Sunday, May 28, 2006

New SmithFraud Variant Found

Another variant found, Siri SmithFraudFix updated:

Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{f5947202-e9cb-4a72-88e7-22f2cbd2b124}"="chenopodiaceae"

[HKEY_CLASSES_ROOT\CLSID\{f5947202-e9cb-4a72-88e7-22f2cbd2b124}\InProcServer32]
@="C:\WINDOWS\System32\bolnyz.dll" <<<<---new file

[HKEY_CURRENT_USER\Software\Classes\CLSID\{f5947202-e9cb-4a72-88e7-22f2cbd2b124}\InProcServer32]
@="C:\WINDOWS\System32\bolnyz.dll"

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)