high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | July 2005 (3.95) |
| Protection available since | 28 May 2005 12:29:47 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Zlob-H is a downloader Trojan.
Troj/Zlob-H attempts to stealth itself by injecting itself into EXPLORER.EXE or by registering itself as a service process.
Troj/Zlob-H attempts to download information from one of the following websites:
dumpserv.com
zxserv0.com
vnp7s.net
Troj/Zlob-H will also try to download files from these websites to the LogFiles subfolder of the Windows system with a filename based on the information it downloaded previously, and it may then execute the downloaded file. Troj/Zlob-H is a downloader Trojan.
Troj/Zlob-H creates the following entry in the registry so as to run itself on system startup, assuming it is called MSMSGS.EXE in a suitable folder:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
notepad.exe
"msmsgs.exe"
Troj/Zlob-H also adds MSMSGS.EXE to the following registry entry so as to run itself on system startup:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Troj/Zlob-H creates a registry entry at the following location:
HKLM\Software\Microsoft\Windows\CurrentVersion
uuid
Troj/Zlob-H attempts to stealth itself by injecting itself into EXPLORER.EXE or by registering itself as a service process.
Troj/Zlob-H attempts to download information from one of the following websites:
dumpserv.com
zxserv0.com
vnp7s.net
Troj/Zlob-H will also try to download files from these websites to the LogFiles subfolder of the Windows system with a filename based on the information it downloaded previously, and it may then execute the downloaded file.
|
