Remove Trojan.Zlob
Posted on: April 29th, 2009
| Discovered: | April 23, 2005 |
| Updated: |
June 1, 2006 2:36:46 PM |
| Type: |
Trojan |
| Systems Affected: |
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP |
| Recommended Action: | |
 In order to remove Remove Trojan.Zlob you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of Trojan.Zlob.. |
|
| Technical Details: |
| Trojan.Zlob has been renamed from Trojan.Zhopa.
Trojan.Zlob is a Trojan that allows the remote attacker to perform various malicious actions on the compromised computer. When Trojan.Zlob is executed, it copies itself as one of the following: * %System%\msmsgs.exe * %System%\ld100.tmp * %System%\regperf.exe It may create the following registry entries so that the Trojan runs every time Windows starts: * HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run\”MSN Messenger” = “%System%\msmsgs.exe” * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon\”Shell” = “Explorer.exe, msmsgs.exe” The Trojan also adds the following registry entries: * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\explorer\run\”wininet.dll” = “regperf.exe” * HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer\Run\”notepad.exe” = “msmsgs.exe” It also adds the following marker in the registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ “uuid” = “86c29b2f-3389-418b-9b47-c2b09b6abc07″ The Trojan then injects itself into explorer.exe. It attempts to make HTTP connections to the following hosts: * vnp7s.net * zxserv0.com * dumpserv.com The Trojan uses different URLs that allow the Trojan to ping, report its status, and execute remote files. |
| Action Steps: |
| FREE SCAN: NoAdware can remove Trojan.Zlob. Click the link below for your free download & scan your PC now.
Please click here for manual removal instructions. |
