Security Toolbar 7.1 virus

Has anyone been infected with this virus?
Security Toolbar 7.1 virus

It sits on top of your internet browser. It’s apparently a very nasty one.
My AVAST anti-virus wasn’t able to see it or remove it.
I have read on the internet that you can’t get rid of this one. Even if you remove the virus
it still sits somewhere in the core of your OS.

This virus can do the following:

“Security Toolbar 7.1 is a dangerous spyware toolbar and it comes from a very dangerous trojan, called Trojan.Zlob. Once the Security Toolbar 7.1 installed, you start receiving warning messages claming that your system is infected and recommends buying various type of fake & dangerous antispyware application.”

Once your computer is infected, there is no way to make sure that it is 100% cleaned other then reinstalling the entire OS. There are rootkits that are installed and operate BELOW the OS. Read Microsoft’s website on it, you must completely reinstall your OS if you want a 100% clean system.

Is Avast aware of this virus??

Frank

are you able to submit the infected files to Avast for analysis?

virus@avast.com

place the infected files in a compressed folder which is passworded and submit them to the above address with the password in the main body of the e-mail

Hello,

I wish it was that easy. Because Avast didn’t find it, I don’t know where it is.
Plus, I have read it goes pretty deep into the os.

I did report the information to virus@avast.com yesterday but I haven’t received a response.

there are lots of versions of the Zlob infection
the one YOU have may be known or unknown
I’d suggest that you update avast and then rt click on the ball and schedule a boot time scan
send any hits to the Chest- do not delete/remove
report back
The C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt providers a more user friendly summary of the boot-time scan and it should list any detections.
post it back here

upload results to virus total and avast again

from David R
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

if not a false positive or for further investigation

run a scan with Malware Bytes Anti Malware
any hits?
post the MBAM log in the Virus and Worms Forum here at Avast
with a link to your virus total results if any
and a link to this thread

do not panic or hose your OS just yet
good luck

frankb,

SecurityToolbar can modify Internet Explorer homepage to a site that promotes rogue security programs. It can also download and install Rogue Security Software onto the infected computer.
Threat Level: Low
Type: Adware
Systems Affected: Windows All

There is a description here http://www.precisesecurity.com/adware-spy/sectb71.htm on how to remove Security toolbas 7.1 which looks worth a try. You will need to download and install a copy of the free version of SuperAntiSpyware. There is a link to this in the instructions.
Hope this helps

frankb

no reason you can’t do both posters suggestions
just quarantine do not remove/delete
in the end you do want to post a hjt in the virus and worms forum just to make sure additional baddies did come along for the party

keep in touch