Well i've just spent the last 2 days trying to fix a computer, which had 28 copies of the virus zlob in various disguises, not only that this particular virus and its variants allow code to access the computer through the wmf file, which is a picture format. However the hacker can rename the wmf file to any graphics format eg gif just to allow the code to be run. You will know if you have been infected as your homepage, no matter what it is will be directed to an antispy ware site where your invited to purchase a solutiion to rid yourself of the problem, the only problem is, they won't. The particular site which was advertised on the computer i just fixed was securitycaution.com.

This is a screenshot of the site.

Though you can navigate away from the site, its more of an annoyance than a threat, though no doubt like me, once you come across this infection, you will want to get rid of it, which i eventually managed after 2 days of tweaking and manipulating windows xp.

The first step to ridding yourself of this is of course to get rid of the virus, so i suggest you do a thourough scan of your system and delete all instances and variants of the zlob virus. i use a free home antivirus from avast http://www.avast.com/ if your going to download the free version i suggest you right click the link and open in a new window, if your following the instructions of how to rid yourself of this threat.

Before i continue i'm going to make a suggestion, one particular annoyance with windows XP is the restore feature. as a computer engineer i find it more of a hinderance than a help, as not only does it backup your system, but every file on it, INCLUDING any virus on your system, so no matter how many times you delete viruses if system restore is switched on, you will never be rid of it, so please do yourself a favour and turn this feature off. on the 2 particular occasions i've used this feature, the system has virtually trashed itself and i've ended up having to reformat the computer anyway.

I take it while i've been waffling you've run an antivirus program and got rid of the threats..... what do you mean you forgot .

As i mentioned earlier the hackers use a vulnarability in wmf files to take control of your internet explorer to send you to a site offering you programs to remove spyware from your computer, personally i think the companies that advertise on these sites should in some respect be accountable for instigating these problems, as well as the hackers involved, as obviously the people taking advantage of these vulnarabilities are being paid for each person that clicks and buys these products.

anyway back to resolving the problem.

First off Microsoft have released a fix, however, if after installing it like me the problem still persists then your going to have to tinker. So first off before  applying the fix we have to turn off the picture and fax viewer that windows uses to view graphics. Click on your start button and selct run, a popup should appear, in which you should type, or if your lazy like me, just highlight the following txt and copy and paste regsvr32 -u %windir%\system32\shimgvw.dll this will disable the picture viewer, personally if theirs a vulnarability in a particular program i won't use it again, so i would leave it turned off, but your name isn't personally is it so i'll give you the code to turn it back on, seen as i'm so considerate regsvr32 %windir%\system32\shimgvw.dll but only apply this after completing the procedure.

Now comes the scary part for those that have never had reason to tinker with the registry, this can be a little daunting to many as the wrong thing done here and you may as well just reformat your system. BUT don't let that put you off, as long as you follow these instructions nothing will go wrong .... looks at my daughter ...... however if your blonde, you could try dyeing your hair a different colour first  ....

you need to once again click on your start button and select run, this time type regedit and click ok. you will be presented by a box with 2 columns for the moment concentrate on the left column, hopefully there will be a blue highlight on my computer right at the top if not scroll up and just click on the words my computer... the reason for this is that when we do a search it only searches from the highlighted area to the end of the registry. Ok now click on edit and select find in the popup type mssearchnet.exe windows will then search through the registry for the first instance of the searchword eventually, depending on the speed of your computer it will stop and highlight a line which contains mssearchnet.exe press your del key and confirm deletion, now press F3 on your keyboard and windows will contiue the search from their if it comes up with another instance just hit del and confirm until windows says its finished searching the registry, when this happens just close the registry editor.

Now you need to find the offending file on your system, click on the start button once again but now select search, and select files or folders, type in mssearchnet.exe once it appears in the search found box right click on it and select delete.

You then need to apply the microsoft patch this can be found here .... remember right click the links and select open in a new window, or as is spaces want, you will be taken away from this page to the link you clicked ... http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE-499E-B89B-215B7BB4D8E9&displaylang=en or you can download it here patch once downloaded run the file and reboot your system. what do you mean if you reboot how will you know what to do next, well you can either copy and paste these instructions into notepad and save it to your desktop or just add this site to your favourites and pop back. Before rebooting however, please empty your cache, to do this on internet explorer click the tools on the menu bar at the top and select internet options, then click on settings on the popup that appears then select view files this will show you all the files that are in your cache, click on edit on the menu bar and select all, this will highlight them in blue, all you need to do now is hit your del button on your keyboard and wait patiently for windows to remove the files, once done close that window by clicking the x and click ok to close the first popups this will leave you the first popup. now you need to reset your homepage click the about blank option, believe me this is necessasryand click apply.

Now reboot your system.

once you have returned to the internet open internet explorer and in the address bar type in http://www.google.co.uk their you will find a link to set as your home page, you could of course set any site as your homepage, but for ease of use i selected this as it sets all the necessary settings in explorer to the correct values and overwrites anything the hacker has written, you could try applying this as your homepage then reset it to your preferred homepage afterwards.

Hopefully you will have the same success as i did after following these procedures, if not let me know and i'll see if i can help out.

a short word of advice ... yes without anymore waffling ... the best cure for this is prevention, always make sure your antivirus is uptodate, their is no excuse for not doing so, if you run norton or mcafee and your subscription has run out months ago, don't just think your safe, your not, the computer i had to fix was 6 months out of date and got infected, your antivirus will only cover threats upto the end of your subscription, if you have no intentions of paying again download and install a free version like the one posted above, it covers you for 14 months for free so use it. Install and USE antispyware i use microsofts antisypare program which can be found on their site, download and use it, allow it to run in the background, it does the job, you can use as a backup if needed other programs such as spybot... but remember if their installed USE them, don't just think they will magically use themselves when yur not about. Run your Antivurs at least once a week, on thorough, and run antispyware at the same frequency, it will save you alot of time or money in the long run.