high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 29 May 2006 11:28:26 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Zlob-LA is a downloading Trojan for the Windows platform.
Troj/Zlob-LA pretends to be an installer for an application called 'Media-Codec 4.0', but installs Trojan files instead of those of the expected application.
When Troj/Zlob-LA is installed the following files are created:
<Program Files>\Media-Codec\uninst.exe
<System>\regperf.exe
<System>\ld<xxx>.tmp
where <xxx> is a randomly generated number.
The file uninst.exe is clean and may be ignored. The other files are detected as components of Troj/Zlob-LA.
The following registry entry is created to run regperf.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
wininet.dll
regperf.exe
Registry entries are created under:
HKCR\EMediaCodec.Chl\CLSID\
HKCR\Media-Codec.Chl\CLSID\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Path\ecodec.exe
The Trojan provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel, under the name "Media-Codec 4.0". However this does not uninstall the Trojan.
|
