Hello,

I am a new member from Belgium. Sorry if I make some mistake in English.

Yesterday Avast 4.7 found the trojan win32:Zlob-JN

Here is the quarantine content :

ID du fichier : 0000000001 Original name of the file : C:\WINDOWS\system32\kernel32.dll Category of the file : 0
ID du fichier : 0000000002 Original name of the file : C:\WINDOWS\system32\winsock.dll Category of the file : 0
ID du fichier : 0000000003 Original name of the file : C:\WINDOWS\system32\wsock32.dll Category of the file : 0
ID du fichier : 0000000004 Original name of the file : C:\WINDOWS\system32\kernel32.dll Category of the file : 0
ID du fichier : 0000000005 Original name of the file : C:\WINDOWS\system32\kernel32.dll Category of the file : 0
ID du fichier : 0000000006 Original name of the file : C:\System Volume Information_restore{0936F1FE-4013-4397-ABA7-09C80490601B}\RP125\S0012327.Acl Category of the file : 1

How can I clean my PC without doing anything wrong ?

If you have some question please do not hesitate to contact me.

I hope somebody would like to help me.

Some info : Windows XP - Mozilla Firefox - Thunderdirb

Thanks in advance

Hi attitudezen,

The system files look like the back-ups avast! makes in case the original becomes infected. If they are indeed in that section of the chest, you don’t need to worry about them.

To clean System Restore (System Volume Information_restore):

Create a clean restore point then delete all previous infected restore points

As a double-check, you could run an anti-spyware program like Spybot Search & Destroy.

FreewheelinFrank

Thanks for your quick answer and for the links.

I will read this carefully and will perhaps (… certainly …) come back if I have a question or a doubt

PS : I like your signature “DONT’ PANIC” because it is not easy to understand all these things

See you soon
8)

No worries.

You can see a screen shot of the system files in the Chest here, courtesy of DavidR:

http://forum.avast.com/index.php?topic=29193.msg239586#msg239586

Thanks a lot for your prompt reply again

NB : your website interests me very much : do you have a newsletter ?

Thanks. No. Once in a while I have a look at my bookmarks and note any security news that has caught my attention in the ‘blog’, but to be honest, I only ever get the odd hit. I could write the newsletter by hand! :

JE SUIS AUSSI INFECTE PAR UN WIN32:ZLOB QUE FAIRE ET JE NE COMPREMD PAS L’ANGLAIS MERCI DE ME REPONDRE

Hi MARCLEJEUNE,

For Zlob infections, run these tools:

http://siri.geekstogo.com/SmitfraudFix_Fr.php

http://www.malwarebytes.org/rogueremover.php

And these scanners:

http://www.safer-networking.org/fr/index.html

http://www.ewido.net/en/download/

Just the police of the forum: avoid caps, you’re not yelling.
Also, it should be an English-only forum…
Could you please, go to an automated translation service, copy & paste your text and get, at least, an automated translation of your writings?
Thanks.

http://world.altavista.com/
http://dictionary.reference.com/translate/text.html
http://www.freetranslation.com/
http://www.worldlingo.com/en/products_services/worldlingo_translator.html
http://translation2.paralink.com/

Welcome to avast forums! 8)

HELLO AFTER A SCAN AVAST DECOUVER A VIRUS HAS
SIGN OF" JS: FEEBS FAMILY" HAS BEEN FOUND IN" HTT….
AND I CANNOT WHAT MAKE THANK YOU ANSWER

Please, write the full name and path of the virus…
Did you run avast at boot time?

Please, avoid CAPS… you’re not yelling.

@ MARCLEJEUNE
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. You may need to expand the column headings to see all the text, see image 1 and post the complete text ?

I suspect that this was a detection by the Web Shield as the SIGN OF" JS: FEEBS FAMILY" HAS BEEN FOUND IN" HTT…. would seem to be starting to indicate a web address HTT(P://www., etc.) would be my guess.

If so the alert will have only given one option to Abort the Connection, so nothing will have been downloaded to your computer the infection is on a web site.

If not and it is on your system what action did you choose when avast detected it, see image 2 ?