Sunday, November 16, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\gowqug.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1f3dd9bf-1472-4a8b-b295-b596a597149b}"="behaves"

It also installs Toolbar, BHO, VirusTrigger software...

SmitfraudFix removes the infection.