Zlob (Trojan.Zlob)

May 5th, 2008

What is Trojan.Zlob?

Trojan.Zlob (Zlob.Trojan or Trojan.Zlob) is a backdoor Trojan that allows the remote attacker to perform various malicious actions on the compromised computer. It allows to install all malicious softwares to your computer. It can also delete and modify files, and put your privacy in danger.

What is Trojan horse?

Trojan horse is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be actually malicious, but Trojan horses are notorious for their use in the installation of backdoor programs.

What does Zlob do?

Zlob.Trojan is known to install fake anti-spyware program such as IE Defender, AntiVirGear, VirusProtect, SpyCrush and SpyLocked. Therefore, it’s very critical to remove Zlob from from your computer if it was infected. If you are familiar with registry edit and dll files in Windows, we strongly recommend you to try Zlob manual removal instructions. It might take time and patience, but it is equally effective if you get it right. If you are not familiar with registry editing we strongly recommend automatic spyware removal tool.

What systems does it effect?

Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP, Windows Vista

What is Trojan.Zlob threat level?

High and very dangerous

What registry values does it add?

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe

What files does it create?

uimcu.dll
antzozc.dll
dtjby.dll
dumpserv.com
zxserv0.com
vnp7s.net
Protect
RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
msmsgs.exe
dumpserv.com nvctrl.exe
zxserv0.com
vnp7s.net
%UserProfile%\Application Data\Microsoft\Protect
%UserProfile%\Application Data\Microsoft\Crypto\RSA
ncompat.tlb
msvol.tlb
hp[X].tmp

Variants of Zlob?

Trojan.Zlob.C, Trojan.Zlob, Trojan, Downloader.Win32.Zlob, Downloader-XC, Generic Downloader.gen.bd, Puper [McAfee], Troj/Zlob-CD, TROJ_ZLOB, Trojan.Downloader.Zlob.AND

2 Responses to “Zlob (Trojan.Zlob)”

Spyware Talks » Remove Abebot Says:
July 20th, 2008 at 4:30 am
[...] which is comes through trojan zlob and promotes the rogue anti-spyware program like PC-AntiSpyware. Trojan.Zlob is a backdoor Trojan that allows the remote attacker to perform various malicious [...]
Spyware Talks » Antivirus Pro 2008 Says:
July 22nd, 2008 at 12:54 pm
[...] Pro 2008.Antivirus Pro 2008 may have downloaded itself onto your computer through a trojan, like Zlob . Antivirus Pro 2008 can launch when you start up Windows, and Antivirus Pro 2008 may popup tons of [...]