- Zlob is a "trojan horse" or "malware" which is brought into a computer by various means that will eventually allow unauthorized access to the victim's machine, allowing a hacker to save their files on the user's computer or watch the host's screen and control his computer. A trojan is not considered a computer virus since it by itself does not cause the damage, but could contain within it a method to download a virus that will do serious damage. For this reason, trojans can many times fools security software by appearing to be a legitimate program that performs a needed function but actually performs undisclosed malicious acts.
- The Zlob Trojan masquerades as a needed video codec in the form of ActiveX. Once in the computer, it displays popup ads that the user mistakes for a legitimate Microsoft Windows warning. It tells the user that the computer is infected with spyware. If a user clicks on the popups, a fake anti-spyware program containing the actual trojan program begins downloading. The Zlob is reported to have several effects on the host's computer from modifying data, deleting files, stealing information such as banking and credit card information, causing malware, downloading malicious code from the Internet and installing itself into the registry. There are reports that Zlob can be downloaded via popular messaging sites including Yahoo!, Windows Live and AOL, as well as certain games including Call to Arms, WarCraft and World of Warcraft.
- Removing the Zlob from your computer is similar to removing other trojans. These types of programs do not infect files, only the computer. Most basic spyware and security programs will identify and remove the Zlob. If left in the computer, the Zlob may change your registry or startup files so that it will be undetected and only become activated once you start your computer again.
-
A current antivirus and trojan removal tool are the best insurance in removing and preventing future attacks. Be sure your security programs will delete Zlob processes, DLL files, registry keys and other possible Zlob files. It is a good idea to manually remove it by going to Add/Remove Programs and searching for nvctrl.exe and msmsgs.exe. The registry values to delete are:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
Be sure to delete: dumpserv.com, nvctrl.exe, msvol.tlb, zxserv0.com, msmsgs.exe, hp[X].tmp, ncompat.tlb, RSA, Protect and vnp7s.net, - Variants can be created at any time and are added to most commercial anti-virus products. Check your local computer or electronic store for optimal spyware and malware protection. Windows offers Window Defender for free. There are many good reviews for products such as Norton, Cyber Defender and Bit Defender.
