Troj/LowZone-AE is a Trojan for Windows based systems.
The Trojan sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinLevel
Code Download
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Security_RunActiveXControls
dword:01000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Security_RunScripts
dword:01000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Safety Warning Level
SucceedSilent
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Trusted
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotchbar.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
*
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
:Range
67.19.178.84
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2001
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2004
0
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Trusted
1
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotchbar.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
*
2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
:Range
67.19.178.84