Emcodec
| Common name | Codec |
|---|---|
| Technical name |
|
Trojan.Emcodec.E is a trojan horse that is mis-represented as an audio and video codec for Windows-based PCs. It exists in various variants with names such as Media Codec, Ecodec, Imediacodec, IntCodec, Pcodec, SVideocodec, Video iCodec, QualityCodec, Vcodec, Zip Codec, zCodec, ZCODEC[1] and began to be widely used in spring 2005.
When visiting certain web sites, in particular pornographic sites, and attempting to view a video file on the site, the user will be directed to download this software, purportedly in order to allow viewing of the video. Furthermore, a number of websites have been set up to mis-represent this malware as a legitimate codec, inviting the users to download the software, allegedly to allow for the playback of certain audio/video which claims to use the so-called codec.
Once executed, the trojan copies a program into the Program Files folder, changes some registry keys and displays a fake EULA for the supposed codec.[2]
zCodec reportedly changes the machine's DNS settings, monitors the user's browsing and acts as adware.[3]
Some versions of the trojan install malware called Zlob, which in turn may lead to the installation of malicious and fake "security programs" such as SpywareQuake, , WinFixer or other malware; some variants also install a backdoor into the infected computer.[4]
References[]
- ^ "Threat Display". research.sunbelt-software.com.
- ^ "Trojan.Emcodec.E - Symantec". www.symantec.com.
- ^ Techworld report on zCodec, 4 September 2006
- ^ "Trojan-Downloader.Zlob.Media-Codec (fs) Information and Removal". research.sunbelt-software.com.
External links[]
- Removal tools
- Trojan horses
- Adware
- Spyware