Troj/Zbot-MU

Category: Viruses and Spyware Protection available since:04 Mar 2010 11:51:48 (GMT)
Type: Trojan Last Updated:04 Mar 2010 11:51:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-MU is a Trojan for the Windows platform.

Troj/Zbot-MU includes functionality to:

- run automatically
- copy itself to the <System> folder
- create files in the <System> folder
- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/Zbot-MU communicates via HTTP with the following locations:

91 . 201 . 196 . 76
91 . 201 . 196 . 100

When Troj/Zbot-MU is installed it creates the file <System>\sdra64.exe.

The following registry entry is changed to run sdra64.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\sdra64.exe,

Registry entries are created under:

HKCU\Software\Microsoft\Protected Storage System Provider

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy