Rahul Sharma (Editor)

Emcodec

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Trojan.Emcodec.E is a trojan horse that is mis-represented as an audio and video codec for Windows-based PCs. It exists in various variants with names such as Media Codec, Ecodec, Imediacodec, IntCodec, Pcodec, SVideocodec, Video iCodec, QualityCodec, Vcodec, Zip Codec, zCodec, ZCODEC and began to be widely used in spring 2005.

When visiting certain web sites, in particular pornographic sites, and attempting to view a video file on the site, the user will be directed to download this software, purportedly in order to allow viewing of the video. Furthermore, a number of websites have been set up to mis-represent this malware as a legitimate codec, inviting the users to download the software, allegedly to allow for the playback of certain audio/video which claims to use the so-called codec.

Once executed, the trojan copies a program into the Program Files folder, changes some registry keys and displays a fake EULA for the supposed codec.

zCodec reportedly changes the machine's DNS settings, monitors the user's browsing and acts as adware.

Some versions of the trojan install malware called Zlob, which in turn may lead to the installation of malicious and fake "security programs" such as SpywareQuake, SpyFalcon, WinFixer or other malware; some variants also install a backdoor into the infected computer.

References

Emcodec Wikipedia