Troj/Zlob-NR

Category: Viruses and Spyware Protection available since:11 Jun 2006 00:00:00 (GMT)
Type: Trojan Last Updated:11 Jun 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zlob-NR is a Trojan for the Windows platform.

Troj/Zlob-NR drops the following files:

<Program Files>\PornMagPass\isinst.exe
<Program Files>\PornMagPass\PornMagPass.exe
<Program Files>\PornMagPass\PornMag Pass.url
<Program Files>\PornMagPass\uninst.exe
<Start Menu Programs>\PornMag Pass\PornMag Pass Login.lnk
<Start Menu Programs>\PornMag Pass\PornMag Pass.lnk
<Desktop>\PornMag Pass.lnk
<Windows system folder>\ishost.exe
<Windows system folder>\ismon.exe
<Temp>\iservice.dll

The files isinst.exe, PornMagPass.exe, ishost.exe, ismon.exe and iservice.dll are also detected as Troj/Zlob-NR. The file isinst.exe is deleted as Troj/Zlob-NR is run. The file PornMagPass.exe is a password generator for the pornographic website pornmagpass.com and may open a website there or to other pornographic websites. All other files are clean and may be safely deleted.

Troj/Zlob-NR creates the following registry entry to run ishost.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
ishost.exe
ishost.exe

Troj/Zlob-NR creates the following registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\isinst.exe
(default)
<Program Files>\PornMagPass\PornMagPass.exe

Troj/Zlob-NR also creates registry entries under the following locations:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
PornMag Pass

HKCU\Software\PornMag Pass

Troj/Zlob-NR may attempt to download and execute files from a remote location.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy