BITDC4D.tmp

Everytime I boot the file is back, I’ve tried scanning in safe mode, running Spybot search and destroy enc. I’m using Avast Home edition, fully updated.

I’m runng Windows Vista Ultimate Fully updated too. Any idea how to get rid of this annoying thing ? It says it discovered traces of Win32:Zlober. I’ve tried googling the Name of this trace and all I find is:

http://www.google.co.za/search?hl=en&q=Win32%3AZlober&btnG=Google+Search&meta=

This doesn’t really help as I don’t speak french, nor does it have any removal tools. If anybody can give me a solution I’d be eternally grateful.

PS - If this is in the wrong section please move it mods.

Try this it works very well on Vista

Download and then run SuperAntispyware

[*]On the first page select Check for Updates
[*]On completion select SCAN YOUR COMPUTER
[*]On the next page select COMPLETE SCAN and tick ALL your drives
[*]The next stage will take a while as your entire drive(s), memory and registry are scanned
[*]When it has completed click NEXT
[*]The next screen shows the problems found click OK
[*]On the next screen place a tick against all items and select NEXT
[*]Now to get the log Go to the PREFERENCES button on the right bottom
[*]Select the STATISTICS/LOG tab
[*]Highlight the scan just completed and click VIEW LOG
[*]This will open a notepad text file copy and paste this to your next reply

Win32:Zlober is a dropper of Zlob virus… you can find enough of informations for it… anyway, i can suggest you to run HJT and post the results here… someone should help you then

Hi - I did what you said Essex Boy - it’s still there. Will post result in moment.

OK - no Virus found by the software. Only Avast picks up something. Any idea’s!

Which software?
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

i don’t know the detection rates of Zlob within SAS engine… maybe you’d do better when you send the file to www.virustotal.com

SuperAntispyware was the software I used to check the file as per essexboy’s instruction.

I uploaded the file now: Results of VirusTotal

File BITDC4D.tmp received on 11.27.2007 16:44:09 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED
Result: 3/32 (9.38%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.28.0 2007.11.27 -
AntiVir 7.6.0.34 2007.11.27 -
Authentium 4.93.8 2007.11.24 -
Avast 4.7.1074.0 2007.11.27 Win32:Zlober
AVG 7.5.0.503 2007.11.27 -
BitDefender 7.2 2007.11.27 -
CAT-QuickHeal 9.00 2007.11.27 Win32.AdWare.Boran.ah
ClamAV 0.91.2 2007.11.27 -
DrWeb 4.44.0.09170 2007.11.27 -
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5332 2007.11.27 -
Ewido 4.0 2007.11.26 -
FileAdvisor 1 2007.11.27 -
Fortinet 3.14.0.0 2007.11.27 -
F-Prot 4.4.2.54 2007.11.27 -
F-Secure 6.70.13030.0 2007.11.27 -
Ikarus T3.1.1.12 2007.11.27 -
Kaspersky 7.0.0.125 2007.11.27 -
McAfee 5171 2007.11.26 -
Microsoft 1.3007 2007.11.27 -
NOD32v2 2688 2007.11.27 -
Norman 5.80.02 2007.11.27 Agent.CTJR
Panda 9.0.0.4 2007.11.26 -
Prevx1 V2 2007.11.27 -
Rising 20.20.12.00 2007.11.27 -
Sophos 4.23.0 2007.11.27 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.27 -
TheHacker 6.2.9.142 2007.11.26 -
VBA32 3.12.2.5 2007.11.27 -
VirusBuster 4.3.26:9 2007.11.26 -
Webwasher-Gateway 6.0.1 2007.11.27 -

ook… send the file, pls… (Tech said already how to do it)

i’ve seen the file and i can tell you, that the file is corrupted (but related to NSIS)… i’m able to fix the detection, but i’m curious where did you get this file… are you using some NullSoft products on your PC?

No idea where I get it - Isn’t nulsoft from Winamp ?

Anyways - I did the Avast Program update a few minutes ago, restarted - scanned that folder and now it seems fine - would they have added the file to the database for the update ?

If so - damn good show from the lads at Avast, prompt fixing of my problem and all.

i don’t know if winamp generates corrupted nullsoft installers in some temp files :-\

I spoke to soon - It still picks up the “virus” file, but only when scanning passively in the back ground. Sigh

I’ve disabled the realtime scanner for now - is it actually a virus though ?

It’s not a good thing.
Use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…

You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.

it’s not a virus… it’s a corrupted file… i will fix the detection tomorrow…

Thanks Max & Tech - I didn’t even know about the Exclude. I’l do it now.

i’ve fixed the detection yet… it will come out at friday… btw: do you have some software from Aumha installed? i don’t know if this problem is related also to another one post in forums…

No I don’t have anything from them installed - sorry I can’t be more of a help.

oki… i was just curious

;D