Zlob-AS varient?

Hi all,

I am new to this forum and new to avast! I appear to have a trojan on my system that avast appears to ignore. I have had a few infections lately including psguard, spyaxe, unspy and smitfraud.c to name a few, not sure how they keep returning. I have run a full scan with avast!, Spybot S&D, Ad-Ware SE and Ewido. Ewido picked up the following file msvol.tlb as having the Downloader.Zlob.dr trojan. A few days earlier avast! found Win32:Zlob-AS[Trj] in nvctrl.exe and I have that currently in my virus chest. I’m wondering if what Ewido has found is a varient of Win32:Zlob-AS[Trj]? As avast! can not find it and I currently have this file in my Windows\system32 folder I am wondering if they would like me to e-mail it to them, if so how and where?

Thanks for any help.

Hello Kail,

Welcome to this forum.
Yes you could upload it to Jotti.de and it will eventually land at Avast. This downloader trojan was responsible for various spyware on your machine, spyaxe came through it. It is the vector for the other nasties that came onto your comp.
Read all about it here:
http://vic.zonelabs.com/body/CA/virusDetails.jsp?VId=43272
Keep your machine safer with a good software firewall.

greets,

polonus

Thanks for the quick response,

When you say jotti.de I assume you mean http://virusscan.jotti.org/ I uploaded the file a short while ago, so hopefully that will help. It came back with various names but said avast! found nothing, but I already knew avast! did not know it. I have added it to the user files area of my virus chest. Ewido seems to think it can remove it so I’ll let it have a go.

I use Zonealarm version 6.1.737.000 as my firewall this blocked a lot of outbound traffic when I had as many as 5+ infections the other week.

Thanks again.

By checking it at Jotti, any AVs that don’t detect it get feedback from Jotti so this should help add the virus signature to avast’s VPS.

It won’t hurt to send it to avast, send it to virus @ avast.com (without the spaces) in a zipped password protected file (virus will do) with the password in the body text. A brief description of the problem, a link to this thread should cover it.

You can manually add this to the virus chest if you wish ‘File, Add’ from the User Files section of the chest.

OK I’ve e-mail it to them. Now I’m going to delete it if I can.

If you add it to the chest as I mentioned above (it is safe there) and you can periodically check and see if the virus signature has been added to the avast VPS file.

You will need to disable system restore and reboot first as windows will save a copy of the deleted file in the system volume information folder. If you use system restore some time in the future you could be reinfecting yourself.