What is Zlob.Fam Trojan

The Zlob Trojan, also known as Trojan.Zlob, is a trojan horse which masquerades as a needed video codec in the form of ActiveX. It was first detected in late 2005. However, it wasn’t until mid-2006 that it started gaining attention. Once installed, it displays popup ads with appearance similar to real Microsoft Windows warning popups, informing the user that their computer is infected with spyware. Clicking these popups trigger the download of a fake anti-spyware program (such as Virus Heat) in which the trojan horse is hidden.

According to F-Secure, a computer security firm, they have discovered 32 variants of this trojan. Some variants of the Zlob family, like the so-called DNSChanger, adds rogue DNS name servers to the Registry of Windows-based computers and network settings of Macintosh computers  and therefore could potentially re-route traffic from legitimate web sites to other suspicious web sites.

The trojan has also been linked to downloading atnvrsinstall.exe which uses the Windows Security shield icon to look as if it is an Anti Virus installation file from Microsoft. Having this file initiated can wreak havoc on computers and networks. One symptom is random computer shutdowns or reboots with random comments. This is cause by the programs using Scheduled Tasks to run a file called “zlberfker.exe”.

Technical Details of Zlob.Fam

  • Full name: Zlob.Fam, Zlob.Fam
  • Date Appeared:
  • Characteristic: Trojan Horse
  • URL:

Do I need to remove Zlob.Fam

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > >Download< < <

Free Scanner for Zlob.Fam

.

How to Uninstall Zlob.Fam scam

remove-registry-doctor-2008

The best way for the removal of Zlob.Fam is to install a good quality Anti-spyware Program and scan your system for any Zlob.Fam infections.

Automatic removal of Zlob.Fam is always good and complete as compared to any attempts to manually remove Zlob.Fam, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Zlob.Fam.

Instructions to get rid of Zlob.Fam

If you really want to remove the Zlob.Fam infection on your system manually then proceed as follows.

Step 1: Kill the Zlob.Fam ProcessesLearn how to do that

Step 2: Remove Zlob.Fam files, folders and all associated Zlob.Fam DLL files: Learn how to do that

[%WINDOWS%]\Tasks\At1.job
[%WINDOWS%]\Tasks\At2.job
[%FAVORITES%]\Antivirus Scan.url
[%PROGRAM_FILES%]\Applications\iebtm.exe
[%PROGRAM_FILES%]\Applications\wcs.exe
[%PROGRAM_FILES%]\Applications\iebr.dll
[%PROGRAM_FILES%]\Applications\myd.ico
[%PROGRAM_FILES%]\Applications\mym.ico
[%PROGRAM_FILES%]\Applications\myp.ico
[%PROGRAM_FILES%]\Applications\myv.ico
[%PROGRAM_FILES%]\Applications\ot.ico
[%PROGRAM_FILES%]\Applications\ts.ico
[%PROGRAM_FILES%]\Applications\wcu.exe
[%PROGRAM_FILES%]\Applications\iebtmm.exe
[%PROGRAM_FILES%]\Applications\iebtu.exe
[%PROGRAM_FILES%]\Applications\iebu.exe
[%PROGRAM_FILES%]\Applications\wcm.exe
[%SYSTEM%]\ubpr01.exe
[%COMMON_STARTMENU%]\Antivirus Scan.url
[%COMMON_STARTMENU%]\Online Spyware Test.url
[%COMMON_DESKTOPDIRECTORY%]\Antivirus Scan.url
[%COMMON_DESKTOPDIRECTORY%]\Online Spyware Test.url
[%SYSTEM%]\sex1.ico
[%SYSTEM%]\sex2.ico
[%DESKTOP%]\MS Antivirus.lnk
[%PROGRAM_FILES%]\serial.zip
[%DESKTOP%]\Error Cleaner.url
[%DESKTOP%]\Privacy Protector.url
[%DESKTOP%]\Spyware&Malware Protection.url
[%SYSTEM%]\ot.ico
[%SYSTEM%]\zlbw.dll
[%WINDOWS%]\loader.exe
[%WINDOWS%]\Tasks\At10.job
[%WINDOWS%]\Tasks\At11.job
[%WINDOWS%]\Tasks\At12.job
[%WINDOWS%]\Tasks\At13.job
[%WINDOWS%]\Tasks\At14.job
[%WINDOWS%]\Tasks\At15.job
[%WINDOWS%]\Tasks\At16.job
[%WINDOWS%]\Tasks\At17.job
[%WINDOWS%]\Tasks\At18.job
[%WINDOWS%]\Tasks\At19.job
[%WINDOWS%]\Tasks\At20.job
[%WINDOWS%]\Tasks\At21.job
[%WINDOWS%]\Tasks\At22.job
[%WINDOWS%]\Tasks\At23.job
[%WINDOWS%]\Tasks\At24.job
[%WINDOWS%]\Tasks\At25.job
[%WINDOWS%]\Tasks\At26.job
[%WINDOWS%]\Tasks\At27.job
[%WINDOWS%]\Tasks\At28.job
[%WINDOWS%]\Tasks\At29.job
[%WINDOWS%]\Tasks\At3.job
[%WINDOWS%]\Tasks\At30.job
[%WINDOWS%]\Tasks\At31.job
[%WINDOWS%]\Tasks\At32.job
[%WINDOWS%]\Tasks\At33.job
[%WINDOWS%]\Tasks\At34.job
[%WINDOWS%]\Tasks\At35.job
[%WINDOWS%]\Tasks\At36.job
[%WINDOWS%]\Tasks\At37.job
[%WINDOWS%]\Tasks\At38.job
[%WINDOWS%]\Tasks\At39.job
[%WINDOWS%]\Tasks\At4.job
[%WINDOWS%]\Tasks\At40.job
[%WINDOWS%]\Tasks\At41.job
[%WINDOWS%]\Tasks\At42.job
[%WINDOWS%]\Tasks\At43.job
[%WINDOWS%]\Tasks\At44.job
[%WINDOWS%]\Tasks\At45.job
[%WINDOWS%]\Tasks\At46.job
[%WINDOWS%]\Tasks\At47.job
[%WINDOWS%]\Tasks\At48.job
[%WINDOWS%]\Tasks\At49.job
[%WINDOWS%]\Tasks\At5.job
[%WINDOWS%]\Tasks\At50.job
[%WINDOWS%]\Tasks\At51.job
[%WINDOWS%]\Tasks\At52.job
[%WINDOWS%]\Tasks\At53.job
[%WINDOWS%]\Tasks\At54.job
[%WINDOWS%]\Tasks\At55.job
[%WINDOWS%]\Tasks\At56.job
[%WINDOWS%]\Tasks\At57.job
[%WINDOWS%]\Tasks\At58.job
[%WINDOWS%]\Tasks\At59.job
[%WINDOWS%]\Tasks\At6.job
[%WINDOWS%]\Tasks\At60.job
[%WINDOWS%]\Tasks\At61.job
[%WINDOWS%]\Tasks\At62.job
[%WINDOWS%]\Tasks\At63.job
[%WINDOWS%]\Tasks\At64.job
[%WINDOWS%]\Tasks\At65.job
[%WINDOWS%]\Tasks\At66.job
[%WINDOWS%]\Tasks\At67.job
[%WINDOWS%]\Tasks\At68.job
[%WINDOWS%]\Tasks\At69.job
[%WINDOWS%]\Tasks\At7.job
[%WINDOWS%]\Tasks\At70.job
[%WINDOWS%]\Tasks\At71.job
[%WINDOWS%]\Tasks\At72.job

[%SYSTEM%]\1024
[%PROGRAM_FILES%]\PCHealthCenter
[%PROGRAM_FILES%]\IntCodec
[%SYSTEM_DRIVE%]\uniq
[%SYSTEM_DRIVE%]\exit
[%PROGRAM_FILES%]\Helper
[%PROGRAM_FILES%]\SpyKiller
[%WINDOWS%]\secure32.html
[%PROGRAM_FILES%]\ZipCodec
[%PROGRAM_FILES%]\Media-Codec
[%SYSTEM%]\wppp.html
[%PROGRAM_FILES%]\bravesentry
[%PROGRAM_FILES%]\Video Access ActiveX Object
[%PROGRAM_FILES%]\Common Files\VCClient
[%PROGRAM_FILES%]\spysheriff
[%PROGRAM_FILES%]\eMedia Codec
[%SYSTEM_DRIVE%]\secure32.html
[%WINDOWS%]\inet20004
[%WINDOWS%]\warnhp.html
[%WINDOWS%]\inet20002
[%WINDOWS%]\web\desktop.html
[%SYSTEM%]\System
[%WINDOWS%]\local.html
[%PROGRAM_FILES%]\secure32.html
[%SYSTEM%]\msmapi32.exe.MANIFEST
[%WINDOWS%]\inet20019
[%WINDOWS%]\inet20066
[%PROGRAM_FILES%]\AdwareDelete
[%SYSTEM_DRIVE%]\spywarevanisher-free
[%PROGRAM_FILES_COMMON%]\VCClient
[%PROGRAM_FILES%]\SpywareQuake
[%WINDOWS%]\screen.html
[%PROGRAM_FILES%]\Internet
[%SYSTEM%]\security
[%DESKTOP%]\ERROR
C:\secure32.html
[%PROGRAMS%]\Malware-Wipe
[%PROGRAMS%]\SpyHeal
[%PROGRAM_FILES%]\malwarewipe
[%PROGRAM_FILES%]\PornMag Pass
[%PROGRAM_FILES%]\SpyAxe
[%PROGRAM_FILES%]\SpyFalcon
[%PROGRAM_FILES%]\SpyGuard
[%PROGRAM_FILES%]\SpyHeal
[%PROGRAM_FILES%]\SpyQuake2.com
[%PROGRAM_FILES%]\SpywareQuake.com
[%PROGRAM_FILES%]\Trust Cleaner
[%SYSTEM%]\1025
[%WINDOWS%]\inet20003
[%WINDOWS%]\inet20126

Step 3: Uninstall Zlob.Fam registry entries: Learn how to do that

HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302}
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
HKEY_CLASSES_ROOT\InetLoader.WeeklyExecuter
HKEY_CLASSES_ROOT\InetLoader.WeeklyExecuter.1
HKEY_CURRENT_USER\Software\TrustIn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}
HKEY_CLASSES_ROOT\e405.e405mgr.1
HKEY_CLASSES_ROOT\e405.e405mgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098716A9-0310-4CBE-BD64-B790A9761158}
HKEY_CLASSES_ROOT\CLSID\{098716A9-0310-4CBE-BD64-B790A9761158}
HKEY_CLASSES_ROOT\multimediaControls.chl
HKEY_CLASSES_ROOT\videoPl.chl
HKEY_CLASSES_ROOT\VideoAXObject.Chl
HKEY_CLASSES_ROOT\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_CLASSES_ROOT\E404.e404mgr
HKEY_CLASSES_ROOT\E404.e404mgr.1
HKEY_CLASSES_ROOT\Media-Codec.Chl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A1DDC19-5893-43AB-A73F-F41A0F34D115}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99ba268b-4021-4739-9945-3c774217fe75}
HKEY_CLASSES_ROOT\videoaccessactivex.Chl
HKEY_CLASSES_ROOT\CLSID\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Toolbar
HKEY_CLASSES_ROOT\AlxTB.BHO
HKEY_CLASSES_ROOT\PopMenu.Menu
HKEY_CLASSES_ROOT\Popup.PopupKiller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58472bc6-bea3-42d4-8917-7a8bcb0711b5}
HKEY_CLASSES_ROOT\CLSID\{58472bc6-bea3-42d4-8917-7a8bcb0711b5}
HKEY_CLASSES_ROOT\MezziaCodec.Chl
HKEY_CLASSES_ROOT\popup.htmlevent.
HKEY_CLASSES_ROOT\url_relpacer.URLResolver
HKEY_CURRENT_USER\Software\ADV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IPCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{686a161d-5bd1-4999-8832-6393f41e564c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bridge
HKEY_LOCAL_MACHINE\SOFTWARE\Software\TPS108
HKEY_CLASSES_ROOT\winapi32.mybho
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Minimal\tdidrv32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdidrv32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdidrv32.sys
HKEY_CLASSES_ROOT\CLSID\{686a161d-5bd1-4999-8832-6393f41e564c}
HKEY_CLASSES_ROOT\CLSID\{6ab7158b-4bff-4160-ad7d-4d622df548cf}
HKEY_CLASSES_ROOT\EMediaCodec.Chl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{686a161d-5bd1-4999-8832-6393f41e564c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AB7158B-4BFF-4160-AD7D-4D622DF548CF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d46beaa4-a304-40b3-a9da-ec7f7f501f25}
HKEY_CLASSES_ROOT\CLSID\{d46beaa4-a304-40b3-a9da-ec7f7f501f25}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88}
HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88}
HKEY_CLASSES_ROOT\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383}
HKEY_CLASSES_ROOT\CLSID\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6860a44b-5d3e-433d-a7b5-d517f810d0e7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Expl