 |
W32/Zlob.JAU Trojan
| Name |
W32/Zlob.JAU Trojan |
| Aliases |
Trojan-Downloader.Win32.Zlob.jau, W32/DLoader.GCNU, Trojan:Win32/Emurbo.A, W32/Zlob.EYC!tr.dldr |
| Discovered on |
March 17, 2008 |
 Virus Information - W32/Zlob.JAU Trojan:
W32/Zlob.JAU is a downloader trojan. The trojan will infect Windows systems.
Upon execution, the trojan drops the following files:
 msram.dll in the Windows System folder,
altvxvm.dll in the Windows folder,
bokpkov.dll in the Windows folder,
drnpfdxxsn.dll in the Windows folder,
etlrlws.dll in the Windows folder,
fmsxwqs.exe in the Windows folder,
drSl1UYM.exe in the Current User's Temp folder,
2020.tmp in the Current User's Temp folder,
WeDH77xw.exe in the Current User's Temp folder,
abF1utkA.exe in the Current User's Temp folder,
WinRom.dll in the WINDOWS\Installer folder,
zip.dll in the WINDOWS\Installer folder,
1205745110[1].exe in the Temporary Internet Files folder,
update[1].exe in the Temporary Internet Files folder,
1205745113[1].exe in the Temporary Internet Files folder,
antiviirus.exe in the Program Files folder,
tmp0.exe in the Program Files folder.
The trojan modifies registry at the following location to load itself during each startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antiviirus
The trojan displays a toolbar in all Internet Explorer windows, which contains a link to download and install fake antivirus.
It also disables Windows TaskManager.
|
