When Adware.ZioCom.C is executed, it performs the following actions:
- Copies itself as %Windir%\[7 random letters].exe
For example: C:\WINNT\eodbngt.exe
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Adds the value:
"nsysconf" = "%Windir%\[7 random letters].exe"
to the registry key:
so that it runs when you start Windows.
- Creates the following registry key:
- Sends out local information, such as:
- Installed applications
- Recently played media files
- Microsoft Windows information
- Microsoft Internet Explorer settings
- Visited Web sites
- May download files from lzio.com and execute them.
- Displays advertisements from www.adsincontext.com.