Secure Computing back in June first reported, attackers are using a fake video link on the site to initiate infection with the Trojan, which bombards victims with porn adware, before installing data-stealing code.

To make matters worse, the only defence against such attacks on the popular video-hosting website is the diligence of YouTube's security personnel, who can remove attacks as soon as they find them. However, according to Secure Computing's Paul Henry, this gives the malware distributors a window of opportunity of at least a few hours.

It is a backdoor designed to give the attacker remote control over a compromised computer. It changes essential system settings and modifies certain files. Zlob starts automatically on every Windows startup and stays hidden in background. It waits for remote connections and allows the attacker to download and install additional software, execute certain commands and manage the entire system. Zlob can be very dangerous. Use antivirus and spyware removal tools in order to get rid of this parasite. Some of Zlobs versions pretend to be video codecs to attract people.

Kill processes:
msmsgs.exe pmsngr.exe kdqrn.exe 02.exe kdvhv.exe kdoaf.exe kdkwb.exe kdkat.exe kdlfk.exe kdefp.exe

Delete registry values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RegSvr32=%System%\msmsgs.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe,msmsgs.exe
HKCU\Software\Internet Security\
HKCU\Software\HQvideo

Delete files:
msmsgs.exe isaddon.dll isamini.exe pmsngr.exe Programs\\Media-Codec\\ecodec.exe kdqrn.exe Temp\\02.exe kdvhv.exe Temp\\nsq3.tmp\\modern-header.bmp Temp\\nsq3.tmp\\nsExec.dll kdoaf.exe kdkwb.exe System\\kdkat.exe System\\kdlfk.exe System\\kdefp.exe