About: Zlob trojan

Property	Value
dbo:abstract	The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006. Once installed, it displays popup ads which appear similar to real Microsoft Windows warning popups, informing the user that their computer is infected with spyware. Clicking these popups triggers the download of a fake anti-spyware program (such as Virus Heat and MS Antivirus (Antivirus 2009)) in which the Trojan horse is hidden. The Trojan has also been linked to downloading atnvrsinstall.exe which uses the Windows Security shield icon to look as if it is an anti-virus installation file from Microsoft. Having this file run can wreak havoc on computers and networks. One typical symptom is random computer shutdowns or reboots with random comments. This is caused by the programs using Task Scheduler to run a file called "zlberfker.exe." Project Honeypot Spam Domains List (PHSDL) tracks and catalogs spam domains. Some of the domains on the list are redirects to porn sites and various video watching sites that show a number of inline videos. Playing videos on these sites activates a request to download an ActiveX codec which is malware. It prevents the user from closing the browser in the usual manner. Other variants of Zlob Trojan installation come in the form of a Java cab file masquerading as a computer scan. There is evidence that the Zlob Trojan might be a tool of the Russian Business Network or at least of Russian origin. (en)
dbo:wikiPageExternalLink	http://flashbladez.blogspot.com/ http://forum.malekal.com/viewtopic.php%3Ff=66&t=11252 http://forums.techguy.org/malware-removal-hijackthis-logs/580666-solved-win32-zlob-trojan-removal.html http://rbnexploit.blogspot.com/2007/11/rbn-fake-codecs.html http://www.geekstogo.com/forum/Malware-Removal-HijackThis-Logs-Go-Here-f37.html http://www.spywareinfoforum.com/index.php%3Fshowforum=18 https://web.archive.org/web/20071201202639/http:/www.jahewi.nl/lists/fakecodecs/fakecodecs.html https://web.archive.org/web/20080330124332/http:/siri.urz.free.fr/Fix/ https://web.archive.org/web/20120324004901/http:/www.dns-ok.gov.au/
dbo:wikiPageID	12633640 (xsd:integer)
dbo:wikiPageLength	8133 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1099104019 (xsd:integer)
dbo:wikiPageWikiLink	dbr:MS_Antivirus_(malware) dbr:DNSChanger dbr:Spyware dbr:RSPlug dbr:Domain_name_system dbr:Avira dbc:Hacking_in_the_2000s dbc:Windows_trojans dbr:Trend_Micro dbr:Windows_Registry dbr:ActiveX dbr:F-Secure dbr:Federal_Bureau_of_Investigation dbr:NortonLifeLock dbr:Java_(programming_language) dbc:Trojan_horses dbc:Adware dbr:Kaspersky_Lab dbr:Trojan_horse_(computing) dbr:Popup_ad dbr:Microsoft dbr:Microsoft_Windows dbr:Russian_Business_Network dbr:Spam_(electronic) dbr:Malware dbr:Trojan.Win32.DNSChanger dbr:Rogue_software dbr:Search-daily_Hijacker dbr:Fake_codec dbr:Task_Scheduler
dbp:commonName	Zlob (en)
dbp:date	January 2021 (en)
dbp:reason	Please explain what is meant by 'random comments'. (en) The sentence preceding this tag requires updating with current information. (en)
dbp:subtype	Spyware (en)
dbp:technicalName	* TrojanDownloader:Win32/Zlob * Trojan.Zlob * Trojan.Zlob.[Letter] * Trojan-Downloader:W32/Zlob * Win32.Trojandownloader.Zlob * Trojan-Downloader.Win32.Zlob * TROJ_ZLOB.[Letter] * Trojan-Downloader.Win32.Zlob.[letter] * Downloader.Win32.Zlob.[Letter] * TR/Dldr.Zlob.Gen * TR/Drop.Zlob.[Letter] (en)
dbp:type	Malware (en)
dbp:wikiPageUsesTemplate	dbt:Citation_needed dbt:Explain dbt:Infobox_computer_virus dbt:Reflist dbt:Short_description dbt:Update_inline dbt:Use_dmy_dates dbt:Hacking_in_the_2000s
dcterms:subject	dbc:Hacking_in_the_2000s dbc:Windows_trojans dbc:Trojan_horses dbc:Adware
gold:hypernym	dbr:Horse
rdf:type	dbo:Person
rdfs:comment	The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006. Once installed, it displays popup ads which appear similar to real Microsoft Windows warning popups, informing the user that their computer is infected with spyware. Clicking these popups triggers the download of a fake anti-spyware program (such as Virus Heat and MS Antivirus (Antivirus 2009)) in which the Trojan horse is hidden. (en)
rdfs:label	Zlob trojan (en)
owl:sameAs	freebase:Zlob trojan wikidata:Zlob trojan https://global.dbpedia.org/id/4xj6h
prov:wasDerivedFrom	wikipedia-en:Zlob_trojan?oldid=1099104019&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Zlob_trojan
is dbo:wikiPageRedirects of	dbr:Zlob_Trojan dbr:Downloader.Zlob dbr:Zlob dbr:Mal_Zlob dbr:Mal_Zlob-16 dbr:Trojan.Zlob dbr:Trojan.zlob dbr:TrojanDownloader.Zlob dbr:Win32/TrojanDownloader.Zlob
is dbo:wikiPageWikiLink of	dbr:Timeline_of_computer_viruses_and_worms dbr:RSPlug dbr:Emcodec dbr:W32.Myzor.FK@yf dbr:Zlob_Trojan dbr:Microsoft_Word dbr:Browser_hijacking dbr:VirusHeat dbr:Trojan.Win32.DNSChanger dbr:Downloader.Zlob dbr:Zlob dbr:Mal_Zlob dbr:Mal_Zlob-16 dbr:Trojan.Zlob dbr:Trojan.zlob dbr:TrojanDownloader.Zlob dbr:Win32/TrojanDownloader.Zlob
is foaf:primaryTopic of	wikipedia-en:Zlob_trojan