Thursday, August 14, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\ouhzw.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{97D2DFAC-9ACB-4D6F-AC2B-AB6EE090F649}"="bebization"

It also installs Toolbar, BHO, Antispycheck Rogue software...

SmitfraudFix removes the infection.