Trojan:Win32/Zlob.AI is a generic detection for a DLL component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

This program was detected by definitions prior to 1.175.2145.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

Trojan:Win32/Small.ZZB is a detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

BrowserModifier:Win32/Fotomoto.A may be present as a Web Browser Helper Object (BHO) and may download unwanted software.

Program:Win32/FakeAlert.A is a family of programs that display false messages reporting that the user's system is infected and that new security software should be downloaded. The message is false and misleading, and it is intended to encourage users to download and/or purchase third-party software.

This program was detected by definitions prior to 1.175.1834.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

This browser modifier redirects your Internet search results without your consent.

 

Your search results from the address bar and "page not found" errors are redirected to baidu.com.

 

We have also seen BrowserModifier:Win32/BaiduSP try to download the Baidu Toolbar without consent.

This program was detected by definitions prior to 1.175.2424.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

Adware:Win32/LoudMo is a program that delivers advertisements, monitors Web browsing habits and prompts advertising popups, while automatically updating itself.

PWS:Win32/Lolyda.AK is a detection for a password-stealing trojan that steals account information from popular online games and sends the captured details to a remote server.

Trojan:Win32/Duberath.A is a trojan that poses as a popular legitimate application such as a Adobe Update Manager. Once installed, it may connect to a remote server and download and install additional files onto the compromised computer, and accept commands from a remote attacker.

This program was detected by definitions prior to 1.175.2424.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

This program was detected by definitions prior to 1.173.2540.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

Microsoft Defender Antivirus detects and removes this unwanted software.

This browser modifier is distributed as an installer for different applications. When launched, it displays an installation interface for the packaged application.

While installing software, this malware modifies shortcuts (.lnk files) for different web browsers, including Google Chrome, Internet Explorer, and Mozilla Firefox as well as popular Chinese browsers like UC Browser, QQ Browser, and Baidu Browser.

Opening a modified shortcut opens the browser and directs it to the following website:

hao.360.cn

Although this malware is known to install legitimate software and the website it points browsers to is legitimate, its behavior of modifying shortcuts in the background generally constitutes unexpected and unwanted behavior.

This threat is an unwanted software. An unwanted software is a program that alters your Windows experience without your consent or control. We use a set of evaluation criteria to determine what programs are classified as unwanted software. As the software ecosystem evolves, so do our evaluation criteria. To learn more, read these blog entries:

• Protecting customers from being intimidated into making an unnecessary purchase
• Cleaners ought to be clean (and clear)
• A brief discourse on ‘Changing browsing experience’
• Keeping browsing experience in users’ hands
• Keeping Browsing Experience in Users’ Hands, an Update...
• Cleaning up misleading advertisements
• Adware: A new approach

 

This application was stopped from running on your network because it has a poor reputation. This application can also affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs:

• Injects into other processes on your system
• Changes browser settings
• Installs browser extensions

These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.

If you were trying to install an application, you might have downloaded it from a source other than the official product's website.

We usually see this application installed on PCs in the following countries. This list is sorted according to prevalence:

• United States
• Brazil
• Russia
• France
• Spain

This detection is part of our extended Potentially Unwanted Application protection feature.

TrojanDownloader:Win32/Agent.ZAT.dr may install other files, and connect to known banner advertisement domains.

TrojanDownloader:Win32/Agent.ZAT may connect to known banner advertisement domains and download advertising content and additional files.