HOME / CONTACT
 
  Home > Malware Cyclopedia > Malware Info.
 Malware Info.
FAQ
Download

 Trojan@W32.FraudPa...
 Trojan@W32.Obfusca...
 Trojan@W32.Zbot.34
 Virus@W32.Sality
 Trojan@W32.Zbot.26
Malware Info. Malware Cyclopedia
Trojan@W32.Zbot.34
Zbot.34 will close the Windows firewall and download Malicious files.

Zbot.34 will close the Windows firewall. It connects the random IP Addresses to download malicious files automatically. Makes the speed of the computer slow down.
Aliases : Trojan-Spy.Win32.Zbot.adtw [Kaspersky Lab]
Type : Worm, Trojan
Date Discovered : 2010/02/10
System Affected : Windows 95/98/ME, Windows NT/2000/XP/2003/Vista
 Risk Assessment
Distribution : Medium
Damage : High
 Character

None

  Description

Note:Win95/98/me default %system% is C:\windows\system
   WinNT/2000/XP/2003 default %system% is C:\WinNT\system32

  ●After executing virus, it will create following files to %System% folder:
   \lowsec\local.ds
   \lowsec\user.ds
   \lowsec\user.ds.lll
   \sdra64.exe

  ●Add following value to the registry:
   HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
   {43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
   HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider
   HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider\S-1-5-18

  ●Modify following value to the registry:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Network:UID = "%ComputerName%_0001D220
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
   Userinit="C:\WINDOWS\system32\userinit.exe,"
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
   Userinit="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,"
 solution None
<Back
Copyright ©2009 SumWinTek Corp., Powered by GGreat.
Tel:886-3-5820616 Fax:886-3-5820617 E-mail: support@sumwintek.com 		  
Visitor:136481