high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 29 May 2006 21:43:49 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Zlob-LB is a Trojan for the Windows platform.
The Trojan pretends to be an installer for an application called "DigiKeygen 2.10", but installs Troj/Zlob-LA files instead of those of the expected application.
When the Trojan is installed the following files are created:
<Desktop>\digikeygen.lnk
<Start Menu\Programs>\DigiKeygen\DigiKeygen Login.lnk
<Start Menu\Programs>\DigiKeygen\DigiKeygen.lnk
<Program Files>\DigiKeygen\digikeygen.exe
<Program Files>\DigiKeygen\digikeygen.exe.manifest
<Program Files>\DigiKeygen\DigiKeygen.url
<Program Files>\DigiKeygen\uninst.exe
The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
wininet.dll
regperf.exe
where regperf.exe is detected as Troj/Zlob-LA.
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigiKeygen\
The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\helper.exe
<Program Files>\DigiKeygen\digikeygen.exe
Troj/Zlob-LB provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "DigiKeygen 2.10". However this does not uninstall the Trojan.
|
