How to Remove Zlob DNS

The Zlob trojan, which goes by a host of other names such as Zlob DNS, is a type of software that is installed on your computer when you view an infected web page. After Zlob makes its way onto your machine, it installs a variety of spyware software that is potentially dangerous and may attempt to steal your personal information. The Zlob DNS trojan creates many different files and registry values that must all be deleted to ensure your computer is safe.

Instructions

Difficulty:

Step 1

Disconnect your computer's network cable to ensure the Zlob DNS trojan cannot download any additional files as you remove it. Unplug your router instead if you connect to the Internet through a wireless network.

Step 2

Hit the "Ctrl," "Alt" and "Delete" key combination and click the "Start Task Manager" option. Click the "regperf.exe" entry in the list of running processes.

Step 3

Select "End Process" to shut down the Zlob DNS process. Shut down the "ld100.tmp," "nvctrl.exe" and "msmsgs.exe" processes and close the Task Manager window.

Step 4

Navigate to "All Programs" and "Accessories" in the "Start" menu. Click the "Command Prompt" icon. Type "regsvr32 /u qdsba.dll" and hit "Enter."

Step 5

Close the command prompt window and access the "Search" box on the "Start" menu. Search for "qdsba.dll" and delete the file when it shows up in the Window search results.

Step 6

Search for the files named "ncompat.tlb," "msvol.tlb," "hp[X].tmp," "regperf.exe," "nvctrl.exe" and "msmsgs.exe." Delete the files. Search for and delete the folders named "RSA" and "Protect."

Step 7

Type "regedit" in the Search box and hit "Enter" to bring up the registry editor icon. Click the icon and select the "HKEY_LOCAL_MACHINE" folder in the registry editor.

Step 8

Open the "Software" folder and navigate through the "Microsoft," "Windows," "CurrentVersion," "Run" and "RegSvr32" folders. Locate the "msmsgs.exe" entry at the right end of the folder. Delete the entry.

Step 9

Back out of the "RegSvr32" and "Run" folder. Navigate through the "WinLogon" and "Shell" folders. Delete the "explorer.exe" entry.

Step 10

Navigate to the registry folder path "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler." Delete the "af73a174-ea1b-4f0b-b0b1-fe1486a6719c" entry and restart the computer to finish the Zlob DNS removal.

References

• 411 spyware: how to remove zlob trojan

Resources

• cnet download: download security center

Tips & Warnings

• You need to be logged into your operating system with an administrative account to access the command prompt or the registry editor. To keep your computer safe in the future you can block the known websites that carry the Zlob DNS trojan. To block a website in Internet Explorer, navigate to "Tools," "Internet Options" and "Content." Click "Enable" and navigate to the "Approved Content" tab. Type the website's address and click "Never" to block it. The addresses you should block for the Zlob DNS trojan are "zxserv0.com," "Vnp7s.net," "Flwplayer.com," "Swfcompressor.com" and "Wmadirection.com."
• You need to be logged into your operating system with an administrative account to access the command prompt or the registry editor.
• To keep your computer safe in the future you can block the known websites that carry the Zlob DNS trojan. To block a website in Internet Explorer, navigate to "Tools," "Internet Options" and "Content." Click "Enable" and navigate to the "Approved Content" tab. Type the website's address and click "Never" to block it. The addresses you should block for the Zlob DNS trojan are "zxserv0.com," "Vnp7s.net," "Flwplayer.com," "Swfcompressor.com" and "Wmadirection.com."
• Zlob DNS downloads and installs other harmful programs. In addition to manually removing the trojan you may also want to install and run anti-virus and anti-spyware tools to ensure your computer doesn't have any other malicious software.