Zlob Virus

Discussion in 'Computer Support' started by psyched132@yahoo.ie, Jul 12, 2006.

  1. Guest

    Greetings all,

    Today I was infected with the Trojan/Zlob virus. Tell-tale signs of it
    were the presence of "regperf.exe" and "win*.tmp" files in %TEMP. This
    virus also seems to match the description of Dialer.GlobalAccess.

    Symantec's website on the virus is here:
    http://www.symantec.com/avcenter/venc/data/pf/trojan.zlob.html but
    there isn't a lot of information on it. I've no idea how I picked this
    one up. I don't know if it was over the Internet or through something
    I downloaded. Has anyone here experienced this virus as well?

    What exactly does it do? What kind of person information does the
    program transmit, I wonder. I decided to write up a post as there
    seems to be little info on the virus.

    Thanks,

    Anon (me).
     
    , Jul 12, 2006
    #1
    1. Advertising

  2. Guest

    wrote:

    |>Greetings all,
    |>
    |>Today I was infected with the Trojan/Zlob virus. Tell-tale signs of it
    |>were the presence of "regperf.exe" and "win*.tmp" files in %TEMP. This
    |>virus also seems to match the description of Dialer.GlobalAccess.
    |>
    |>Symantec's website on the virus is here:
    |>http://www.symantec.com/avcenter/venc/data/pf/trojan.zlob.html but
    |>there isn't a lot of information on it. I've no idea how I picked this
    |>one up. I don't know if it was over the Internet or through something
    |>I downloaded. Has anyone here experienced this virus as well?

    |>What exactly does it do?

    Exactly what part of:
    When Trojan.Zlob is executed, it performs the following actions:
    Didn't you understand.....
    http://www.honeynet.org/papers/bots/



    --
    http://blueballfixed.ytmnd.com/
     
    , Jul 12, 2006
    #2
    1. Advertising


  3. >
    > Exactly what part of:
    > When Trojan.Zlob is executed, it performs the following actions:
    > Didn't you understand.....
    > http://www.honeynet.org/papers/bots/
    >
    >
    >



    It is NOT a Bot or an Internet worm.
    The ZLob (aka; Puper) is a Trojan and it is not a virus.

    It is installed through Social Engineering techniques.
    Most common are fake Video Codecs or password generators.

    If a URL has the words "media" and "codec" or "video" and "codec" in the
    web site name and offers a free download - hint. It is really a ZLob
    Trojan installer.

    There are *many* ZLob Trojan variants. Most with the same payload and
    will lead to the installaition of other, non virus related, malware.

    Go to an appropriate anti virus News Group and you'll find some people
    with real knowledge about this Trojan !
     
    Simon I. Zealmann, Jul 12, 2006
    #3
  4. Guest

    "Simon I. Zealmann" <> wrote:

    |>
    |>>
    |>> Exactly what part of:
    |>> When Trojan.Zlob is executed, it performs the following actions:
    |>> Didn't you understand.....
    |>> http://www.honeynet.org/papers/bots/
    |>>

    |>
    |>It is NOT a Bot or an Internet worm.
    |>The ZLob (aka; Puper) is a Trojan and it is not a virus.

    Attempts to make HTTP connections to the following domains using
    different URLs, which allow the Trojan to ping, report it's status,
    and EXECUTE REMOTE FILES (I think they mean to execute remote
    commands):


    vnp7s.net
    zxserv0.com
    dumpserv.com


    It's a BOT, the only thing different about this one is it doesn't log
    into an IIRC channel to get instructions.

    And Puper doesn't show up either http://vx.netlux.org/

    --
    http://blueballfixed.ytmnd.com/
     
    , Jul 12, 2006
    #4
  5. wrote:

    >
    > Attempts to make HTTP connections to the following domains using
    > different URLs, which allow the Trojan to ping, report it's status,
    > and EXECUTE REMOTE FILES (I think they mean to execute remote
    > commands):
    >
    >
    > vnp7s.net
    > zxserv0.com
    > dumpserv.com
    >
    >
    > It's a BOT, the only thing different about this one is it doesn't log
    > into an IIRC channel to get instructions.
    >
    > And Puper doesn't show up either http://vx.netlux.org/
    >


    Your pseudo definition does not make it a Bot ! It is NOT a Bot !

    This is a Trojan. Please do your research at more than one anti virus
    vendor library. Here you look through ~240 ZLob variants -->
    http://www.sophos.com/support/knowl...s/?search=zlob&action=search&product_search=0

    You will find that there are many names given to a given sample; The
    following shows, ZLob, Puper, Popuper and EMCodec
    Other variants may be called "other" names.

    Complete scanning result of "mcodec-v5.107.exe", received in VirusTotal
    at 07.12.2006, 04:08:41 (CET).

    Antivirus Version Update Result
    AntiVir 6.35.0.21 07.11.2006 TR/Dldr.Zlob.VE
    Authentium 4.93.8 07.11.2006 no virus found
    Avast 4.7.844.0 07.11.2006 Win32:Zlob-FM
    AVG 386 07.11.2006 Downloader.Zlob.BFD
    BitDefender 7.2 07.12.2006 Trojan.Downloader.Zlob.PZ
    CAT-QuickHeal 8.00 07.11.2006 (Suspicious) - DNAScan
    ClamAV devel-20060426 07.11.2006 no virus found
    DrWeb 4.33 07.11.2006 Trojan.Popuper
    eTrust-InoculateIT 23.72.66 07.11.2006 Win32/Beovens.4lh!Trojan
    eTrust-Vet 12.6.2294 07.11.2006 no virus found
    Ewido 4.0 07.11.2006 no virus found
    Fortinet 2.77.0.0 07.12.2006 W32/Zlob.VE!tr.dldr
    F-Prot 3.16f 07.11.2006 no virus found
    F-Prot4 4.2.1.29 07.11.2006 no virus found
    Ikarus 0.2.65.0 07.11.2006 no virus found
    Kaspersky 4.0.2.24 07.12.2006 Trojan-Downloader.Win32.Zlob.ve
    McAfee 4804 07.11.2006 Puper
    Microsoft 1.1481 07.10.2006 no virus found
    NOD32v2 1.1654 07.11.2006 Win32/TrojanDownloader.Zlob.TF
    Norman 5.90.23 07.11.2006 W32/Zlob.KHE
    Panda 9.0.0.4 07.11.2006 Suspicious file
    Sophos 4.07.0 07.11.2006 no virus found
    Symantec 8.0 07.12.2006 Trojan.Emcodec.E
    TheHacker 5.9.8.173 07.11.2006 Trojan/Downloader.Zlob.uy
    UNA 1.83 07.11.2006 no virus found
    VBA32 3.11.0 07.11.2006 Trojan-Downloader.Win32.Zlob.ve
    VirusBuster 4.3.7:9 07.11.2006 Trojan.DR.Zlob.RC
     
    Simon I. Zealmann, Jul 12, 2006
    #5
  6. Guest

    , Jul 12, 2006
    #6
  7. wrote:
    > "Simon I. Zealmann" <> wrote:
    >
    > |>> It's a BOT
    >
    > |>It is NOT a Bot !
    >
    > Not my battle...
    >


    Concession is good ! :)
     
    Simon I. Zealmann, Jul 12, 2006
    #7
  8. Plato Guest

    wrote:
    >
    > Today I was infected with the Trojan/Zlob virus. Tell-tale signs of it


    1. Please state why you downloaded it?

    2. Please state why you installed it?


    --
    http://www.bootdisk.com/
     
    Plato, Jul 14, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Piper

    Zlob.Downloader

    Piper, Jun 28, 2006, in forum: Computer Support
    Replies:
    4
    Views:
    1,063
    Plato
    Jul 1, 2006
  2. System Restore - - Trojan.Zlob

    , Jul 23, 2006, in forum: Computer Support
    Replies:
    11
    Views:
    636
    Plato
    Jul 24, 2006
  3. Jon

    zlob

    Jon, Feb 26, 2007, in forum: Computer Support
    Replies:
    3
    Views:
    700
    MoonDoggie
    Feb 27, 2007
  4. penguin676

    Zlob.MovieBox Removal Question

    penguin676, May 24, 2007, in forum: Computer Support
    Replies:
    12
    Views:
    1,223
    Dustin Cook
    May 28, 2007
  5. whackamole

    Trojan zlob? Please help!

    whackamole, Sep 30, 2008, in forum: General Computer Support
    Replies:
    4
    Views:
    788
    wwtpsc
    Oct 16, 2008
Loading...

Share This Page