|
LZIO Trojan Downloader Information
| Name: |
LZIO |
| Category: |
Trojan Downloader |
| Alias: |
- Alias: Backdoor.NeoUploader |
| Advice: |
Remove |
| Risk: |
High Risk
High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer. |
| Description:
|
LIZO is affiliated with freedownload.screensavers4free.net.
Connects to 'newupdates.lzio.com' and ''updates.lzio.com' to download updates.
When run on the victim machine, outgoing HTTP GET requests are sent to remote servers (domains as listed above). The request includes a identification string, that is also written to the Registry on the victim machine:
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMain
"NID" = (some ID string)
The downloader copies itself into the Windows system directory with a random filename, for example:
C:WINNTSYSTEM32VHUVFOE.EXE
A Registry key is added to run this copy of the trojan at system startup, for example:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion
Run "nssysconf" = C:WINNTSYSTEM32VHUVFOE.EXE
From the privacy policy:
"We distribute LZIO Media only to users who have been given the opportunity to review and accept our End User License Agreement (EULA) and this Privacy Policy before downloading any free software or content and thus before the LZIO Media is installed. If you believe you have received LZIO Media without having accepting the EULA, please let us know at customer-support@support.great-pc-software.com.
By downloading, installing, or using the free software or content containing LZIO Media, you agree to receive advertisements from LZIO.COM's business partners and associates. The ads may be displayed as "pop-up" and/or "pop-under" ads, or in other formats. LZIO Media may also add enhancements to your computer, such as the redirection of 404 pages, modification of your default Internet Explorer search page, and alternate links on certain html text links. By accepting the terms of the EULA, you agree that we have the right to run such advertisements and promotions without compensation to you. Your business dealings with, or participation in promotions of, advertisers found on or through LZIO Media, including payment and delivery of related goods or services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between you and the advertiser. You agree that LZIO.COM will not be responsible for any loss or damage of any sort incurred as the result of any such dealings or as the result of the presence of such advertisers with the LZIO Media network.
LZIO.COM does not require users to provide personal information. Personal information (your name, email address, mailing address, general profile information, preferences, and similar information) may sometimes be collected, on a voluntary basis, for special promotions, contests, and surveys. That information will only be collected with your consent. We may share, rent or sell personally identifying information you provide us to third parties.
In addition, we may collect the following information from your computer:
Click-stream data
HTTP protocol elements
Web sites/pages viewed
The amount of time spent at some Web sites
Response to the Advertisements displayed
Standard web log information including IP address and system settings
What software is on your personal computer
Information about the hardware of your personal computer
Search terms used
System data
Your usage characteristics and preferences
Your first name, last name, and zip/postal code
Other data at LZIO.COM's sole discretion
The information we collect may be used for any or all of the following purposes:
Completion and support of the cu
|
| Signatures:
|
process: hpdllhost.exe: MD5 Hash: 771cbf0d2689f150734...
process: hpdllhost.exe: MD5 Hash: .. |
| Type: |
Trojan Downloader - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy. |
Top Trojan Downloader Visited Pages:
TrojanDownloader:Win32/Small.ADO - 338 visits
Trojan.Downloader.Slvr - 201 visits
Trojan.Downloader.Small.ADR - Alias: TrojanDownloader:Win32/Small.ADR - 61 visits
Peper - Alias: Backdoor.VB.nb, pepar trojan, Quadro - 55 visits
Bagle.HP - 47 visits
Bagle.BV - 46 visits
Trojan.Downloader.U - 46 visits
Trojan.Dropper.AV - Alias: Troj/Dropper-AV - 44 visits
Trojan.Downloader.Small.HS - Alias: TrojanDownloader:Win32/Small.HS - 41 visits
eXact.Downloader - 41 visits
Random Trojan Downloader Pages:
Bagle.BY
KBL Uploader - Alias: TrojanNotifier.Win32.KBLup.100, TrojanNotifier.Win32.KBLup.201
Phi Firewall Bypass - Alias: TrojanDownloader.Win32.Phifwbypass
Trojan.Downloader.WUViewer - Alias: TrojanDownloader:Win32/Agent.EK
Dynamic Desktop Media
Trojan.Downloader.XXX
Trojan.Downloader.Small.LN - Alias: TrojanDownloader:Win32/Agent.LN
TrojanDownloader:Win32/Unclassified.C
AdServerNow
NeoUploader - Alias: Backdoor.NeoUploader
|
