Hi

I had an alert this morning from a file in System Restore, which I know is now harmless and I can deal with ok. I'm not querying why I got the alert, it seems like detection for this threat was added recently and this is why it is now being flagged.

I was curious about the Zlob signatures though. If you check the NOD32 update page some are shown as Win32/TrojanDownloader.Zlob and some have the 'extra bit' - TrojanDownloader.Zlob.AQD. I was just wondering what the difference was?

thanks

{QUOTE->
I was curious about the Zlob signatures though. If you check the NOD32 update page some are shown as Win32/TrojanDownloader.Zlob and some have the 'extra bit' - TrojanDownloader.Zlob.AQD. I was just wondering what the difference was?
<-QUOTE}

I think Win32/TrojanDownloader.Zlob is a generic signature as this gets updated quite frequently. This one seems to be used for the DNS changer (wareout) zlobs quite a lot, whereas the signatures with letters (e.g. Zlob.AQD) seem to be new variants of the fake security popup zlobs.

Londonbeat

I think the same Londonbeat. :)

Londonbeat is correct.

Cheers ;D

great, thanks for the info and verification guys!