Win32/TrojanDownloader.Zlob trojan

rothko · Feb 7, 2007

Hi

I had an alert this morning from a file in System Restore, which I know is now harmless and I can deal with ok. I'm not querying why I got the alert, it seems like detection for this threat was added recently and this is why it is now being flagged.

I was curious about the Zlob signatures though. If you check the NOD32 update page some are shown as Win32/TrojanDownloader.Zlob and some have the 'extra bit' - TrojanDownloader.Zlob.AQD. I was just wondering what the difference was?

thanks

Londonbeat · Feb 7, 2007

rothko said:

I was curious about the Zlob signatures though. If you check the NOD32 update page some are shown as Win32/TrojanDownloader.Zlob and some have the 'extra bit' - TrojanDownloader.Zlob.AQD. I was just wondering what the difference was?
Click to expand...

I think Win32/TrojanDownloader.Zlob is a generic signature as this gets updated quite frequently. This one seems to be used for the DNS changer (wareout) zlobs quite a lot, whereas the signatures with letters (e.g. Zlob.AQD) seem to be new variants of the fake security popup zlobs.

Londonbeat

pykko · Feb 7, 2007

I think the same Londonbeat.

Blackspear · Feb 7, 2007

Londonbeat is correct.

Cheers

rothko · Feb 7, 2007

great, thanks for the info and verification guys!

Log in or Sign up

Win32/TrojanDownloader.Zlob trojan

rothko Registered Member

Londonbeat Registered Member

pykko Registered Member

Blackspear Global Moderator

rothko Registered Member

Log in or Sign up

Win32/TrojanDownloader.Zlob trojan

rothko Registered Member

Londonbeat Registered Member

pykko Registered Member

Blackspear Global Moderator

rothko Registered Member

Useful Searches