How to remove Trojan.Zlob.CT
THREAT NAME
Trojan.Zlob.CT
CLEAN INSTRUCTIONS
Restart in Safe mode and do the following:
1. Delete the files:
- bpmini.exe
- bpmon.exe
Usually those files are located in:
C:\Program Files\Image AX Object
C:\Program Files\Protection Tools
2. Delete the following registry key:
NB! Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.
HKCU\Software\Protection Tools
SYMPTOMS
1. bpmon.exe appeares in the list of running processes along with bpmini.exe.
2. If bpmon.exe process is terminated, it will appear again.
DESCRIPTION
1. It is installed on the system by tricking the user into downloading a fake codec or a protection system.
2. Once executed, Trojan.Zlob.CT performs the following actions:
- Tries to execute files
- Create threads and events in order to syncronize them
Want to know more about Trojans? Visit Bullguard Security Center
Author:
The BullGuard Team