What is Zlob?
Zlob is the common name for the Zlob Trojan, also known as Trojan.Zlob. Zlob is a trojan style virus that is usually installed under the guise of a required ActiveX codec necessary to watch downloaded movies. Although it was first detected by malware protection firms in 2005, it did not gain publicity until 2006 when more and more people began to become infected by the trojan. Many sources currently believe that the Zlob trojan originated in Russia.
There are currently thirty two variants of the Zlob trojan, according to researchers at F-Secure. They range from highly malicious trojans which can redirect regular network traffic to Zlob owned servers, allowing a hacker to gain control of the information, user names, and passwords sent to websites to spam sites and popups designed to annoy users.
How does Zlob work?
The Zlob trojan actually has a fairly unique way of manifesting itself. Like all Windows viruses, the Zlob trojan needs to be downloaded and installed in order to take effect. Also, it uses social engineering in a unique way to get people to click on the required links to download itself to a person’s computer.
It was commonly found on malicious porn sites, where unknowing visitors would download the ActiveX codec which was “required” to display the movies on the site. The codec was actually the first stage of the Zlob trojan in disguise.
Once the trojan is installed, it will begin to display message boxes that are similar in appearance to the standard Window’s error message. These messages will tell the user that he needs to install an anti-spyware program, which he can get from the linked website. Upon downloading the “anti-spyware program”, the second stage of the Zlob trojan will be installed and activated.
The trojan will, once activated, be able to steal a variety of information from your computer. It may reroute your internet traffic to Zlob owned servers to harvest credit card information, or it may download other harmful code from the internet in an attempt to help other viruses spread. Variants have also been known to delete random files from users’ computers.
How can Zlob be removed?
There is no set way to remove the Zlob trojan, and it should be taken out of your computer the same way you would remove any other virus, trojan, or other malware. All of the modern anti-virus programs should be able to easily detect and remove the Zlob trojan without too much effort.
If you want to remove the virus yourself, there are a few steps that you must perform. First, boot into safe mode so that you can turn off the virus related programs before you attempt to remove them. Once in safe mode, you should look for the following applications: msmsgs.exe and nvctrl.exe.