Reboot and here’s what your desktop looks like after installing one of these.
zsvcompany(dot)com
bcnproduction(dot)com
mojtechnology(dot)com
vaulimited(dot)com
All trojans — fake zlob media codecs.
The main page will show an error; as is standard practice these days, the binaries are actually downloaded from a subdirectory (usually something like /download(dot)php?id=4082).
Detection by all engines is very poor on these (Sunbelt Sandbox report on zsvcompany here, VT results here). We will have detections out shortly.
Alex Eckelberry
(thanks Bharath)