Troj/LowZone-DQ

Aliases	Trojan.Win32.Agent.zs TROJ_DIAMIN.FV
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	19 November 2006 01:18:34 (GMT)
Last updated	2 February 2007 02:36:19 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/LowZone-DQ is a Trojan for the Windows platform.

When first run Troj/LowZone-DQ copies itself to the Desktop and User folders and creates the following files:

<Desktop>\Mappe Stradali.lnk
<Desktop>\Numeri di telefono.lnk
<User>\My Documents\My Music\Scissor Sister.lnk
<User>\PrintHood\Compaq C40 Annalisa.lnk
<User>\Start Menu\Internet Explorer.lnk

Troj/LowZone-DQ changes the Start Page for Microsoft Internet Explorer by setting the registry entry:

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

The following registry entries are set, affecting internet security:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cisiamodibrutto.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cisiamodibrutto.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cisiamodibrutto.com\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ricercadoppia.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ricercadoppia.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ricercadoppia.com\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www
*
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1004
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1201
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
MinLevel
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
RecommendedLevel
0

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/LowZone-DQ

Summary

Action

More Information