Zlob fake codec has been update. It drops the following file:
%SYSTEM%\sjrggq.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d3b82107-f8fa-4ef3-8066-136e22872d4e}"="babblement"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Saturday, August 30, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
a, za, o, d, g, x, i, ui, y, c, p, w
Possible filenames are:
adic.dll, zadic.dll, odic.dll, agic.dll, zagic.dll, ogic.dll, axic.dll, zaxic.dll, oxic.dll, aduic.dll, zaduic.dll, oduic.dll, aguic.dll, zaguic.dll, oguic.dll, axuic.dll, zaxuic.dll, oxuic.dll, adyc.dll, zadyc.dll, odyc.dll, agyc.dll, zagyc.dll, ogyc.dll, axyc.dll, zaxyc.dll, oxyc.dll, adip.dll, zadip.dll, odip.dll, agip.dll, zagip.dll, ogip.dll, axip.dll, zaxip.dll, oxip.dll, aduip.dll, zaduip.dll, oduip.dll, aguip.dll, zaguip.dll, oguip.dll, axuip.dll, zaxuip.dll, oxuip.dll, adyp.dll, zadyp.dll, odyp.dll, agyp.dll, zagyp.dll, ogyp.dll, axyp.dll, zaxyp.dll, oxyp.dll, adiw.dll, zadiw.dll, odiw.dll, agiw.dll, zagiw.dll, ogiw.dll, axiw.dll, zaxiw.dll, oxiw.dll, aduiw.dll, zaduiw.dll, oduiw.dll, aguiw.dll, zaguiw.dll, oguiw.dll, axuiw.dll, zaxuiw.dll, oxuiw.dll, adyw.dll, zadyw.dll, odyw.dll, agyw.dll, zagyw.dll, ogyw.dll, axyw.dll, zaxyw.dll, oxyw.dll
It displays alert messages with popups that download Total Secure 2009:

Use SmitfraudFix to remove the infection.
a, za, o, d, g, x, i, ui, y, c, p, w
Possible filenames are:
adic.dll, zadic.dll, odic.dll, agic.dll, zagic.dll, ogic.dll, axic.dll, zaxic.dll, oxic.dll, aduic.dll, zaduic.dll, oduic.dll, aguic.dll, zaguic.dll, oguic.dll, axuic.dll, zaxuic.dll, oxuic.dll, adyc.dll, zadyc.dll, odyc.dll, agyc.dll, zagyc.dll, ogyc.dll, axyc.dll, zaxyc.dll, oxyc.dll, adip.dll, zadip.dll, odip.dll, agip.dll, zagip.dll, ogip.dll, axip.dll, zaxip.dll, oxip.dll, aduip.dll, zaduip.dll, oduip.dll, aguip.dll, zaguip.dll, oguip.dll, axuip.dll, zaxuip.dll, oxuip.dll, adyp.dll, zadyp.dll, odyp.dll, agyp.dll, zagyp.dll, ogyp.dll, axyp.dll, zaxyp.dll, oxyp.dll, adiw.dll, zadiw.dll, odiw.dll, agiw.dll, zagiw.dll, ogiw.dll, axiw.dll, zaxiw.dll, oxiw.dll, aduiw.dll, zaduiw.dll, oduiw.dll, aguiw.dll, zaguiw.dll, oguiw.dll, axuiw.dll, zaxuiw.dll, oxuiw.dll, adyw.dll, zadyw.dll, odyw.dll, agyw.dll, zagyw.dll, ogyw.dll, axyw.dll, zaxyw.dll, oxyw.dll
It displays alert messages with popups that download Total Secure 2009:

Use SmitfraudFix to remove the infection.
Thursday, August 28, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ws, das, xd, ao, as, idc, z, n, m, t, r, y
Possible filenames are:
wsaozt.dll, dasaozt.dll, xdaozt.dll, wsaszt.dll, dasaszt.dll, xdaszt.dll, wsidczt.dll, dasidczt.dll, xdidczt.dll, wsaont.dll, dasaont.dll, xdaont.dll, wsasnt.dll, dasasnt.dll, xdasnt.dll, wsidcnt.dll, dasidcnt.dll, xdidcnt.dll, wsaomt.dll, dasaomt.dll, xdaomt.dll, wsasmt.dll, dasasmt.dll, xdasmt.dll, wsidcmt.dll, dasidcmt.dll, xdidcmt.dll, wsaozr.dll, dasaozr.dll, xdaozr.dll, wsaszr.dll, dasaszr.dll, xdaszr.dll, wsidczr.dll, dasidczr.dll, xdidczr.dll, wsaonr.dll, dasaonr.dll, xdaonr.dll, wsasnr.dll, dasasnr.dll, xdasnr.dll, wsidcnr.dll, dasidcnr.dll, xdidcnr.dll, wsaomr.dll, dasaomr.dll, xdaomr.dll, wsasmr.dll, dasasmr.dll, xdasmr.dll, wsidcmr.dll, dasidcmr.dll, xdidcmr.dll, wsaozy.dll, dasaozy.dll, xdaozy.dll, wsaszy.dll, dasaszy.dll, xdaszy.dll, wsidczy.dll, dasidczy.dll, xdidczy.dll, wsaony.dll, dasaony.dll, xdaony.dll, wsasny.dll, dasasny.dll, xdasny.dll, wsidcny.dll, dasidcny.dll, xdidcny.dll, wsaomy.dll, dasaomy.dll, xdaomy.dll, wsasmy.dll, dasasmy.dll, xdasmy.dll, wsidcmy.dll, dasidcmy.dll, xdidcmy.dll
It displays alert messages with popups that download Total Secure 2009:

Use SmitfraudFix to remove the infection.
ws, das, xd, ao, as, idc, z, n, m, t, r, y
Possible filenames are:
wsaozt.dll, dasaozt.dll, xdaozt.dll, wsaszt.dll, dasaszt.dll, xdaszt.dll, wsidczt.dll, dasidczt.dll, xdidczt.dll, wsaont.dll, dasaont.dll, xdaont.dll, wsasnt.dll, dasasnt.dll, xdasnt.dll, wsidcnt.dll, dasidcnt.dll, xdidcnt.dll, wsaomt.dll, dasaomt.dll, xdaomt.dll, wsasmt.dll, dasasmt.dll, xdasmt.dll, wsidcmt.dll, dasidcmt.dll, xdidcmt.dll, wsaozr.dll, dasaozr.dll, xdaozr.dll, wsaszr.dll, dasaszr.dll, xdaszr.dll, wsidczr.dll, dasidczr.dll, xdidczr.dll, wsaonr.dll, dasaonr.dll, xdaonr.dll, wsasnr.dll, dasasnr.dll, xdasnr.dll, wsidcnr.dll, dasidcnr.dll, xdidcnr.dll, wsaomr.dll, dasaomr.dll, xdaomr.dll, wsasmr.dll, dasasmr.dll, xdasmr.dll, wsidcmr.dll, dasidcmr.dll, xdidcmr.dll, wsaozy.dll, dasaozy.dll, xdaozy.dll, wsaszy.dll, dasaszy.dll, xdaszy.dll, wsidczy.dll, dasidczy.dll, xdidczy.dll, wsaony.dll, dasaony.dll, xdaony.dll, wsasny.dll, dasasny.dll, xdasny.dll, wsidcny.dll, dasidcny.dll, xdidcny.dll, wsaomy.dll, dasaomy.dll, xdaomy.dll, wsasmy.dll, dasasmy.dll, xdasmy.dll, wsidcmy.dll, dasidcmy.dll, xdidcmy.dll
It displays alert messages with popups that download Total Secure 2009:

Use SmitfraudFix to remove the infection.
Total Secure 2009
A new Rogue has been released: Total Secure 2009.
This rogues looks like: IE Defender, Files Secure, Malware Bell, IE Antivirus.

SmitfraudFix removes the infection.
Thanks to Bharath M N.
This rogues looks like: IE Defender, Files Secure, Malware Bell, IE Antivirus.

SmitfraudFix removes the infection.
Thanks to Bharath M N.
Libellés :
IEDef,
Rogues,
ScreenShots
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\wighg.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cac60ee7-ebe0-4082-be2a-3abf704b7af0}"="glycosulfatase"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\wighg.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cac60ee7-ebe0-4082-be2a-3abf704b7af0}"="glycosulfatase"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Wednesday, August 27, 2008
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\rodqgpvl???.dll (where ? is a random caracter)
%WINDOWS%\qalkfxor.dll
%WINDOWS%\pdoskegl.dll
%WINDOWS%\rqbmvpso.dll
%WINDOWS%\rvoelbxt.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
%WINDOWS%\rodqgpvl???.dll (where ? is a random caracter)
%WINDOWS%\qalkfxor.dll
%WINDOWS%\pdoskegl.dll
%WINDOWS%\rqbmvpso.dll
%WINDOWS%\rvoelbxt.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
Sunday, August 24, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from a dictionary:
z, d, y, a, w, r, o, v, l, 32i, 2, k
Possible filenames are:
zao32i.dll, dao32i.dll, yao32i.dll, zwo32i.dll, dwo32i.dll, ywo32i.dll, zro32i.dll, dro32i.dll, yro32i.dll, zav32i.dll, dav32i.dll, yav32i.dll, zwv32i.dll, dwv32i.dll, ywv32i.dll, zrv32i.dll, drv32i.dll, yrv32i.dll, zal32i.dll, dal32i.dll, yal32i.dll, zwl32i.dll, dwl32i.dll, ywl32i.dll, zrl32i.dll, drl32i.dll, yrl32i.dll, zao2.dll, dao2.dll, yao2.dll, zwo2.dll, dwo2.dll, ywo2.dll, zro2.dll, dro2.dll, yro2.dll, zav2.dll, dav2.dll, yav2.dll, zwv2.dll, dwv2.dll, ywv2.dll, zrv2.dll, drv2.dll, yrv2.dll, zal2.dll, dal2.dll, yal2.dll, zwl2.dll, dwl2.dll, ywl2.dll, zrl2.dll, drl2.dll, yrl2.dll, zaok.dll, daok.dll, yaok.dll, zwok.dll, dwok.dll, ywok.dll, zrok.dll, drok.dll, yrok.dll, zavk.dll, davk.dll, yavk.dll, zwvk.dll, dwvk.dll, ywvk.dll, zrvk.dll, drvk.dll, yrvk.dll, zalk.dll, dalk.dll, yalk.dll, zwlk.dll, dwlk.dll, ywlk.dll, zrlk.dll, drlk.dll, yrlk.dll
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
z, d, y, a, w, r, o, v, l, 32i, 2, k
Possible filenames are:
zao32i.dll, dao32i.dll, yao32i.dll, zwo32i.dll, dwo32i.dll, ywo32i.dll, zro32i.dll, dro32i.dll, yro32i.dll, zav32i.dll, dav32i.dll, yav32i.dll, zwv32i.dll, dwv32i.dll, ywv32i.dll, zrv32i.dll, drv32i.dll, yrv32i.dll, zal32i.dll, dal32i.dll, yal32i.dll, zwl32i.dll, dwl32i.dll, ywl32i.dll, zrl32i.dll, drl32i.dll, yrl32i.dll, zao2.dll, dao2.dll, yao2.dll, zwo2.dll, dwo2.dll, ywo2.dll, zro2.dll, dro2.dll, yro2.dll, zav2.dll, dav2.dll, yav2.dll, zwv2.dll, dwv2.dll, ywv2.dll, zrv2.dll, drv2.dll, yrv2.dll, zal2.dll, dal2.dll, yal2.dll, zwl2.dll, dwl2.dll, ywl2.dll, zrl2.dll, drl2.dll, yrl2.dll, zaok.dll, daok.dll, yaok.dll, zwok.dll, dwok.dll, ywok.dll, zrok.dll, drok.dll, yrok.dll, zavk.dll, davk.dll, yavk.dll, zwvk.dll, dwvk.dll, ywvk.dll, zrvk.dll, drvk.dll, yrvk.dll, zalk.dll, dalk.dll, yalk.dll, zwlk.dll, dwlk.dll, ywlk.dll, zrlk.dll, drlk.dll, yrlk.dll
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Thursday, August 21, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\kcekz.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc71747-ace0-40c1-8947-54f107d0639b}"="enorganic"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\kcekz.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc71747-ace0-40c1-8947-54f107d0639b}"="enorganic"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Wednesday, August 20, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with 4 letters filename composed from a dictionary:
h, f, p, a, s, d, y, b, x, o, i, t
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
h, f, p, a, s, d, y, b, x, o, i, t
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Tuesday, August 19, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with 4 letters filename composed from a dictionary:
j, s, p, a, c, d, b, z, x, t
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
j, s, p, a, c, d, b, z, x, t
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Monday, August 18, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\euwoeu.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0fe36c74-667b-454b-828e-75e4e72cbef8}"="causes"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\euwoeu.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0fe36c74-667b-454b-828e-75e4e72cbef8}"="causes"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Sunday, August 17, 2008
Antivirus XP 2008 Hidden Installer
Trojan downloaders sometimes use tricks to hide stuff they download. This picture of a lemur is downloaded from antivirusxp-08.net host. But the size is to heavy for it (1,47Mo).

Looking at the data, we can see some hidden code after and the decipher routine (XOR 0x6B) in the Trojan-Downloader.
Removing the picture data, applying a decipher home made tool, we get the Antivirus XP 2008 rogue installer.
Edit: This trick is not new, it has been seen on many other infections like tibs or with this Desktop Hijack.

Looking at the data, we can see some hidden code after and the decipher routine (XOR 0x6B) in the Trojan-Downloader.
Removing the picture data, applying a decipher home made tool, we get the Antivirus XP 2008 rogue installer.
Edit: This trick is not new, it has been seen on many other infections like tibs or with this Desktop Hijack.
Desktop Hijack
Fake Vista Window picture installed as wallpaper with various Rogues (Antivirus XP 2008, XP Security Center, ...).
 
 
Libellés :
DesktopHijack,
Malware,
ScreenShots
Saturday, August 16, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: video, ie, ievid, odk, dsa, a32
Possible filenames are: videoodk.dll, videodsa.dll, videoa32.dll, ieodk.dll, iedsa.dll, iea32.dll, ievidodk.dll, ieviddsa.dll, ievida32.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Possible filenames are: videoodk.dll, videodsa.dll, videoa32.dll, ieodk.dll, iedsa.dll, iea32.dll, ievidodk.dll, ieviddsa.dll, ievida32.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Friday, August 15, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: sys, sms, srch, ani, opa, era
Possible filenames are: sysani.dll, sysopa.dll, sysera.dll, smsani.dll, smsopa.dll, smsera.dll, srchani.dll, srchopa.dll, srchera.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Possible filenames are: sysani.dll, sysopa.dll, sysera.dll, smsani.dll, smsopa.dll, smsera.dll, srchani.dll, srchopa.dll, srchera.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Antivirus 2009
Antivirus 2009 rogue replace the original SP2 Security Center by its own. 


SmitfraudFix removes the malware.


SmitfraudFix removes the malware.
Libellés :
Anti200X,
Rogues,
ScreenShots
Thursday, August 14, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: srch, sr, search, add, addon, a
Possible filenames are: srchadd.dll, srchaddon.dll, srcha.dll, sradd.dll, sraddon.dll, sra.dll, searchadd.dll, searchaddon.dll, searcha.dll.
This dictionary is the same as the one in the previous post. The dropper has been updated but it still not save the new resource.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Possible filenames are: srchadd.dll, srchaddon.dll, srcha.dll, sradd.dll, sraddon.dll, sra.dll, searchadd.dll, searchaddon.dll, searcha.dll.
This dictionary is the same as the one in the previous post. The dropper has been updated but it still not save the new resource.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
IE Defender, Files Secure, Malware Bell, IE Antivirus
The new dropper is creating the same file two times, instead of a new one.
In the bin dropper, we can see now two resources, but the new one is never saved.
Is there an error in the code ? A second dictionary that may be necessary for this new file is used to create a filename for the first file.
Dictionary: srch, sr, search, add, addon, a
Possible filename: srchadd.dll, srchaddon.dll, srcha.dll, sradd.dll, sraddon.dll, sra.dll, searchadd.dll, searchaddon.dll, searcha.dll
Registered new infection would be (if there was no error in the dropper):
O2 - BHO: SearchAddon - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\System32\random.dll
This new infection acts like a Search Hijacker:

SmitfraudFix is ready to remove the infection.
In the bin dropper, we can see now two resources, but the new one is never saved.
Is there an error in the code ? A second dictionary that may be necessary for this new file is used to create a filename for the first file.
Dictionary: srch, sr, search, add, addon, a
Possible filename: srchadd.dll, srchaddon.dll, srcha.dll, sradd.dll, sraddon.dll, sra.dll, searchadd.dll, searchaddon.dll, searcha.dll
Registered new infection would be (if there was no error in the dropper):
O2 - BHO: SearchAddon - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\System32\random.dll
This new infection acts like a Search Hijacker:

SmitfraudFix is ready to remove the infection.
Libellés :
IEDef,
Malware,
ScreenShots
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\ouhzw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{97D2DFAC-9ACB-4D6F-AC2B-AB6EE090F649}"="bebization"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\ouhzw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{97D2DFAC-9ACB-4D6F-AC2B-AB6EE090F649}"="bebization"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\mesdxbr???.dll (where ? is a random caracter)
%WINDOWS%\vwsrfton.dll
%WINDOWS%\wbqxfpgl.dll
%WINDOWS%\tpabfelq.dll
%WINDOWS%\ateqoflr.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
%WINDOWS%\mesdxbr???.dll (where ? is a random caracter)
%WINDOWS%\vwsrfton.dll
%WINDOWS%\wbqxfpgl.dll
%WINDOWS%\tpabfelq.dll
%WINDOWS%\ateqoflr.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
TheSpyBot
The fake AntiSpyware tool TheSpyBot detects infections on a clean system.

SmitfraudFix removes the malware.

SmitfraudFix removes the malware.
Libellés :
Rogues,
ScreenShots
XP Security Center
XP Security Center rogue replace the original SP2 Security Center by its own. 


SmitfraudFix removes the malware.


SmitfraudFix removes the malware.
Libellés :
Anti200X,
Rogues,
ScreenShots
Wednesday, August 13, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: a, amo, amos, vid, video, v
Possible filenames are: avid.dll, avideo.dll, av.dll, amovid.dll, amovideo.dll, amov.dll, amosvid.dll, amosvideo.dll, amosv.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Possible filenames are: avid.dll, avideo.dll, av.dll, amovid.dll, amovideo.dll, amov.dll, amosvid.dll, amosvideo.dll, amosv.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Antivirus Master
Antivirus Master is a rogue from the same family as Vista Antivirus 2008, Antispyware 2008 XP, Internet Antivirus. These fake security softwares detect infections on a clean system.

SmitfraudFix removes the malware.

SmitfraudFix removes the malware.
Libellés :
Anti200X,
Rogues,
ScreenShots
Tuesday, August 12, 2008
Internet-antivirus
New rogue released: Internet-antivirus.

SmitfraudFix removes the malware.
Thanks to TeMerc and Bharath

SmitfraudFix removes the malware.
Thanks to TeMerc and Bharath
Libellés :
Anti200X,
Rogues,
ScreenShots
Monday, August 11, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: g, g2, G, tool, tbl, tool~1
Possible filenames are: gtool.dll, gtbl.dll, gtool~1.dll, g2tool.dll, g2tbl.dll, g2tool~1.dll, Gtool.dll, Gtbl.dll, Gtool~1.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Possible filenames are: gtool.dll, gtbl.dll, gtool~1.dll, g2tool.dll, g2tbl.dll, g2tool~1.dll, Gtool.dll, Gtbl.dll, Gtool~1.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Thursday, August 7, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: gold, gld, Gold, mng, man, Manager
Possible filenames are: goldmng.dll, goldman.dll, goldManager.dll, gldmng.dll, gldman.dll, gldManager.dll, Goldmng.dll, Goldman.dll, GoldManager.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Possible filenames are: goldmng.dll, goldman.dll, goldManager.dll, gldmng.dll, gldman.dll, gldManager.dll, Goldmng.dll, Goldman.dll, GoldManager.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Sunday, August 3, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: MEGAUP, MEGAUP, MEGAUP, ~1, LOAD, L
Possible filenames are: MEGAUP~1.dll, MEGAUPLOAD.dll, MEGAUPL.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Possible filenames are: MEGAUP~1.dll, MEGAUPLOAD.dll, MEGAUPL.dll.
It displays alert messages with popups that download IE Antivirus:

Use SmitfraudFix to remove the infection.
Subscribe to:
Comments (Atom)
