Thursday, August 28, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ws, das, xd, ao, as, idc, z, n, m, t, r, y

Possible filenames are:
wsaozt.dll, dasaozt.dll, xdaozt.dll, wsaszt.dll, dasaszt.dll, xdaszt.dll, wsidczt.dll, dasidczt.dll, xdidczt.dll, wsaont.dll, dasaont.dll, xdaont.dll, wsasnt.dll, dasasnt.dll, xdasnt.dll, wsidcnt.dll, dasidcnt.dll, xdidcnt.dll, wsaomt.dll, dasaomt.dll, xdaomt.dll, wsasmt.dll, dasasmt.dll, xdasmt.dll, wsidcmt.dll, dasidcmt.dll, xdidcmt.dll, wsaozr.dll, dasaozr.dll, xdaozr.dll, wsaszr.dll, dasaszr.dll, xdaszr.dll, wsidczr.dll, dasidczr.dll, xdidczr.dll, wsaonr.dll, dasaonr.dll, xdaonr.dll, wsasnr.dll, dasasnr.dll, xdasnr.dll, wsidcnr.dll, dasidcnr.dll, xdidcnr.dll, wsaomr.dll, dasaomr.dll, xdaomr.dll, wsasmr.dll, dasasmr.dll, xdasmr.dll, wsidcmr.dll, dasidcmr.dll, xdidcmr.dll, wsaozy.dll, dasaozy.dll, xdaozy.dll, wsaszy.dll, dasaszy.dll, xdaszy.dll, wsidczy.dll, dasidczy.dll, xdidczy.dll, wsaony.dll, dasaony.dll, xdaony.dll, wsasny.dll, dasasny.dll, xdasny.dll, wsidcny.dll, dasidcny.dll, xdidcny.dll, wsaomy.dll, dasaomy.dll, xdaomy.dll, wsasmy.dll, dasasmy.dll, xdasmy.dll, wsidcmy.dll, dasidcmy.dll, xdidcmy.dll

It displays alert messages with popups that download Total Secure 2009:


Use SmitfraudFix to remove the infection.