http://msmvps.com/blogs/hostsnews/archive/tags/Trojan.Zlob/default.aspxTags: Trojan.ZlobenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/hostsnews/archive/2007/09/24/1212284.aspxMon, 24 Sep 2007 06:40:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1212284winhelp20020http://msmvps.com/blogs/hostsnews/archive/2007/09/24/1212284.aspx#comments<p>Landing on &quot;<em>thesuperxxx(dot)com</em>&quot; the visitor is presented with a bogus &quot;<em>Message Box Object error</em>&quot;</p> <p><img style="WIDTH:471px;HEIGHT:412px;" height="412" src="http://mvps.org/winhelp2002/blog/thesuperxxx.gif" width="471" border="1" alt="" /></p> <p>Clicking any of the above buttons leads to prompts &quot;<em>You must install ... yada yada</em>&quot; to view the movie. There are 10 other sites involved in this latest Trojan.Zlob (Codec) infection. All these sites will be added to the next <a class="" href="http://www.mvps.org/winhelp2002/hosts.htm" target="_blank">HOSTS file</a> update.</p> <p><img src="http://mvps.org/winhelp2002/blog/thesuperxxx2.gif" alt="" /></p> <p>Running &quot;<em>VideoAccessCodecInstall.exe</em>&quot; thru VirusTotal, you can see it is not very well detected. <strong>12.5%</strong> </p> <p><img style="WIDTH:495px;HEIGHT:154px;" height="154" src="http://mvps.org/winhelp2002/blog/thesuperxxx3.gif" width="495" border="1" alt="" /></p> <p>These type infections are becoming so rampant that they are now the&nbsp;<strong>#1</strong> detection at &quot;<a class="" href="http://www.microsoft.com/security/portal/" target="_blank">Microsoft Malware Protection Center</a>&quot; and that&#39;s just the ones that Microsoft detects, which&nbsp;Microsoft usually&nbsp;does not detect very well&nbsp;...</p> <p><img src="http://mvps.org/winhelp2002/blog/thesuperxxx1.gif" alt="" /></p> <p>Did you know you can run the &quot;<a class="" href="http://www.microsoft.com/security/malwareremove/default.mspx" target="_blank">Malicious Software Removal Tool</a>&quot; (MSRT) anytime? Usually you only see the &quot;Quick Scan&quot; from Windows Update monthly, however you can get (mrt.exe) to run a &quot;<em>Extended Scan</em>&quot;. Simply locate &quot;<em>Windows\System32\MRT.exe</em>&quot;, right-click and select &gt; SendTo &gt; Desktop (create shortcut). Next right-click the new icon on your Desktop and select: Properties. From there you can change the &quot;Target&quot; to a desired option.</p> <p><strong>/Q</strong> or /quiet - Use quiet mode. This option suppresses the user interface of the tool. <br /><strong>/?</strong> - Display a dialog box that lists the command-line switches. <br /><strong>/N</strong> - Run in detect-only mode. In this mode, malicious software will be reported to the user but will not be removed. <br /><strong>/F</strong> - Force an extended scan of the computer. <br /><strong>/F:Y</strong> - Force an extended scan of the computer and automatically clean any infections found.</p> <p>An undocumented switch that I use ... if you have more than one hard drive (or partition) is to add the drive letter if you only want to scan one drive. Otherwise MSRT will scan all drives ... and it takes a while ... more info <a class="" href="http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B890830" target="_blank">here</a>.</p> <p><em><strong>C:\Windows\System32\MRT.exe /f D:</strong></em></p> <p>Where &quot;/f&quot; runs a extended scan and &quot;D:&quot; scan only drive D.&nbsp;The results are recorded here: &quot;<em>Windows\Debug\mrt.log</em>&quot;.<br />Folks this is not a replacement for your Antivirus, simply another (free) tool you can use if you suspect you are infected.</p> <p><strong>Note</strong>: I ran the above and it did <strong>NOT</strong> detect: &quot;<em>VideoAccessCodecInstall.exe</em>&quot; (noted above)</p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1212284" width="1" height="1">Trojan.Zlob