Trojan.LowZones.SL

MUITO BAIXO
MUITO BAIXO
2 kb
(Trojan.LowZones, TR/QLowZones.S, W32/QlowZones.A!tr, Generic QLowZones.a)

Sintomas

The trojan is a security threat for system when using Internet Explorer 6 or another further version.

The user can notice changes the browsers properties ( Internet Explorer -> Tools -> Privacy ). The malware alters the settings for Privacy that are noticeable from the slider and sets it to "Accept all cookies".

Instruções para remoção:

Please let BitDefender disinfect your files.

Analisado por

Daniel Chipiristeanu, virus researcher

Descrição Técnica:

The trojan acts as a security menace that makes the system unsafer for surfing the Internet.

It has the folowing behavior :
  1. First it makes a check for the targeted security settings using PrivacyGetZonePreferenceW function . This will access values of the registries contained by this registry key : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C80120}
  2. Afterward it changes it , if not the lowered values are already set, into the same registry key mentioned earlier with the function PrivacySetZonePreferenceW altering a value PRIVACY_TEMPLATE_BAIXO (with the numeric value of 5) and creates this registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivacyAdvanced containing 0x0 . This is the same as Accept All Cookies on the Privacy Preferences slider bar in Internet Options.
  3. The trojan lowers security that other malware ("malicious software") can launch cookies in the system browser thus increasing the chance of indentity theft or browsing tracking.



More on changing the advanced settings on Internet Explorer here.