    Then type: "del kdtir.exe" ENTER Key
    (Note: there is a space after "del.")

    Then type: "win" ENTER Key

    Is it gone?
     
    gangle, May 24, 2007
    #2
    1. Advertisements

  3. penguin676

    penguin676 Guest

    gangle replied:

    Yes it is. Thank you!!! I did as instructed, rebooted, ran Spybot S&D,
    and there was no trace of it left. Thank you, Gangle!

    Penguin must run. Have cookie will travel.
    -Chris

    Play a game and get bitten by a vampire.
    http://world4.monstersgame.co.uk/?ac=vid&vid=47142933
     
    penguin676, May 24, 2007
    #3
  4. penguin676

    gangle Guest

    You're squaimed.
     
    gangle, May 24, 2007
    #4
  5. penguin676

    penguin676 Guest

    penguin676, May 24, 2007
    #5
  6. penguin676

    Piper Guest

    I can feel your pain.I have a Zlob.downloader trojan for over a year now.I
    have asked and done a few thngs but it never goes away.I hope you get it
    fixed.

    Piper
     
    Piper, May 25, 2007
    #6
  7. penguin676

    Pennywise Guest

    Two facts, the trojan starts when the OS starts, it's a parent that
    spans a child program. You can delete the child, but the parent is
    always there to respawn the child on reboot.

    Autoruns can help you find it.
    Using Autoruns, registry, and google you can catch it.
    also don't trust a file, check it's version. I found a file called
    winhost.exe that was a renamed netstat.exe (internal name)
    http://www.microsoft.com/technet/sysinternals/Security/Autoruns.mspx

    Of course back up your registry first with ERUNT, you can always go
    back if you have a problem and start over.
    http://www.larshederer.homepage.t-online.de/erunt/
     
    Pennywise, May 25, 2007
    #7
  8. penguin676

    pcbutts1 Guest

    pcbutts1, May 25, 2007
    #8
  9. penguin676

    Pennywise Guest

    Missed the Win98 at the very start of your post :)

    Not sure if autoruns works on your OS, Process Explorer will (with
    limitations) about the best you can use to find your problem manually
    available at the same link.
     
    Pennywise, May 25, 2007
    #9
  10. penguin676

    Leythos Guest

    Leythos, May 27, 2007
    #10
  11. penguin676

    Dustin Cook Guest

    Hi Piper, have you given BugHunter a shot at removing this Zlob variant
    you have?


    --
    Dustin Cook
    Author of BugHunter - MalWare Removal Tool - v2.2c
    email:
    web..: http://bughunter.it-mate.co.uk
    Pad..: http://bughunter.it-mate.co.uk/pad.xml
     
    Dustin Cook, May 28, 2007
    #11
  12. penguin676

    Dustin Cook Guest

    wrote in 4ax.com:
    BugHunter is excellent for Windows98; It creates a new wininit.ini file for
    those files that like to stay in memory and fight it's deletion routines.
    If BugHunter knows the variant, very good chance it can remove it for him.


    --
    Dustin Cook
    Author of BugHunter - MalWare Removal Tool - v2.2c
    email:
    web..: http://bughunter.it-mate.co.uk
    Pad..: http://bughunter.it-mate.co.uk/pad.xml
     
    Dustin Cook, May 28, 2007
    #12
  13. penguin676

    Dustin Cook Guest

    As this removeit is a stolen batch file, based on others work, and Zlob
    variants are close to 400,000 or so now, It's *highly* unlikely your batch
    file that relies on filenames and nothing else will do anything for him or
    anyone else.

    Not only are you a code thief Christopher, you have some messed up ideas
    about pornography as well.




    --
    Dustin Cook
    Author of BugHunter - MalWare Removal Tool - v2.2c
    email:
    web..: http://bughunter.it-mate.co.uk
    Pad..: http://bughunter.it-mate.co.uk/pad.xml
     
    Dustin Cook, May 28, 2007
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.