Zlob Malware is Hijacking Winsock.
All begins with the installation of the fake software: Video ActiveX Enhancement 2.07 which installs: AntiVirGear 3.7, BHO, Alerts Popups, IEToolBar...
Now 2 files laf?.dll and laf?.ini are dropped in %SYSTEM% folder (where ? is a number from 1 to 5). Files are detected as Trojan-Downloader.Win32.Agent.doe by Kaspersky Antivirus.
HijackThis Symptoms:
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
Use LSPFix to remove the files. (Bleeping Computer Guide)
skip to main |
skip to sidebar
About Malwares, Rogues, Scarewares, SmitfraudFix
Blog Archive
Labels
- Adware
- Anti200X
- AntiSpyware LLC
- AVPro
- AVSoft
- Braviax
- Core
- CST
- DesktopHijack
- Digiweb
- DNSChanger
- FakeCodec
- FakeHDD
- FakeOnlineScanner
- fakepav
- FakeSiteMessage
- fakeVD
- GCodeRogue
- Gibmedia
- Hydra Networks
- IECodec
- IEDef
- IObit
- ISecurity
- Koobface
- LSPHijack
- Malware
- Malwarebytes
- misc
- MoneyRacing
- prvnap
- Ransomware
- Registry Cleaners
- Rogues
- ScreenShots
- Serial
- Sig.
- SmitfraudFix
- SWProtect
- SysSec
- Tritax
- VAC
- Video
- WiniSoft
- Zaxar
- Zlob
SmitfraudFix Links
Links