Trojan.Zlob.CKZ
MEDIUM
VERY LOW
20992
(Trojan-Downloader.Win32.Zlob.nwr
Win32/TrojanDownloader.Zlob.BYT
TR/Dldr.Zlob.nwr)
Symptoms
Presence of the following directories:
%ProgramFilesDir%\VirusHeat 4.4\
%ProgramFilesDir%\NetProject\
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Sorin Ciorceri, virus researcher
Technical Description:
At execution the trojan access the following webpage:
http://69.50.164.54/this/[removed]/stereo/music.php,
using "internetsecurity" as UserAgent.
Then downloads and executes the file:
http://dl1.virusheat.com/downloads/[removed]/vrh_setup.exe
which installs a rogue antivirus and display fake security alerts or notifications
to trick user to buy the paid version of VirusHeat
SHARE
THIS ON