Monday, April 14, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\vualf.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{12a31567-9883-4cc0-a684-ad5804394d69}"="hemimorphite"

It also installs Toolbar, BHO, VirusHeat Rogue software...

Use SmitfraudFix to remove the infection.