HOME / CONTACT
 
  Home > Malware Cyclopedia > Malware Info.
 Malware Info.
FAQ
Download

 Trojan@W32.FraudPa...
 Trojan@W32.Obfusca...
 Trojan@W32.Zbot.34
 Virus@W32.Sality
 Trojan@W32.Zbot.26
Malware Info. Malware Cyclopedia
Trojan@W32.Zbot.16
Zbot.16 will close the Windows firewall, modify registry file and download Malicious files.

Zbot.16 will close the Windows firewall. It connects the random IP Addresses to download malicious files automatically. The trojan will modify registry file. Then it will work after Windows starts.
Aliases : Trojan-Spy.Win32.Zbot.acsp [Kaspersky Lab]
Type : Trojan
Date Discovered : 2009/11/03
System Affected : Windows NT/2000/XP/2003/Vista
 Risk Assessment
Distribution : Medium
Damage : Medium
 Character

None

  Description

Note:Win95/98/me default %system% is C:\windows\system
   WinNT/2000/XP/2003 default %system% is C:\WinNT\system32

  ●After executing virus, it will create following files to %System% folder:
   sdra64.exe

  ●Add the following files:
   C:\WINDOWS\system32\lowsec\local.ds
   C:\WINDOWS\system32\lowsec\user.ds
   C:\WINDOWS\system32\lowsec\user.ds.lll

  ●Add following value to the registry. The virus will run while Windows starting.
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
   CurrentVersion\Winlogon\Userinit: "C:\WINDOWS\system32\userinit.exe,
   C:\WINDOWS\system32\sdra64.exe,"
 solution None
<Back
Copyright ©2009 SumWinTek Corp., Powered by GGreat.
Tel:886-3-5820616 Fax:886-3-5820617 E-mail: support@sumwintek.com 		  
Visitor:136463