Win32/TrojanDownloader.Zlob trojan

Discussion in 'NOD32 version 2 Forum' started by rothko, Feb 7, 2007.

Thread Status:
Not open for further replies.
  1. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    Hi

    I had an alert this morning from a file in System Restore, which I know is now harmless and I can deal with ok. I'm not querying why I got the alert, it seems like detection for this threat was added recently and this is why it is now being flagged.

    I was curious about the Zlob signatures though. If you check the NOD32 update page some are shown as Win32/TrojanDownloader.Zlob and some have the 'extra bit' - TrojanDownloader.Zlob.AQD. I was just wondering what the difference was?

    thanks
     
  2. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    I think Win32/TrojanDownloader.Zlob is a generic signature as this gets updated quite frequently. This one seems to be used for the DNS changer (wareout) zlobs quite a lot, whereas the signatures with letters (e.g. Zlob.AQD) seem to be new variants of the fake security popup zlobs.

    Londonbeat
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I think the same Londonbeat. :)
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Londonbeat is correct.

    Cheers :D
     
  5. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    great, thanks for the info and verification guys!
     
Thread Status:
Not open for further replies.