Trojan.Zlob - Spyware Detector - Max Secure Software

Home / Spyware Encyclopedia / Trojan.Zlob

Trojan.Zlob Technical Details

Category	Trojan
Discovered	7/22/2005 12:00:00 AM
Modified	12/12/2009 3:32:32 PM
Threat Level	Critical

Category Description

A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

Notice

Summary

The following http urls were started:

•spywareisolator.com/setup_en.exe

•spywareiso.com/setup_en.exe

•spywareisolator2008.com/setup_en.exe

The hosts file was updated with the following url-to-ip mappings:

217.20.175.74	scan.vavscan.com
217.20.175.74	scanner.vavscan.com
217.20.175.74	vav2008.com

The following internet connection was established:

142.165.39.16 : 3531

71.199.180.68 : 3531

71.194.186.87 : 3531

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\meandyou.exe	5.0.2169.1	ZLAXAE Corporation	8532ab9d5b20fb2f16a4948fd84782c2	393216
..\you.exe	5.0.2169.1	ZDAVJU Corporation	35b48da0e6ccfe75443f5f727a8f400a	399872
..\686B8941.EXE	5.0.2169.1	ZDACAO Corporation	f577f8e3cadf5ee66955c576a34b69c1	24064
..\SeekmoSA.exe	10.0.431.0	Zango, Inc.	f79ac2af64dfddf2ceccf3b49be4262d	796424
..\SeekmoSADF.exe	10.0.431.0	Zango, Inc.	c22c3bbfe17c947aa7686c358faaa72c	152840
..\SeekmoUnInstaller.exe	10.0.431.0	Zango, Inc.	3561cffc54682a344c816d95fc507e38	312576
..\SeekmoSA.exe	10.0.431.0	Zango, Inc.		796424
..\SeekmoSADF.exe	10.0.431.0	Zango, Inc.		152840
..\SeekmoUnInstaller.exe	10.0.431.0	Zango, Inc.		312576
..\plugins\npclntax_SeekmoSA.dll	10.0.431.0	Zango, Inc.	9471eafbb8759bf20f8527ec6c1392d1	69896
..\CoreSrv.dll	10.0.0.0	Zango, Inc.
..\SeekmoSAHook.dll	10.0.431.0	Zango, Inc.
..\plugins\npclntax_SeekmoSA.dll	10.0.431.0	Zango, Inc.		69896
..\SeekmoSAAX.dll	10.0.431.0	Zango	6b76997e2248776f5d2326446c102f1f	2389256
..\B94D0374.EXE	1.0.0.0	Yahoo!	9d5011e9aa8ec4960ea7a4d5e2b8bf2b	151552
..\F3492DA5.EXE	1.0.0.0	yaghoob.ekrami@yahoo.com	91ba87616839bdf9af7b0e1df0316c5d	364544
..\01F19FC3.EXE	1.0.0.0	yaghoob.ekrami@yahoo.com	649209ee1d4bacfc5c36ec4975677ee6	462848
..\20E538C1.EXE	4.6.6.4	Y	d6d746d71f94faaba35222168c25b9f0	282624
..\XPPoliceAntivirus\AVCoreFn.dll	1.0.0.1	xxx Software	ec26f2b86f4841b54a8ce6af5f817231	577536
..\113EC952.EXE	1.0.0.0	Xvision	f720894dff55b978d7384dd9b08c7fd5	20480
..\B064CEF0.EXE	1.0.0.0	xTr Software	957c07534ef71d3f913ff8a4b37f27d4	36864
..\E642510D.EXE	5.0.2169.1	XRABJE Corporation	65c859697ae1b1d4d848cf13065eb3df	24064
..\ld46.exe	5.0.2169.1	XKACAJ Corporation	0a5d98e552b182fb7b56e91e109befc6	56320
..\youandme.exe	5.0.2169.1	XGACAJ Corporation	35b48da0e6ccfe75443f5f727a8f400a	393216
..\BE6B9D22.EXE	1.0.0.0	x	580469bb95f5d39f11c0e13e9f8e7b68	27682
..\2DBBEB46.EXE	1.0.0.0	x	b3b263c5e6f4fbd908643dfc57e9e38c	20480
..\UUSEE\IN_NET.DLL	1.0.8.504	WWW.UUSEE.COM	f96098cfa8a83c697d2a18d68fb8fbb3	925000

The following Registry Entries were created:

•	..\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\"{89fdcc4b-8d91-49b0-81a6-18bcff582735}"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"09375087131971375270878830669170"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"systemdriver"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"salestart"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"39247163632169364003994714568076"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"bmn(1)"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"tpxhst32.exe"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"ohccuxdg"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"itzeyqjm"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"uoeinagp"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"fixwiadl"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"mrupmrof"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"upcreten"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"adriver"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"wblogon"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"sbkrwpsh"
•	..\Software\Microsoft\Windows\CurrentVersion\Run\\"fgrsxszq"

Recommendation to remove Trojan.Zlob

Spyware Detector can remove Trojan.Zlob, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

Search Threats