Trojan-Downloader.Win32.Piker.zk Description

Trojan-Downloader.Win32.Piker.zk is a menacing program that can download harmful files from a remote server and execute them on a compromised PC. Trojan-Downloader.Win32.Piker.zk may also download rogue security software and display fake scans or pop-up adverts. Trojan-Downloader.Win32.Piker.zk has an encrypted section where the locations and names of malicious files, that it has to download and install via the internet, are stored. Trojan-Downloader.Win32.Piker.zk will also create a start-up registry once it has entered a victim’s system. The manual removal of Trojan-Downloader.Win32.Piker.zk may be difficult; however an anti-spyware program should easily detect and remove Trojan-Downloader.Win32.Piker.zk.

Type: Trojans

Aliases: PWS:Win32/Zbot.YE [Microsoft], Mal/Waled-B [Sophos].

How Can You Detect Trojan-Downloader.Win32.Piker.zk?

Trojan-Downloader.Win32.Piker.zk Technical Report

As new Trojan-Downloader.Win32.Piker.zk details are reported by our customers and findings from our Threat Research Center, we will update this section.

Trojan-Downloader.Win32.Piker.zk’s Country of Origin:

• Russian Federation

Trojan-Downloader.Win32.Piker.zk has typically the following processes in memory:

• %AppData%\shsyed\ehlxsysguard.exe

Trojan-Downloader.Win32.Piker.zk creates the following registry entries:

• JITDebug = 0×00000001
• [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
• [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
• [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
• [HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings]
• LowRiskFileTypes = “.exe”
• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• RunInvalidSignatures = 0×00000001
• SaveZoneInformation = 0×00000001
• [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
• qpncxusp = “%AppData%\shsyed\ehlxsysguard.exe”

Important Article Disclaimer