Trojan.Emcodec.E

Trojan.Emcodec.E

Trojan.Emcodec.E is a trojan horse that is mis-represented as an audio/video codec for Windows-based PCs. It exists in various variants with names such as Media Codec, Ecodec, Imediacodec, IntCodec, Pcodec, SVideocodec, Video iCodec, QualityCodec, Vcodec, Zip Codec, zCodec, ZCODEC [ [http://research.sunbelt-software.com/threatdisplay.aspx?name=Tro.Vcodec&threatid=42096 CounterSpy research center on Vcodec] ] [ [http://www.lavasoft.com/lavasoftnews/2006/09/hijacks.html Lavasoft News September 2006] ] and began to be widely used in spring 2005.

When visiting certain web sites, in particular pornographic sites, and attempting to view a video file on the site, the user will be directed to download this software, purportedly in order to allow viewing of the video. Furthermore, a number of websites have been set up to mis-represent this malware as a legitimate codec, inviting the users to download the software, allegedly to allow for the playback of certain audio/video which claims to use the so-called codec.

Once executed, the trojan copies a program into the Program Files folder, changes some registry keys and displays a fake EULA for the supposed codec. [ [http://www.symantec.com/security_response/writeup.jsp?docid=2006-070115-3546-99 Symantec information on Trojan.Emcodec.E] ]

zCodec reportedly changes the machine's DNS settings, monitors the user's browsing and acts as adware. [ [http://www.techworld.com/security/news/index.cfm?newsID=6781 Techworld report on zCodec] , 4 September 2006]

Some versions of the trojan install malware called Zlob, which in turn may lead to the installation of malicious and fake "security programs" such as SpywareQuake, SpyFalcon, WinAntiVirusPro or other malware; some variants also install a backdoor into the infected computer. [ [http://research.sunbelt-software.com/threatdisplay.aspx?name=Zlob.Media-Codec&threatid=44478 CounterSpy research center on Zlob/Media Codec] ]

References

External links

* Removal tools:
** [http://siri.urz.free.fr/Fix/SmitfraudFix_En.php SmitfraudFix]
** [http://noahdfear.geekstogo.com SmitRem]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Thumbnail gallery post — A thumbnail gallery post (TGP) is a common type of ad driven website that provides links to free Internet pornography. [ [http://www.cozyacademy.com/classrooms/tgp/index.asp Tutorial about TGPs and galleries] for adult webmasters, by Cozy Academy …   Wikipedia

  • WinFixer — Developer(s) Innovative Marketing, Inc. Development status Shutdown by the United States Government; similar scams may still exist Operating system Microsoft Windows Type Scareware …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”