Tuesday, May 6, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\qdsba.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af73a174-ea1b-4f0b-b0b1-fe1486a6719c}"="communa"

It also installs Toolbar, BHO, VirusHeat Rogue software...

SmitfraudFix removes the infection.