Troj/Flood-IG

Please follow the instructions for removing Trojans.

Troj/Flood-IG is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

When Troj/Flood-IG is installed the following files are created:

<System>\uninstall.uni
<System>\win32ip.exe
<System>\zlip.cpl
<System>\zlip.exe
<System>\zlip1.cpl
<System>\zlip2.cpl
<Windows>\uninstyler.exe

The file win32ip.exe is a HideWindow tool that detected as Mal/Packer, the files zlip.cpl, zlip1.cpl and zlip2.cpl are also detected as Troj/Flood-IG. The rest of the files can be safely deleted.

The following registry entries are created to run zlip.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
topat
<System>\zlip.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
topat
<System>\zlip.exe

The following registry entries are set or modified, so that zlip.exe is run when files with extensions of CHA and IRC are opened/launched:

HKCR\ChatFile\Shell\open\command
(default)
<System>\zlip.exe" -noconnect

HKCR\irc\Shell\open\command
(default)
<System>\zlip.exe" -noconnect

Registry entries are set as follows:

HKCR\ChatFile\DefaultIcon
(default)
<System>\zlip.exe

HKCR\irc\DefaultIcon
(default)
<System>\zlip.exe

Registry entries are created under:

HKCU\Software\Microsoft\Microsoft Agent
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Application
HKCU\Software\mIRC\DateUsed
HKLM\SOFTWARE\Instyler\uninstyler
HKCR\irc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC

Troj/Flood-IG provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "My Application" and "zlip".