Also known as: LightCodec, TVCodec, MovieCodec, PCodec, ZCodec, PlayerCodec, Dvd Codec, iCodecPack, DVDAccess, StrCodec, XPassword Generator, MPCodec, MP Video Codec, PornMagPass, MyPornMagPass, WMCodec, WinMediaCodec, MediaCodec, VidCodec, VideosCodec, IMCodec, IMediaCodec, MedCodec, SoftCodec, MMCodec, MMediaCodec, HQCodec, TrueCodec, VCCodec, VideoCompression Codec, JPegEncoder, PornPassManager, KeyCodec, VideokeyCodec, IVideoCodec, VidCodecs, VideoCodecs, QualityCodec, EliteCodec, PerfectCodec, SuperCodec, GoldCodec, SilverCodec.

Often these infections can be found placed in fake MySpace profiles, and other social websites. They are fake codecs. They install the Zlob.trojan.Media-Codec which pops up fake alerts in an attempt to make you buy software, and will hijack your homepage.

Option 1 (smitfraudfix by S!Ri):
Instructions for SmitFraudFix (by S!Ri)

SmitFraudFix only works with Windows XP or 2000

1. Please download SmitfraudFix (by S!Ri)
   Extract the content (a folder named SmitfraudFix) to your Desktop.
   Don't use it yet.
   
2. Reboot into Safe Mode: ( without networking support !)
   °To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.
   
3. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
   Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
   1. (Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwards
   2. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
   3. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
   4. The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
   5. A text file will appear onscreen, with results from the cleaning process; save that log in case you need it to reply together with a hijackthislog. The report can also be found at the root of the system drive, usually at C:\rapport.txt

Option 2 (smitrem by noahdfear):
Instructions for Smitrem (by noahdfear)

1. Download smitRem.exe ©noahdfear, and save the file to your desktop.
   Double click on the file to extract it to it's own folder on the desktop.
2. Reboot into Safe Mode: ( without networking support !)
   °To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.
3. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
   Wait for the tool to complete and disk cleanup to finish.
4. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Save that log and post it if needed along with any others if you need to start a new topic.

This topic has been left open to allow specific questions and comments related ONLY to this guide. It's NOT for posting HJT logs, links to your logs, or any other general malware help. Replies not following these rules will be deleted. Thanks for your cooperation.

Will Smitrem.exe run on the newer and older versions of Windows that aren't covered by SmitFraudFix? (I.e. Windows 98/Millenium Edition or Vista?)

This post has been edited by Mrs_Kohls: Jul 17 2007, 02:20 PM

Hi,
I have run the SmitFraudFix yet when i run XoftXpySE (which i have the trial version of) it still shows that the MediaCodec Zlob Trojan is on my computer. Any ideas of how to get rid of it? thanks

elliot5637,

I recommend that you go here and follow the directions for posting a hijackthis log in the Malware Removal forum. Let one of our malware team help you make sure you're clean.

I have worked with a few customers who have had the zlob torjan. The easiest way i have found to remove it is to download 2 main programs, both are free. These are ad-aware and windows defender. windows defender picks it up and finds it really fast, and i use ad-aware to clean up anything left over that may be hiding on the system.

Hello and welcome insectdude
I m sure that works as well on the older variants, s!ri's tool is updated almost daily. so if your method fails for any reason give smitfraudfix a run

Greetings,

During a scan with SpyBot S & D very early this morning I saw a lot of these names going by...Zlob in front of most of them . What should I do as I'm not sure that I'm infected with them. I'm not getting pop-ups of any sort, just trying to clean up my laptop.

LightCodec, TVCodec, MovieCodec, PCodec, ZCodec, PlayerCodec, Dvd Codec, iCodecPack, DVDAccess, StrCodec, XPassword Generator, MPCodec, MP Video Codec, PornMagPass, MyPornMagPass, WMCodec, WinMediaCodec, MediaCodec, VidCodec, VideosCodec, IMCodec, IMediaCodec, MedCodec, SoftCodec, MMCodec, MMediaCodec, HQCodec, TrueCodec, VCCodec, VideoCompression Codec, JPegEncoder, PornPassManager, KeyCodec, VideokeyCodec, IVideoCodec, VidCodecs, VideoCodecs, QualityCodec, EliteCodec, PerfectCodec, SuperCodec, GoldCodec, SilverCodec.

If all this is on here I can't find it....

Thanks in Advance,

Icey

Hello and welcome Icey1950!

If I were you I would post in the Malware Removal Forum to make sure your system is 100% clean.

http://www.geekstogo.com/forum/Malware-Rem...o-Here-f37.html

Make sure to post your HJT log there in a new topic.

I have a Trojan Downloader Zlob will any of these post help me out.

Please Help Me.
Thank You

Hello and welcome SBG,

yes it will go ahead and give it a run and if you have any further issues I would suggest starting a new topic in the malware forum

Edit: Please don't post your HJT log in here, post them in http://www.geekstogo.com/forum/Malware-Rem...o-Here-f37.html



This post has been edited by Excal: Dec 29 2007, 09:31 AM

I`m sorry to bother, but I have a problem which I don`t know how to solve. My computer is now called Ahsan`s computer, my Documents is called Ahsan`s documents, my network places is now Ahsan`s places.....
I think microsoft word 2003 professional is deleted from my system, as well as a few other applications. How do I remove this?
I`m sorry if I`m not writing in the appropriate topic. I`m a complete beginner when it`s about malware.

here are some options you can always reformat, change to linux try pc linux or ubuntu, or spysweeper.