Z-Downloader


· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Detection and Removal ·
· Research ·



Overview

Summary:

Appears to kill the following processes: NAVAPW32. NAVW32. CCAPP. VSHWIN32. VSECOMR. WEBSCANX. AVCONSOL. VSSTAT. AVP32. AVPCC. AVPM. AVP32. AVPCC. AVPM. ICLOAD95. ICMON. ICSUPP95. ICLOADNT. ICSUPPNT. cleaner3. cleaner. MooLive. IFACE. Anti-Trojan. ANTS. vsmon. zonealarm. zapro. blackice. blackd. lockdown2000. iamapp. iamserv. Sphinx.

Alias:

Downloader-BU trojan

Category:

Firewall Killer: Any hacker tool intended to disable a user's personal firewall. Some will also disable resident anti-virus software.

Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

Variants:

  • Z-Downloader 1.00
  • Z-Downloader 1.01
  • Z-Downloader 1.1
  • Z-Downloader 1.2
  • Similar Pests:

    Firewall Killer · Downloader

    Origins

    Date of Origin:

    Variants from January, 2003 to January, 2003

    Distribution

    Prevalence:

  • Z-Downloader 1.00: < 0.00005%
  • More Info

    Clot Factor:

  • Z-Downloader 1.00: < 1
  • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Countries Affected:

    In the past three months, we have received reports of Z-Downloader in United States.

    Operation

    Storage Required:

  • Z-Downloader 1.00: at least 241 KB
  • Z-Downloader 1.01: at least 237 KB
  • Z-Downloader 1.1: at least 265 KB
  • Z-Downloader 1.2: at least 241 KB
  • Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.



    Manual Removal:

    Follow these steps to remove Z-Downloader from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:

  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
  • Research By:

  • PestPatrol's Pest Research Center
  • Last Revised:

    April 07, 2005