A multicomponent Trojan designed to infect 32-bit and 64-bit versions of Windows.
Once it is launched on the infected computer, Trojan.Zekos places its copy into C:\Windows\System32\ as a file with a randomly generated name and extension, switches off Windows File Protection system, and attempts to gain higher privileges.
Then the Trojan injects the malicious code into rpcss.dll. The main purpose of this code is to load the Trojan's copy stored on the computer into computer's memory. Once the library is loaded, the code is decoded and granted control. Moreover, Trojan.Zekos modifies the TCP/IP protocol driver to increase the number of simultaneous TCP connections in 1 second from 10 to 1,000,000.
One of the Trojan's functions is to intercept DNS queries to Microsoft Internet Explorer, Mozilla Firefox, Chrome, Opera, Safari, and other web browsers. In addition, Trojan.Zekos blocks access to the websites of most anti-virus companies and to Microsoft servers.