Saturday, August 25, 2007

Vivacodec - Zlob's new fake codec

Zlob gang has modified their fake codec malware once again! Now, it's vivacodec, hosted at (do NOT visit that website). Similar to the old ones, this new fake codec drops a rootkit. This rootkit uses Winlogon\System subkey to load itself during system startup. Here are the screenshots of rootkit's Registry entry, and hidden file as detected by RootkitRevealer:

Anti-Rootkit tools like F-Secure BlackLight or AVG Anti-Rootkit can be used to automatically remove the rootkit.


Post a Comment

<< Home