Friday, July 4, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\hkushdr.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d1577581-2ed7-469f-99b1-72c1339e0ee0}"="doctordom"

It also installs Toolbar, BHO, Antispycheck Rogue software...

SmitfraudFix removes the infection.