My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.LowZones.SL

VERY LOW
VERY LOW
2 kb
(Trojan.LowZones, TR/QLowZones.S, W32/QlowZones.A!tr, Generic QLowZones.a)

Symptoms

The trojan is a security threat for system when using Internet Explorer 6 or another further version.

The user can notice changes the browsers properties ( Internet Explorer -> Tools -> Privacy ). The malware alters the settings for Privacy that are noticeable from the slider and sets it to "Accept all cookies".

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

The trojan acts as a security menace that makes the system unsafer for surfing the Internet.

It has the folowing behavior :
  1. First it makes a check for the targeted security settings using PrivacyGetZonePreferenceW function . This will access values of the registries contained by this registry key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C80120}
  2. Afterward it changes it , if not the lowered values are already set, into the same registry key mentioned earlier with the function PrivacySetZonePreferenceW altering a value PRIVACY_TEMPLATE_LOW (with the numeric value of 5) and creates this registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivacyAdvanced containing 0x0 . This is the same as Accept All Cookies on the Privacy Preferences slider bar in Internet Options.
  3. The trojan lowers security that other malware ("malicious software") can launch cookies in the system browser thus increasing the chance of indentity theft or browsing tracking.



More on changing the advanced settings on Internet Explorer here.