Zlob and Virtumonde to me seem creations of one and same team of cyber criminals. I call them “kings of trojans” on the web. Both threats seem to be prone to standard PC security normally found on OEM computers and laptops. With enterprise networks, it might be easier to defeat these trojans thanks to hardware protection, but in home conditions
they easily break common antivirus suites.

[…] Still, they are not perfect. There are ways around CAPTCHA’s – you can use different session hijacking tricks, you can use cutting edge OCR algorithms to break them, or you can simply harness the collective stupidity of MySpace users to solve them for you. […]

Randa, I would recommend doing the following. Go to the following sites, print out the removal instructions, and download any relevant software they are asking for:

1. Spyware Strike Removal
2. SpyAxe Removal
3. Zlob Removal

Reboot into safe mode, and follow the instructions.

Also see here and here.

how do you delete mspacecontentinstall.exe. it won’t let me delete it. I tried changing attribute won’t let me do that either. WTF!!!! and Bitdefender keeps recognizing it as a virus that it BLOCKED thank God. But can’t delete it. Please help.

Thanks. :)

Nice article, I especially like the links you added to some great tools out there for anti-virus. I’ve been getting hit like crazy with this scam. I’m gonna put a short blog up with a link to this article. Aloha!

Yeah, dpkg must be done as root. Same as apt, and etc. ;)

I like the separation – keeps me from messing up my machine. I have shortcut on my task bar that launches a root shell for me – it has a different color than the normal terminal. That’s where I do all my root related stuff.

bad idea i meant!

Yeah i figure the URL had a line break in it, it seemed to look ok in the terminal tho. And btw I meant to also say I had to do the dpkg thing as a super user, permissions and all ya know. Still getting used to the whole permission super security thing. Used to being the master of my machine. haha. Been thinking of putting a launcher on my desktop that executes gksudo nautilus and calling it God but I know it’s a really idea so I’ve been resisting that temptation.

Yep bcd should be bdc. Typo.

The wget statement has a space in the URL somewhere that should not be there – it is there to break the line into two parts. When you copy and paste it you need to take out that space. :)