Trojan.Zlob.CKZ
%ProgramFilesDir%\VirusHeat 4.4\
%ProgramFilesDir%\NetProject\
At execution the trojan access the following webpage:
http://69.50.164.54/this/[removed]/stereo/music.php,
using "internetsecurity" as UserAgent.
Then downloads and executes the file:
http://dl1.virusheat.com/downloads/[removed]/vrh_setup.exe
which installs a rogue antivirus and display fake security alerts or notifications
to trick user to buy the paid version of VirusHeat
SHARE
THIS ON