Monday, June 23, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\sgntu.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c27abdde-8a43-4a7f-81c0-3fc3c952284f}"="chicot"

It also installs Toolbar, BHO, Antispycheck Rogue software...

SmitfraudFix removes the infection.