Other variants of Zlob Trojan installation come in the form of a Java cab file masquerading as a computer scan.
[6] Some variants of the Zlob family, like the so-called "DNSChanger", add rogue DNS name servers to the registry of Windows-based computers[7] and attempt to hack into any detected router to change the DNS settings, potentially re-routing traffic from legitimate web sites to other suspicious web sites.
Due to cost concerns, however, these servers were set to shut down on the morning of 9 July 2012, which could cause thousands of still-infected computers to lose Internet access.
By the date of the shutdown, there were many free of charge programs available that removed the Zlob malware effectively and without requiring great technical knowledge.
Current antivirus programs are very effective at detecting and removing Zlob and its time in the wild appears to be coming to an end.