Troj/Flood-IG

Category:	Viruses and Spyware	Protection available since:	25 May 2007 00:00:00 (GMT)
Type:	Trojan	Last Updated:	25 May 2007 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Flood-IG is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

When Troj/Flood-IG is installed the following files are created:

<System>\uninstall.uni
<System>\win32ip.exe
<System>\zlip.cpl
<System>\zlip.exe
<System>\zlip1.cpl
<System>\zlip2.cpl
<Windows>\uninstyler.exe

The file win32ip.exe is a HideWindow tool that detected as Mal/Packer, the files zlip.cpl, zlip1.cpl and zlip2.cpl are also detected as Troj/Flood-IG. The rest of the files can be safely deleted.

The following registry entries are created to run zlip.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
topat
<System>\zlip.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
topat
<System>\zlip.exe

The following registry entries are set or modified, so that zlip.exe is run when files with extensions of CHA and IRC are opened/launched:

HKCR\ChatFile\Shell\open\command
(default)
<System>\zlip.exe" -noconnect

HKCR\irc\Shell\open\command
(default)
<System>\zlip.exe" -noconnect

Registry entries are set as follows:

HKCR\ChatFile\DefaultIcon
(default)
<System>\zlip.exe

HKCR\irc\DefaultIcon
(default)
<System>\zlip.exe

Registry entries are created under:

HKCU\Software\Microsoft\Microsoft Agent
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Application
HKCU\Software\mIRC\DateUsed
HKLM\SOFTWARE\Instyler\uninstyler
HKCR\irc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC

Troj/Flood-IG provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "My Application" and "zlip".

Try Sophos products for free
Download now

Troj/Flood-IG

Free Mac Anti-Virus

Popular topics