Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/TrojanDownloader.Zlob.CZY is a trojan which tries to download other malware from the Internet.
Installation
The trojan does not create any copies of itself.
Other information
The trojan mutes the Master Volume control of the sound device.

The trojan displays warnings about possible problems detected on the compromised computer that need to be fixed.

The problems/threats are fake. Some examples follow.

The trojan contains an URL address. It tries to download a file from the address.

The file is stored in the following location:
  • %temp%mediacodec.exe
The file is then executed.

The following Registry entry is set:
  • [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
    Run]
    "mediacodec.exe" = "%temp%mediacodec.exe"
This way the trojan ensures that the file is executed on every system start.

The trojan may set the following Registry entries:
  • [HKEY_CURRENT_USERSoftware]
    "8636065b-fef0-4255-b14f-54639f7900a4" =
    "8636065b-fef0-4255-b14f-54639f7900a4"
The trojan runs the default Internet browser.

The trojan opens the following URLs:
  • http://vs-co[REMOVED].com/purchase.html
The following programs are terminated:
  • wmplayer.exe