Monday, April 28, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\uyhjw.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

It also installs Toolbar, BHO, VirusHeat Rogue software...

SmitfraudFix removes the infection.