Troj/Zbot-KM

Category: Viruses and Spyware Protection available since:04 Dec 2009 17:44:47 (GMT)
Type: Trojan Last Updated:04 Dec 2009 17:44:47 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-KM is a Trojan for the Windows platform.

Troj/Zbot-KM includes functionality to:

- copy iteslf to the <WINDOWS> folder
- run automatically
- access the internet and communicate with a remote server via HTTP

Troj/Zbot-KM communicates via HTTP with the following locations:

91 . 213 . 94 . 131

When Troj/Zbot-KM is installed it creates the file <Windows>\essledv.exe.

The following registry entry is created to run essledv.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ttool
<Windows>\essledv.exe

Troj/Zbot-KM sets the following registry entries, disabling the automatic startup of other software:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
0x00000004

Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy