Saturday, August 30, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\sjrggq.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d3b82107-f8fa-4ef3-8066-136e22872d4e}"="babblement"

It also installs Toolbar, BHO, Antispycheck Rogue software...

SmitfraudFix removes the infection.