Symptoms

Removal instructions:

Analyzed By

Technical Description:

This is a small trojan, possibly downloaded by other malware or sent by spam email and it usualy resides in
     %SYSTEM%\[random].exe

Some websites redirects will appear since it adds the following lines to the hosts file:
     82.98.xxx.xx    browser-security.microsoft.com
     82.98.xxx.xx    [xxx]-click-scanner.info
     82.98.xxx.xx    [xxx]virus-xp-pro-2009.com
     82.98.xxx.xx    microsoft.infosecuritycenter.com
     82.98.xxx.xx    microsoft.softwaresecurityhelp.com
     82.98.xxx.xx    [xxx]nenotifyq.net
     82.98.xxx.xx    [xxx]virusxp-pro-2009.com
     82.98.xxx.xx    microsoft.browser-security-center.com

The malware also connects to a remote addres, hard-coded into the binary file
     http://85.12.xx.xx/go/?cmp=hstwtch&ver=XXX&d=XXX
and set HKEY_LOCAL_MACHINE\SOFTWARE\ZLimited to value 1. If this fails, it would try and remove the registry key.