What is Trojan.Zlop.B

Trojan Zlob is a Backdoor, which can potentially get the control of your system and open it to external vulnerabilities and attacks. It changes your system registry values and automatically starts up on every reboot. It modifies system properties so as to hide its activities from many security processes in your computer.

Trojan.Zlob.B allows remote servers to install malware scripts on your system, which can modify the system properties and steal your valuable data.

When Trojan.Zlob.B is executed, it performs the following actions:

  1. Copies itself as %System%\msmsgs.exe.

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Adds the value:

    "RegSvr32" = "%System%\msmsgs.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows starts.

  3. Adds the value:

    "Shell" = "Explorer.exe, msmsgs.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

    so that it runs every time Windows starts.

  4. Adds the value:

    "notepad.exe" = "msmsgs.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \policies\explorer\run

  5. Adds the value:

    "uuid" = "86c29b2f-3389-418b-9b47-c2b09b6abc07"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

    as an infection marker.

  6. Injects itself into explorer.exe to hide its presence on the compromised computer.
  7. Opens a back door by attempting to open HTTP connections to the dumpserv.com domain.
  8. Listens for commands from a remote attacker to perform some of the following actions on the compromised computer:
    • Ping remote computers
    • Report the status of the threat
    • Download and execute remote files

Technical Details of Trojan.Zlop.B

  • Full name: Trojan.Zlop.B
  • Date Appeared: 2005
  • Characteristic: Trojan Horse
  • URL:

Do I need to remove Trojan.Zlop.B

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > >Download< < <

Free Scanner for Trojan.Zlop.B

.

How to Uninstall Trojan.Zlop.B scam

remove-registry-doctor-2008

The best way for the removal of Trojan.Zlop.B is to install a good quality Anti-spyware Program and scan your system for any Trojan.Zlop.B infections.

Automatic removal of Trojan.Zlop.B is always good and complete as compared to any attempts to manually remove Trojan.Zlop.B, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Trojan.Zlop.B.

Instructions to get rid of Trojan.Zlop.B

If you really want to remove the Trojan.Zlop.B infection on your system manually then proceed as follows.

Step 1: Kill the Trojan.Zlop.B ProcessesLearn how to do that

%program_files%registrydoctor2008registrydoctor.exe
rgd_freeinstaller.exe

Step 2: Remove Trojan.Zlop.B files, folders and all associated Trojan.Zlop.B DLL files: Learn how to do that

%program_files%registrydoctor2008registrydoctor.exe
%program_files%registrydoctor2008registrydoctor.ini
rgd_freeinstaller.exe
%common_programs%registrydoctor2008registrydoctor2008.lnk
%desktopdirectory%registrydoctor2008.lnk
%profile%application datamicrosoftinternet explorerquick launchregistrydoctor2008.lnk
%program_files%registrydoctor2008registrydoctor.exe
rgd_freeinstaller.exe

%common_programs%registrydoctor2008
%program_files%registrydoctor2008

Step 3: Uninstall Trojan.Zlop.B registry entries: Learn how to do that

HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversioninternet settings5.0user agentpost platform 3p_urgd 1.0.6.0
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun registrydoctor2008
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallregistrydoctor2008
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallregistrydoctor2008 displayicon
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallregistrydoctor2008 displayname
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallregistrydoctor2008 uninstallstring
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun registrydoctor2008

Free Scan for Trojan.Zlop.B