1. /
  2. Security Response/
  3. Adware.ZioCom.C

Adware.ZioCom.C

Updated:
February 13, 2007 11:42:08 AM
Type:
Adware
Risk Impact:
High
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.ZioCom.C is executed, it performs the following actions:

  1. Copies itself as %Windir%\[7 random letters].exe

    For example: C:\WINNT\eodbngt.exe

    Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Adds the value:

    "nsysconf" = "%Windir%\[7 random letters].exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs when you start Windows.

  3. Creates the following registry key:

    HKEY_CLASSES_ROOT\CLSID\{0273F826-C153-4293-A001-2412221726BC}

  4. Sends out local information, such as:
    • Installed applications
    • Recently played media files
    • Microsoft Windows information
    • Microsoft Internet Explorer settings
    • Visited Web sites

  5. May download files from lzio.com and execute them.

  6. Displays advertisements from www.adsincontext.com.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver