Yesterday while i was surfing in the internet,my pc started freezing very badly at times and i couldn’t do anything…the mouse was moving as normally but i couldn’t close or run any application…so restart was needed…today…after returning from school i opened my pc and “the freezing” started again and i noticed that firefox.exe was running while i haven’t opened it and it didn’t use to run in startup…so i did a scan with spybot and nothing was found…then i decided to do an online scan with bitdefender online scanner v8 and it found 2trojans(zlob BU and another variant of zlob that i don’t remember)and deleted them…but avast found nothing…neither the standard nor the web shield prompt me for anything and the settings are set to high…i checked the virus database and at least the zlob BU was known to avast…i didnt try a scan with avast but it is supposed that the shields can find the viruses when they try to be installed or downloaded…y avast missed the detection of these 2trojans while my protection settings are high and the virus database was fully updated with these trojans?i’m still with avast and i’m not gonna switch it but i’m curious y that happened…
New Zlobs emerge every hour or so. Some AV’s are quicker at adding them than others, but I’ve seen new Zlobs missed by all the scanners (except one which said ‘suspicious’- Fortinet, I think.)
Here’s one from yesterday:
Antivirus Version Update Result
AntiVir 7.2.0.46 11.27.2006 HEUR/Malware
Authentium 4.93.8 11.24.2006 no virus found
Avast 4.7.892.0 11.27.2006 no virus found
AVG 386 11.27.2006 no virus found
BitDefender 7.2 11.27.2006 Trojan.Downloader.Zlob.RQ
CAT-QuickHeal 8.00 11.27.2006 no virus found
ClamAV devel-20060426 11.27.2006 no virus found
DrWeb 4.33 11.27.2006 Trojan.DnsChange
eSafe 7.0.14.0 11.27.2006 no virus found
eTrust-InoculateIT 23.73.68 11.27.2006 no virus found
eTrust-Vet 30.3.3217 11.27.2006 no virus found
Ewido 4.0 11.27.2006 no virus found
Fortinet 2.82.0.0 11.27.2006 no virus found
F-Prot 3.16f 11.24.2006 no virus found
F-Prot4 4.2.1.29 11.24.2006 no virus found
Ikarus 0.2.65.0 11.27.2006 no virus found
Kaspersky 4.0.2.24 11.27.2006 Trojan.Win32.DNSChanger.gi
McAfee 4905 11.27.2006 no virus found
Microsoft 1.1804 11.27.2006 no virus found
NOD32v2 1885 11.27.2006 Win32/TrojanDownloader.Zlob
Norman 5.80.02 11.27.2006 no virus found
Panda 9.0.0.4 11.27.2006 no virus found
Prevx1 V2 11.27.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.124 11.27.2006 no virus found
UNA 1.83 11.24.2006 no virus found
VBA32 3.11.1 11.27.2006 no virus found
VirusBuster 4.3.15:9 11.27.2006 no virus found
These Zlobs usually originate on a site offering a free codec that it is claimed will allow you to watch a video: if you do install the codec, you actually end up with a lot of spyware.
The Sunbelt blog has screenshots of the latest scam sites:
http://sunbeltblog.blogspot.com/2006/11/silver-gold-but-youre-not-getting.html
http://sunbeltblog.blogspot.com/2006/11/some-fun-new-codecs.html
http://sunbeltblog.blogspot.com/2006/11/gallery-of-rogues.html
http://sunbeltblog.blogspot.com/2006/11/supercodec-latest-fake-codec.html
http://sunbeltblog.blogspot.com/2006/11/perfect-codec-brand-new-fake-codec.html
http://sunbeltblog.blogspot.com/2006/10/some-more-fake-codec-sites-for-ya.html
http://sunbeltblog.blogspot.com/2006/09/new-fake-codec-site-winmediacodec_22.html
http://sunbeltblog.blogspot.com/2006/09/another-fake-codec-site_20.html
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-another-fake-codec.html
http://sunbeltblog.blogspot.com/2006/09/another-fake-codec-site.html
And so on…
If an AV has detected Zlob, run SmitFraudFix to remove the associated spyware: usually scam AV/anti-spyware programs:
i know that the zlob family creates new variants every day so i didn’t dissapointed…propably the exe that infect my pc is nod32.exe(i downloaded it yesterday from torrentspy) coz when i opened it…it seemed that nothing happened and then the exe file dissappeared…after that comodo kept asking me if i want to allow firefox to access internet with parent path nod32exe and comodo had a description that nod32.exe is a typical virus,trojan or spyware and when i found it in the windows folder,it couldn’t be deleted and i had to remove it by running windows in safe mode…i sent a copy of that file to alwil though…now everything is fine…
Well I guess that proves a good third-party firewall can be a valuable extra layer of security, and that not all users are “unable to make intelligent security decisions based on the information presented” as Microsoft’s security strategist claimed. :
Well done to Comodo too for proving Jesper wrong:
Presenting information that does allow them to make intelligent decisions is much harder than it sounds because it would require the firewall to not just understand ports, protocols, and the application that is making the request, but also to understand what it is the request really is trying to do and what that means to the user.
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx
But I hope you learnt your lesson and in future will refrain from clicking on exe files download from dodgy sources. 
But I hope you learnt your lesson and in future will refrain from clicking on exe files download from dodgy sources. ;)lol i knew that this file was suspicious but it was next to the original nod32 installer so i ran it to see its use..and i found it :P everyting else from the rar file i've downloaded is ok(i downloaded nod32 2,7 with nod32fix nsane 2.1) these files works fine..the only harmful file was nod32.exe..i won't be so curious next time..the gd is that when i saw the message from comodo asking me for firefox to access the internet,i blocked the application nod32.exe and i didn't let firefox to have access to the internet so the trojan didn't donwload any "brothers" of its family(i did a boot system scan and a trend micro house call and found nothing)..i managed this operation well(i have got infected with other zlob variants 3times so it was a piece of cake for me) ;) thnx for ur time and assistance though :D