Troj/Zbot-TK

Category: Viruses and Spyware Protection available since:29 Jul 2010 23:08:05 (GMT)
Type: Trojan Last Updated:29 Jul 2010 23:08:05 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zbot-TK is a Trojan for the Windows platform.

Troj/Zbot-TK includes functionality to:

- run automatically
- copy itself to the <System> folder
- create files in the <System> folder
- access the internet and communicate with a remote server via HTTP

Troj/Zbot-TK communicates via HTTP with the following locations:

85 . 17 . 144 . 84

When Troj/Zbot-TK is installed it creates the file <System>\mspdbc32.exe.

The following registry entry is changed to run mspdbc32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\mspdbc32.exe,

The following registry entries are set, affecting internet security:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1609
0x00000000

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
1609
0x00000000

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy