« Win32/TrojanDownloader.FakeAlert.LW
W32/Virut.BH »

Trojan.Zlob.LFD



Trojan.Zlob.LFD is Trojan.Zlob trojan,Trojan.Zlob.LFD is a back door Trojan that allows the remote attacker to perform various malicious actions on the compromised computer.Once Trojan.Zlob.LFD installed, it displays popup ads with appearance similar to real Microsoft Windows warning popups, informing the user that their computer is infected with spyware. Clicking these popups trigger the download of a fake anti-spyware program (such as Virus Heat) in which the trojan horse is hidden.
Trojan.Zlob.LFD is a Trojan that allows the remote attacker to perform various malicious actions on the compromised computer.
When Trojan.Zlob.LFD is executed, it copies itself as one of the following:
%System%\msmsgs.exe
%System%\ld100.tmp
%System%\regperf.exe
File may be different according to the different virson.
Trojan.Zlob.LFD may the following registry entries so that the Trojan runs every time Windows starts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”MSN Messenger” = “%System%\msmsgs.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe, msmsgs.exe”

The Trojan also adds the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\”wininet.dll” = “regperf.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\”notepad.exe” = “msmsgs.exe”
Trojan.Zlob.LFD also adds the following marker in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\”uuid” = “86c29b2f-3389-418b-9b47-c2b09b6abc07″
The Trojan then injects itself into explorer.exe.
It attempts to make HTTP connections to the following hosts:
vnp7s.net
zxserv0.com
dumpserv.com

Tags:

Need help? Post you problem on Free Malware Remove Help forum


Trojan.Zlob.LFD Summary

  • Virus Name:Trojan.Zlob.LFD
  • Detected By:VirusBuster antivirus program
  • Virus Trojan.Zlob.LFD Detected times:238211times
  • Trojan.Zlob.LFD Overall Risk:Medium 738212
  • Trojan.Zlob.LFD file size:3682120 bytes
    • Trojan.Zlob.LFDwas first Detected by VirusBuster on Friday, October 17th, 2008 , 10:13 am,Trojan.Zlob.LFD is a new threats of Hacking,Malware,Spam,worm.
  • Remove Trojan.Zlob.LFD instruction:

    • 1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte Trojan.Zlob.LFD virus files and kill Trojan.Zlob.LFD file task process(if have);4.Delete/Modify any values added to the registry by Trojan.Zlob.LFD ;5.delete IE temp files,restart the computer and run a whole scan with VirusBuster. Trojan.Zlob.LFD virus files as following:

    For Trojan.Zlob.LFD first detected Friday, October 17th, 2008 at 10:13 am by VirusBuster,we need more information about Trojan.Zlob.LFD.Please follow any responses to Trojan.Zlob.LFD through the RSS 2.0 feed ,Or leave your problem about Trojan.Zlob.LFD .

    Leave a Reply