Malwarebytes Blog

New Zlob has been released again. It installs the following files, and registry entries.

C:\Windows\System32\ibmsmyi.dll
C:\Windows\System32\788877\788877.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{049e2207-f9ef-40da-91f7-8819d0c33a84} = bergamiol

We have provided removal instructions for anybody unfortunate to have been infected by this trojan.

Removal instructions for Trojan.Zlob

New Zlob has been released again. It installs the following files, and registry entries.

C:\Windows\System32\sgntu.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{c27abdde-8a43-4a7f-81c0-3fc3c952284f} = chicot

We have provided removal instructions for anybody unfortunate to have been infected by this trojan.

Removal instructions for Trojan.Zlob

Trojan.FakeAlert is a trojan which installs via fake codecs or browser exploits. Once installed it delivers popup advertisements for useless products. These symptoms will be accompanied by the installation of a rogue application with no user prompts or action required. Trojan.FakeAlert has been updated and now installs the following directory.

C:\Program Files\PCHealthCenter

We have provided removal instructions for anybody unfortunate to have been infected by this trojan.

Removal instructions for Trojan.FakeAlert

New Zlob has been released again. It installs the following files, folders and registry entries.

C:\Windows\System32\214075
C:\Windows\System32\funfsnv.dll
C:\Program Files\Web Technologies

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{99f8405b-63d1-421a-83bb-7b4b0642ac28} = eulogical

We have provided removal instructions for anybody unfortunate to have been infected by this trojan.

Removal instructions for Trojan.Zlob

New Zlob has been released again. It installs the following files and registry entries.

C:\Windows\System32\kfcpnd.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f} = campaniform

We have provided removal instructions for anybody unfortunate to have been infected by this trojan.

Removal instructions for Trojan.Zlob

VideoAccessCodec has been updated. The codec installs the following files.

C:\Windows\pxgdslro.dll
C:\Windows\mdtgkswr.exe
C:\Windows\gnowmebk.dll
C:\Windows\gktxaspm.dll
C:\Windows\eova.exe

We have provided removal instructions for anybody unfortunate to have been infected by this codec.

Removal instructions for VideoAccessCodec

VideoAccessCodec has been updated. The codec installs the following files.

C:\Windows\vbksrofa.dll
C:\Windows\pvnsmfor.dll
C:\Windows\oadkxrts.exe
C:\Windows\mpfanvqg.dll

We have provided removal instructions for anybody unfortunate to have been infected by this codec.

Removal instructions for VideoAccessCodec

Trojan.Agent is installed via an exploit. The trojan installs the following file:

C:\sysdump.dll

We have provided removal instructions for anybody unfortunate to have been infected by this trojan.

Removal instructions for Trojan.Agent

Trojan.BHO is installed via an exploit. The trojan installs the following file:

C:\autoex.dll

We have provided removal instructions for anybody unfortunate to have been infected by this trojan.

Removal instructions for Trojan.BHO

Spyware.Passwords installs via exploit without user interaction. Once installed, it slows down the system dramatically. The malware installs the following files:

C:\Program Files\DefWatch.exe
C:\Program Files\ctfmon.exe
C:\Windows\System32\donj32drv.dll

We have provided removal instructions for anybody unfortunate to have been infected by this malware.

Removal instructions for Spyware.Passwords