CLEAN INSTRUCTIONS

1. Restart the computer in Safe Mode.

2. Delete the file reported as infected with Trojan.Lowzones.Z.

3. Reset the Internet Explorer security settings to their default values.

Internet Explorer 7
- Open Internet Explorer, go to Tools > Internet Options.

- Go to the Security tab and click the Reset all zones to the default level button.

Internet Explorer 6
- Open Internet Explorer, go to Tools > Internet options.

- Go to the Security tab and click on the Default level button.

4. Run a scan with BullGuard.


SYMPTOMS
1. Unknown running processes in the Task Manager Process list.

2. Existence of the abc123.pid file in the current user's C:/temp directory.


DESCRIPTION

1. It writes the PID (Process ID) in the C:\Documents and Settings\User\Local Settings\Temp\abc123.pid

2. It lowers Interner Explorer security settings.

3. It adds a key named me in HKCR\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ZoneMap\Ranges

in order to ensure access to a certain IP address (88.80.5.21).

4. It opens Internet Explorer and tries to open a connection to the IP 88.80.5.21 in order to download
a malicious file identified as Exploit.ADODB.Stream.


Author:
The BullGuard Team