Troj/Dloader-ZS is a downloader Trojan for the Windows platform.
When Troj/Dloader-ZS is installed it creates the file <System>\run.dll.
The following registry entry is created to run code exported by run.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler
(2F232C2B-1238-3CBC-04A8-7AC23B61E33F)
Secure Patch
The following registry entry is set:
HKCU\Software\Classes\CLSID\(2F232C2B-1238-3CBC-04A8-7AC23B61E33F)\
InProcServer32
(default)
<System>\run.dll
Registry entries are created under:
HKCU\Software\Classes\CLSID\(2F232C2B-1238-3CBC-04A8-7AC23B61E33F)\
InProcServer32\