Tuesday, November 4, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\qfrmwmq.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d54f12f7-4d76-4c39-a096-e51ef5d33f2b}"="displume"

It also installs Toolbar, BHO, Virus Response Lab 2009 software...

SmitfraudFix removes the infection.