Trojan.Emcodec

Printer Friendly Page

Discovered: April 06, 2006
Updated: April 06, 2006 7:59:05 AM
Systems Affected: Windows

Trojan.Emcodec is a Trojan horse that drops and executes a copy of Trojan.Zlob.J (MCID 7387). The Trojan is an installer for eMediaCodec that is a codec for Windows Media Player.

Antivirus Protection Dates

  • Initial Rapid Release version April 06, 2006
  • Latest Rapid Release version November 07, 2019 revision 022
  • Initial Daily Certified version April 06, 2006
  • Latest Daily Certified version November 04, 2019 revision 065
  • Initial Weekly Certified release date April 12, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.


Technical Description

Trojan.Emcodec is a Trojan horse that drops and executes a copy of Trojan.Zlob.J (MCID 7387). The Trojan is an installer for eMediaCodec that is a codec for Windows Media Player.

Once executed, the Trojan displays the EULA of eMediaCodec.

It then drops the following files:
%ProgramFiles%\eMedia Codec\ecodec.exe
%ProgramFiles%\eMedia Codec\uninst.exe
%System%\dfrgsrv.exe (This file is a copy of Trojan.Zlob.J)

The Trojan creates the following registry entry:
lHKEY_CLASSES_ROOT\EMediaCodec.Chl\CLSID\"" = "{6BF52A52-394A-11D3-B153-00C04F79FAA6}"

The Trojan creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eMedia Codec

The Trojan then executes the copy of Trojan.Zlob.J it dropped and deletes the file %ProgramFiles%\eMedia Codec\ecodec.exe.