Tom's Guide | Tom's Hardware | Tom's Games
![]() |
![]() |
![]() |
Read the Symantec write-up at
http://securityresponse.symantec.com/avcenter/venc/data/downloader.bo.html

hi jennifer,
here's some info on how to delete this trojan:
the alias' for this trojan are:
Troj/Zasil-A (Sophos), Trojan.Zasil (Symantec), TrojanClicker.Win32.Zasil (AVP)Method Of Infection:
This trojan connects to a remote website to retrieve "further instructions". At the time of analysis, the trojan simply retrieved another URL to access. It may store the contents of remote files retrieved in the Windows directory, such as winrtu32.exe.
Indications Of Infection
Presence of the file REGISTRY.exe in the Windows directory (note this filename is not the same as REGEDIT.EXE) with an icon typically associated with the Registry Editor:
As the trojan uses a remote website, the effects of an infection may vary as the site is modified.Virus Characteristics
A dropper of this trojans is believed to have been SPAMmed to many users. This trojan connects to a geocities.com user's site to retrieve a URL. It then navigates to that URL, passing the infected user's IP address and the string "Second,email_zasil". The trojan copies itself to the WINDOWS (%WinDir%) directory as REGISTRY.exe and creates a registry run key to load itself at startup:Windows 9x/ME:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "Registry Services" = C:\WINDOWS\REGISTRY.exe <(Delete this Key)Windows NT/2000/XP:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer\Run "0" = %windir%\registry.exe <(Delete this Key)
An additional key is also created:
HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager <(Delete this Key)The trojan is dropped by a file, often named MINENEW.exe.PIF or MINENEW.MPG.PIF. <(Delete this file)
The dropper extracts a JPG file to the %Temp% folder and opens it. <(Delete this file)This image is of pornographic nature.
for more info on trojans and their removal to www.thepublicworks.com security section and link to trojans, trojan ports, security dogs, firewalls and security, simovits consulting.
hope this helps, all the best
murve

Hello Jennifer,
I am going to believe nobody is reading this forum before starting to edit a post !!!
Why to try to eradicate a trojan virus manually when you have in your hand program made to do it ?
Some trojan's are almost undtectables as for exemple BUGBEAR which has a random combination to hide itself under almost 50 differents names.....
you have a program called Trojan Remover which has all of them in his database !!!
Why don't you use it ? this is a freeware for one month !!!!
Trojan Remover :
http://www.simplysup.com/tremover/details.html

![]() |
![]() |
![]() |

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |