Sunday, September 14, 2008

Zlob

Zlob fake codec is back and updated with a new rogue.

Some days ago, the Zlob dll dropper, and responsible of fake alerts messages, was replaced by MS Antivirus Rogue. Something new was predictable, it's done. This new version drops the following file:

%SYSTEM%\fbjvt.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6b9a461b-893f-45ee-8c59-06d3a2223b24}"="coxite"

It also installs Toolbar, BHO, Antivirus Lab 2009 software...

SmitfraudFix removes the infection.