Follow:

 

Win32/Pluzoks


Microsoft security software detects and removes this threat.

Win32/Pluzoks is a trojan that silently downloads and installs files without your consent.



What to do now

The following Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Threat behavior

Win32/Pluzoks is a trojan that downloads and installs other files without your knowledge or consent.

Installation

Win32/Pluzoks is installed by other malware, detected as TrojanDownloader:Win32/Pluzoks.A. It changes the registry so that it automatically runs every time Windows starts, as in the following example:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "ozplusv3"
With data: "<malware file name>.exe"

The registry data might be different for different variants of Win32/Pluzoks.

This malware creates data files on your PC, as in the following example:

  • %windir%\temp\ozplus_conifg.ini
  • <current folder>\ozplus_conifg.ini

The file names may differ among variants of the trojan, for example:

  • xpeadup7_conifg.ini
  • subjet_conifg.ini
Payload

Downloads files

Win32/Pluzoks may download updates of itself, or other files.


Symptoms

System changes
The following system changes may indicate the presence of this malware:

  • The presence of the following files:
    • %windir%\temp\ozplus_conifg.ini
    • <current folder>\ozplus_conifg.ini
  • The presence of the following registry change:
    In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Sets value: "ozplusv3"

Prevention


Alert level: Severe
This entry was first published on: Oct 20, 2011
This entry was updated on: Oct 07, 2013

This threat is also detected as:
No known aliases