Troj/Zlob-ACR

Category	Viruses and Spyware
Type	Rootkit
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	21 May 2007 06:25:40 (GMT)
Last updated	21 May 2007 16:29:33 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

More Information

Summary
More Information

Troj/Zlob-ACR is a downloader Trojan for the Windows platform.

When run Troj/Zlob-ACR creates the files:
<System>\<random characters>.exe - detected as Troj/Zlob-ACR
<Temp>\02.exe - detected as Troj/Zlob-ACR
<Temp>\00.exe - detected as Troj/Zlob-ACR
<Temp>\01.exe - detected as Troj/Zlob-ACR
<Program Files>\VideoPlugin\Uninstall.exe - can be safely removed
<Program Files>\VideoPlugin\Uninstall.lnk - can be safely removed

Troj/Zlob-ACR sets the following registry entry to run itself on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System
<random characters>.exe

Troj/Zlob-ACR also sets the following registry entries:

HKCU\Software\VideoPlugin
Start Menu Folder
VideoPlugin

HKCR\VideoPlugin\CLSID
(default)
(6BF52A52-394A-11D3-B153-00C04F79FAA6)

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoPlugin

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Zlob-ACR

Summary

More Information