Zlob Description

Zlob (also known as Zlob-X.a, Zlob-XA and Troj/Zlob-XA) is a backdoor parasite that is designed as a hijacking tool. Zlob has the ability to modify essential computer settings, as well as certain registry entries to start at every Windows boot and remain hidden while performing its devious acts. While running in stealth mode, Zlob enables a remote hacker to connect to your computer and dominate it entirely. When Zlob is at work, the attacker has a full authority to download and install supplementary malware applications onto your computer, execute certain commands and steal your personal and financial data. Zlob may also pop-up fake warning messages stating that your computer is infected with the following parasites:

W32.Myzor.FK@yf
Trojan-Spy.Win32.mx
Spyware.CyberLog-X

Zlob may also install corrupt anti-spyware applications onto your computer without your consent and approval. Many of the notorious software (including IEDefender, SpyShredder, AntiVirGear, WinAntiVirus Pro 2007, Ultimate Cleaner and SecurePCCleaner) are often distributed by Zlob. We strongly recommend removing Zlob from your system using malware removal tools to dispose of this dangerous parasite once and for all.

Type: Backdoors

How Can You Detect Zlob?

Zlob Technical Report

As new Zlob details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Zlob files with its MD5s were created in the system:

Zlob has typically the following processes in memory:

• zxserv0.com
• antzozc.dll
• msmsgs.exe
• dtjby.dll
• nvctrl.exe
• dumpserv.com
• uimcu.dll

Zlob creates the following registry entries:

• HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
• HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe

Important Article Disclaimer