This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Trojan-Downloader:W32/Zlob is a large family of malicious programs that download and install Spyware and Adware applications such as:
Many of these applications may also be classified as Rogueware.
Some later Zlob variants include a backdoor component which allow the attacker to manipulate the victim's PC.
Zlob itself is installed on the system by tricking the user into downloading a fake codec or protection system, such as:
Note: Most of the names above are also .com domains as well, e.g. VidCodecs.com. The installation process creates some of these files (depends on the variant).
Depending on the variant of Zlob, %DESTDIR% represents:
During installation, the following registry keys and Class IDs are created:
Description Created: 2010-06-03 11:28:21.0
Description Last Modified: 2011-11-15 17:00:00.0