Need to fix your PC?
Hire an Expert
Virus:Adware/Zugo.G
Date discovered:12/04/2012
Type:Adware/Spyware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:100712 Bytes
MD5 checksum:123d7daf6acf2b05d7b977ed07b05ec3
VDF version:7.11.27.128 - Thursday, April 12, 2012
IVDF version:7.11.27.128 - Thursday, April 12, 2012

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification

 Files It copies itself to the following location:
   • %Temp%\sample.exe

 Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
   • "ZTBHotfix5"="\"%Temp%\\sample.exe\" -REBOOT"

 Miscellaneous  Checks for an internet connection by contacting the following web sites:
   • http://utrack.**********.com/reg?c=**********.installer.ztb.pidupdaterun
   • http://utrack.**********.com/reg?c=**********.installer.ztb.pidupdate&toolbar_id=


Event handler:
It creates the following Event handler:
   • FtpCreateDirectoryA


String:
Furthermore it contains the following string:
   • darklogic.org

Description inserted by Wensin Lee on Friday, June 15, 2012
Description updated by Wensin Lee on Friday, June 15, 2012

Back . . . .
 
 
 
 

© 2013 Avira Operations GmbH & Co. KG. All rights reserved.

My Account

https:// This window is encrypted for your security.