PUA.Win32.ZvuZona.bA

malware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

PUA.Win32.ZvuZona.bA also known as Generic.2DC, Win-PUP/ZonaInstaller.

Malware Analysis of PUA.Win32.ZvuZona.bA – ZCHROME.EXE

Created files:

%Appdata%\Zona\plugins\zupdater\manifest.json
%Appdata%\Zona\plugins\zupdater\plugin.properties
%Appdata%\Zona\plugins\zupdater\zchrome.exe
%Appdata%\Zona\plugins\zupdater\ZonaUpdater.exe
%Appdata%\Zona\plugins\zupdater\zupdater.ext.jar

Autostart registry keys:

HKLM\Software\Classes\Applications\Zona.exe\shell\open\command\: “”%Program Files%\Zona\Zona.exe” “%1″”
HKLM\Software\Classes\DHT\shell\open\command\: “”C:\PROGRA~1\Zona\Zona.exe” “%1″”
HKLM\Software\Classes\Magnet\shell\open\command\: “”C:\PROGRA~1\Zona\Zona.exe” “%1″”
HKLM\Software\Classes\Zona\shell\open\command\: “”C:\PROGRA~1\Zona\Zona.exe” “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zona\DisplayName: “Zona”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zona\UninstallString: “%Program Files%\Zona\uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zona)\DisplayName: “Zona”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Zona: “%Program Files%\Zona\Zona.exe /MINIMIZED”

Detected by UnHackMe:

ZCHROME.EXE
Default location: %APPDATA%\ZONA\PLUGINS\ZUPDATER\ZCHROME.EXE

Dropper hash(md5): b982c89fe7d6125703fc8ccd43fe1f7c

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera