Threat Information for "Trojan.Popuper"
| Summary | Top |
- Name: Trojan.Popuper
- Aliases:Trojan.Downloader.Zlob.ZC, Trojan.Zlob, Downloader.Zlob.zd, Trojan-Downloader.Win32.Zlob.zd, Win32/TrojanDownloader.Zlob.VA, W32/Zlob.LHL
- Date Discovered: 2006-10-12
- Protection Added: 2006-10-12
| Description | Top |
-- Ease of Removal 1: Consistently named 2: Uses running processes 3: Runs as a BHO or shell extension 4: Creates new registry entries with consistent data 5: Consistent file contents -- Damage/Intrusion/Annoyance 1: Creates taskbar notification area icons 2: Creates user-visible icons 3: Displays deceptive error messages 4: Autoruns at startup without an option to be disabled 5: Significantly slows down the computer 6: Displays targeted popup advertisements 7: Creates new files 8: Downloads other threats -- Propagation/Saturation 1: Infects with other exploitation method 2: Installed by other infections 3: Bundled with third-party applications
| Technical Details | Top |
- Added Directory/File:
FilePath: %WINDIR%\APPLOG\NVCTRL.LGC - Added Directory/File:
FilePath: %SYSTEMDIR%\zphnok.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\ncompat.tlb - Added Directory/File:
FilePath: %WINDIR%\hp???.tmp - Added Directory/File:
FilePath: %CACHE%\*.exe FileSize: 14216 MD5: e863b97144765843e2a36d595581dfdf - Added Directory/File:
FilePath: %SYSTEMDIR%\1024 - Added Directory/File:
FilePath: %SYSTEMDIR%\isnotify.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\svchosts.dll - Added Directory/File:
FilePath: %RCOMMON%\Start Menu\Security Troubleshooting.url - Added Directory/File:
FilePath: %SYSTEMDIR%\stickrep.dll FileSize: 176128 MD5: 64a2c85d348afba55c30bc287482cb08 - Added Directory/File:
FilePath: %SYSTEMDIR%\hvnwm.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\nvctrl.exe - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\Media-Codec - Added Directory/File:
FilePath: %WINDIR%\Temp\*.exe FileSize: 14244 MD5: 8ff0b3ef853b62b940ee42b786693c26 - Added Directory/File:
FilePath: %RCOMMON%\Start Menu\Security Troubleshooting.url - Added Directory/File:
FilePath: %SYSTEMDIR%\issearch.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\ncompat.tlb - Added Directory/File:
FilePath: %COMMONDESKTOP%\Security Troubleshooting.url - Added Directory/File:
FilePath: %SYSTEMDIR%\ts.ico - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\*\pmuninst.exe - Added Directory/File:
FilePath: %CACHE%\*.exe FileSize: 11544 MD5: 9f687f2e9c1eba2ec12ab1924647b3c8 - Added Directory/File:
FilePath: %SYSTEMDIR%\dfrgsrv.exe FileSize: 15681 MD5: b47402bb062c7af8cb7c2ecb73fb2269 - Added Directory/File:
FilePath: %COMMONDESKTOP%\Security Troubleshooting.url - Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll MD5: f28cc867ec951e96af3fb1da95cdc45c - Added Directory/File:
FilePath: %SYSTEMDIR%\ginuerep.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\ld????.tmp - Added Directory/File:
FilePath: %CACHE%\mssearchnet*.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\simpole.tlb - Added Directory/File:
FilePath: %SYSTEMDIR%\components\flx?.dll - Added Directory/File:
FilePath: %CACHE%\nvctrl*.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\hp*.tmp - Added Directory/File:
FilePath: %WINDIR%\APPLOG\MSCORNET.1.LGC - Added Directory/File:
FilePath: %SYSTEMDIR%\httge.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\mscornet.exe - Added Directory/File:
FilePath: %WINDIR%\hp????.tmp - Added Directory/File:
FilePath: %SYSTEMDIR%\1024\*.tmp - Added Directory/File:
FilePath: %SYSTEMDIR%\ot.ico - Added Directory/File:
FilePath: %SYSTEMDIR%\ixt?.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\ts.ico - Added Directory/File:
FilePath: %CACHE%\syg*.db - Added Directory/File:
FilePath: %WINDIR%\APPLOG\MSCORNET.LGC - Added Directory/File:
FilePath: %USERFAVORITES%\Online Security Test.url - Added Directory/File:
FilePath: %SYSTEMDIR%\msvol.tlb - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\X Password Manager - Added Directory/File:
FilePath: %WINDIR%\Temp\*.exe FileSize: 289 MD5: b1fd6d9b615627a645a46077312c2133 - Added Directory/File:
FilePath: %USERFAVORITES%\Antivirus Test Online.url - Added Directory/File:
FilePath: %SYSTEMDIR%\ismon.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\ot.ico - Added Directory/File:
FilePath: %RCOMMON%\Start Menu\Online Security Guide.url - Added Directory/File:
FilePath: %WINDIR%\Temp\awtmp - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\*\ts.ico - Added Directory/File:
FilePath: %TEMPDIR%\*.exe FileSize: 13731 MD5: 97c3f0e6d19c4af54dfd65725ab01183 - Added Directory/File:
FilePath: %SYSTEMDIR%\interf.tlb FileSize: 6656 MD5: c83f9a6b831407147dad736742eb11fa - Added Directory/File:
FilePath: %RCOMMON%\Start Menu\Online Security Guide.url - Added Directory/File:
FilePath: %SYSTEMDIR%\win???32.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\ishost.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\msvol.tlb - Added Directory/File:
FilePath: %COMMONDESKTOP%\Online Security Guide.url - Added Directory/File:
FilePath: %SYSTEMDIR%\stdole3.tlb - Added Directory/File:
FilePath: %SYSTEMDIR%\components - Added Directory/File:
FilePath: %CACHE%\*.exe MD5: 9f687f2e9c1eba2ec12ab1924647b3c8 - Added Directory/File:
FilePath: %USERFAVORITES%\Antivirus Test Online.url - Added Directory/File:
FilePath: %COMMONDESKTOP%\Online Security Guide.url - Added Directory/File:
FilePath: %SYSTEMDIR%\dpfwu.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\mssearchnet.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\ld???.tmp - Added Directory/File:
FilePath: %SYSTEMDIR%\1024 - Added Directory/File:
FilePath: %SYSTEMDIR%\sbnudh.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\ixt??.dll - Added Directory/File:
FilePath: %CACHE%\mscornet*.exe - Added Directory/File:
FilePath: %CACHE%\dbver*.dat - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\sex-pics.biz - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\trackhits.cc - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{5753791b-f607-48ca-814e-91c14d081f9e} - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\Internet Explorer Security Plugin 2006 - Added Registry Key:
Key: HKLM\%BHOREG%\{724510c3-f3c8-4fb7-879a-d99f29008a2f} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\windfind4u.com - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\zviframe.biz - Added Registry Key:
Key: HKCU\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{70305bc2-b289-4209-a344-be21f22bc930} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\loadcash.biz - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\sex-pics.biz - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} - Added Registry Key:
Key: HKCR\CLSID\{5753791b-f607-48ca-814e-91c14d081f9e} - Added Registry Key:
Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\vparivalka.com - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\windfind4u.com - Added Registry Key:
Key: HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\zcodec.com - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\all-tgp.org - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\loadcash.biz - Added Registry Key:
Key: HKCU\Software\Classes\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Ranges - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\tracktraff.cc - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\vparivalka.com - Added Registry Key:
Key: HKCR\CLSID\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\zcodec.com - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\Public Messenger ver 2.03 - Added Registry Key:
Key: HKCR\CLSID\{1CA480CD-C0E5-4548-874E-B85B17905B3A} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\all-tgp.org - Added Registry Key:
Key: HKCR\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Ranges - Added Registry Key:
Key: HKLM\%BHOREG%\{e0103cd4-d1ce-411a-b75b-4fec072867f4} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\EMediaCodek.Chl - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\toolbarbiz.biz - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\tracktraff.cc - Added Registry Key:
Key: HKLM\SOFTWARE\Microsoft\Windows\Curre - Added Registry Key:
Key: HKCU\Software\Internet Security - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\Internet Security Add-On - Added Registry Key:
Key: HKLM\%BHOREG%\{1ca480cd-c0e5-4548-874e-b85b17905b3a} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\xawm.biz - Added Registry Key:
Key: HKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{1984CD59-22F9-46A9-8EB8-EEAB858B2037} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\s13.tempx.cc - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\toolbarbiz.biz - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Ext\Stats\{5753791B-F607-48CA-814E-91C14D081F9E} - Added Registry Key:
Key: HKLM\%BHOREG%\{202a961f-23ae-42b1-9505-ffe3c818d717} - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Explorer\Browser Helper Objecta - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\win-eto.com - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\xawm.biz - Added Registry Key:
Key: HKCR\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\Zones\? - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AVZipEnchancer.Chl - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\free-spy-cam.net - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\s13.tempx.cc - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279} - Added Registry Key:
Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win???32 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\traff-store.com - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\win-eto.com - Added Registry Key:
Key: HKCR\%BHOREG%\{e0103cd4-d1ce-411a-b75b-4fec072867f4} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\gromozon.com - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\Safety Alerter 2006 - Added Registry Key:
Key: HKCR\CLSID\{A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\free-spy-cam.net - Added Registry Key:
Key: HKCU\Software\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} - Added Registry Key:
Key: HKCU\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\VSEnchancer.Chl - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\trackhits.cc - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\traff-store.com - Added Registry Key:
Key: HKLM\%BHOREG%\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\gromozon.com - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\MPVIDEOCODEC - Added Registry Key:
Key: HKLM\%BHOREG%\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\EscDomains\zviframe.biz - Added Registry Key:
Key: HKCR\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} - Added Registry Key:
Key: HKLM\%BHOREG%\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{0354A901-C606-4DCC-8EA3-4F3383ECE67C} - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\SoftCodec - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: homepage.monitor.exe - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Explorer\SharedTaskScheduler Value: {70305bc2-b289-4209-a344-be21f22bc930} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: kernel32.dll - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\explorer\run Value: nvctrl.exe - Added Registry Value:
Key: HKLM\SOFTWARE\Licenses Value: {I7AF20935CB7B83E2} - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Value: {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\explorer\run Value: kernel32.dll - Added Registry Value:
Key: HKLM\SOFTWARE\Licenses Value: {R7C0DB872A3F777C0} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\explorer\run Value: isamonitor.exe - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: pmsngr.exe - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Value: {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: issearch.exe - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Explorer\SharedTaskScheduler Value: {dfa61db1-388e-4c87-8d56-540fa229bcb4} - Added Registry Value:
Key: HKLM\SOFTWARE\Licenses Value: {07AF20935CB7B83E2} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: ishost.exe - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\explorer\run Value: wininet.dll - Added Registry Value:
Key: HKLM\SOFTWARE\Licenses Value: {K7C0DB872A3F777C0} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\explorer\run Value: nvctrl.exe - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Explorer\SharedTaskScheduler Value: {f31aee4a-1530-4fef-8537-79c6973bff9a} - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser Value: {479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Explorer\SharedTaskScheduler Value: {7be183d2-a42d-4915-bf60-ec86fbf002cf} - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: [RANDOM VALUE] Data: Media-Codec - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\ShellServiceObjectDelayLoad Value: [RANDOM VALUE] Data: {f31aee4a-1530-4fef-8537-79c6973bff9a} - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\ShellServiceObjectDelayLoad Value: [RANDOM VALUE] Data: {70305bc2-b289-4209-a344-be21f22bc930} - Added Registry Data:
Key: HKCR\CLSID\*\InprocServer32 Value: [RANDOM VALUE] Data: Media-Codec - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\ShellServiceObjectDelayLoad Value: [RANDOM VALUE] Data: {dfa61db1-388e-4c87-8d56-540fa229bcb4} - Added Registry Data:
Key: HKLM\SOFTWARE\Classes\CLSID\*\InprocServer32 Value: [RANDOM VALUE] Data: Media-Codec
