Beware of zCodec: it's malware

Discussion in 'DVD Video' started by Jeff, Sep 5, 2006.

  1. Jeff

    Jeff Guest

    There's a new video codec being offered that
    claims to offer up to 40% better compression,
    but in fact is adware which can download and
    install files, changes your DNS configuration,
    and monitors adult websites. Downloaded files
    can include the Trojan Ruins.MB, which
    conceals itself using rootkit techniques.

    http://www.techworld.com/security/news/index.cfm?newsID=6781
     
    Jeff, Sep 5, 2006
    #1
    1. Advertising

  2. From: "Jeff" <>

    | There's a new video codec being offered that
    | claims to offer up to 40% better compression,
    | but in fact is adware which can download and
    | install files, changes your DNS configuration,
    | and monitors adult websites. Downloaded files
    | can include the Trojan Ruins.MB, which
    | conceals itself using rootkit techniques.
    |
    | http://www.techworld.com/security/news/index.cfm?newsID=6781

    It is produced by the SAME 'codec' guys who are creating the ZLob Trojan installers that are
    disguised as Video Codecs.

    The files that come from them are named such as...
    dvdcodec1000.exe
    ZCodec1000.exe

    The ZLob installers will have names like...
    sv-codec-v4_01a.exe
    mediacodec-4.207.exe
    intcodec-v6.535.exe
    intcodec-v6.107.exe

    The numbers in the above will vary be will be the same. Today intcodec-v6.535.exe and
    intcodec-v6.107.exe will have the same MD5 checksum and will install a new ZLob variant but
    Tomorrow, they will habve a new MD5 checsum and install a new ZLob variant.

    Kaspersky calls the the one that are DNS Changers "Trojan.Win32.DNSChanger"
    New variants are being created on a regular basis just like the ZLob Trojans.

    I will also note that the files dvdcodec1000.exe and ZCodec1000.exe can change between a
    ZLob installer and a DNS Changer.

    The last time I tested "ZCodec1000.exe" I got Trojan.Win32.DNSChanger.xx where .xx was the
    variant which I didn't keep a record of.

    This is Tonite's test...

    ---[ www.virustotal.com ]---------------------------

    Complete scanning result of "ZCodec1000.exe", received in VirusTotal at 09.05.2006, 03:17:37
    (CET).

    Antivirus Version Update Result
    AntiVir 7.1.1.11 09.04.2006 TR/Drop.Zlob.acn
    Authentium 4.93.8 09.03.2006 no virus found
    Avast 4.7.844.0 09.04.2006 no virus found
    AVG 386 09.04.2006 Downloader.Zlob.DEZ
    BitDefender 7.2 09.05.2006 Trojan.Downloader.Zlob.ZCO
    CAT-QuickHeal 8.00 09.04.2006 no virus found
    ClamAV devel-20060426 09.05.2006 no virus found
    DrWeb 4.33 09.04.2006 no virus found
    eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
    eTrust-Vet 30.3.3061 09.04.2006 no virus found
    Ewido 4.0 09.04.2006 no virus found
    Fortinet 2.77.0.0 09.04.2006 no virus found
    F-Prot 3.16f 09.04.2006 no virus found
    F-Prot4 4.2.1.29 09.04.2006 no virus found
    Ikarus 0.2.65.0 09.04.2006 no virus found
    Kaspersky 4.0.2.24 09.05.2006 no virus found
    McAfee 4844 09.04.2006 no virus found
    Microsoft 1.1560 09.03.2006 no virus found
    NOD32v2 1.1739 09.04.2006 a variant of Win32/TrojanDownloader.Zlob
    Norman 5.90.23 09.04.2006 no virus found
    Panda 9.0.0.4 09.04.2006 no virus found
    Sophos 4.09.0 09.05.2006 no virus found
    Symantec 8.0 09.04.2006 no virus found
    TheHacker 5.9.8.204 09.04.2006 no virus found
    UNA 1.83 09.05.2006 no virus found
    VBA32 3.11.1 09.04.2006 no virus found
    VirusBuster 4.3.7:9 09.03.2006 no virus found


    Aditional Information
    File size: 97321 bytes
    MD5: 0e26f1e751d94be278887760f79a1f53
    SHA1: b97d2a39b940eb6457637e20e6d5d454a335943f




    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 5, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NEMISIES

    Beware !!!!! Do Not Open If U Recieve !!!

    NEMISIES, Jun 22, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    1,351
    Sam Spade
    Jun 22, 2003
  2. Just Me

    !!!AD-AWARE -- BEWARE!!!

    Just Me, Sep 20, 2003, in forum: Computer Support
    Replies:
    27
    Views:
    1,020
    [ Doc Jeff ]
    Sep 21, 2003
  3. Jim Prather

    beware

    Jim Prather, Oct 1, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    655
    Petit Alexi
    Oct 1, 2003
  4. xman Charlie

    beware newest 7.0 Sound Forge Sony

    xman Charlie, Oct 10, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    428
    xman Charlie
    Oct 10, 2003
  5. Mikey
    Replies:
    13
    Views:
    744
Loading...

Share This Page