Troj/Zalon-B

Category: Viruses and SpywareProtection available since:20 Dec 2006 00:00:00 (GMT)
Type: TrojanLast Updated:20 Dec 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Zalon-B is a backdoor Trojan which allows a remote intruder to gain access and control over the computer. Troj/Zalon-B is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

When first run Troj/Zalon-B copies itself to <System>\mdmex2.exe.

The following registry entry is created to run mdmex2.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SvcManager
mdmex2.exe

The following registry entry is set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
<Windows>\system32\mdmex2.exe
<System>\mdmex2.exe:*:Enabled:mdmex2

The following registry entry is set:

HKCU\Software\Microsoft\CryptoSecure
Name
mdmex2.exe

Registry entries are created under:

HKCU\Software\Microsoft\CryptoSecure
HKLM\SOFTWARE\Microsoft\Security Center