Monday, September 29, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
gp, hj, at, ax, bs, vok

Possible filenames are:
gpatbs.dll, gpatvok.dll, gpaxbs.dll, gpaxvok.dll, hjatbs.dll, hjatvok.dll, hjaxbs.dll, hjaxvok.dll

It displays alert messages with popups that download Total Secure 2009:


It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Free Porn.url , Free MP3 Search.url, Search Online.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Wednesday, September 24, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
v, x, add, app, es, it

Possible filenames are:
vaddes.dll, vaddit.dll, vappes.dll, vappit.dll, xaddes.dll, xaddit.dll, xappes.dll, xappit.dll

It displays alert messages with popups that download Total Secure 2009:


It also drops a new Internet Shortcut on the desktop, Favorites, Start Menu: Free Porn.url with Free MP3 Search.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Tuesday, September 23, 2008

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\dfmlxbpk???.dll (where ? is a random caracter)
%WINDOWS%\peltodgx.dll
%WINDOWS%\rwlfsdmk.dll
%WINDOWS%\onfwbsak.dll
%WINDOWS%\fbxrqtwn.exe
%WINDOWS%\e???.exe (where ? is a random caracter)

Use SmitfraudFix to remove the infection.

Monday, September 22, 2008

eAntivirusPro

eAntivirusPro is a fake security software (rogue) from the AntiMalware 2009, Micro Antivirus 2009, Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus family... that detects infections on a clean system.

AntiMalware 2009

AntiMalware 2009 is a fake security software (rogue) from the Micro Antivirus 2009, Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus family... that detects infections on a clean system.

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
p, f, h, g, a, i

Possible filenames are:
pha.dll, phi.dll, pga.dll, pgi.dll, fha.dll, fhi.dll, fga.dll, fgi.dll

It displays alert messages with popups that download Total Secure 2009:


It also drops a new Internet Shortcut on the desktop: Free MP3 Search.url with VIP Casino.url

Use SmitfraudFix to remove the infection.

Saturday, September 20, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ha, p, re, gy, 32, ss

Possible filenames are:
hare32.dll, haress.dll, hagy32.dll, hagyss.dll, pre32.dll, press.dll, pgy32.dll, pgyss.dll

It displays alert messages with popups that download Total Secure 2009:


At this time, there is no more extra dropper (users64.dat) in this version. But things could change quickly.

Use SmitfraudFix to remove the infection.

Tuesday, September 16, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ajk, gj, pik, tbl, avn, i

Possible filenames are:
ajktbl.dll, ajkavn.dll, ajki.dll, gjtbl.dll, gjavn.dll, gji.dll, piktbl.dll, pikavn.dll, piki.dll

It displays alert messages with popups that download Total Secure 2009:


This infection runs a file from its resources, who modifies Avira Antivirus .ini file. This will prevent the Antivirus from scanning some infected files on the system. Easy, and powerful.

This new malware drops users64.dat in %SYSTEM% folder. This lib is executed by infected (patched) binaries in HKLM..Run or HKCU..Run keys.

Use SmitfraudFix to remove the infection.

Monday, September 15, 2008

Virus Response Lab 2009

A new rogue, Virus Response Lab 2009, has been released. This rogue is a new version of Antivirus Lab 2009. It is automatically installed by a Zlob trojan.



Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\zafhemm.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d332d3a-0114-4492-8521-c2b93b4db160}"="aspalathus"

It also installs Toolbar, BHO, Virus Response Lab 2009 software...

SmitfraudFix removes the infection.

Sunday, September 14, 2008

Zlob

Zlob fake codec is back and updated with a new rogue.

Some days ago, the Zlob dll dropper, and responsible of fake alerts messages, was replaced by MS Antivirus Rogue. Something new was predictable, it's done. This new version drops the following file:

%SYSTEM%\fbjvt.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6b9a461b-893f-45ee-8c59-06d3a2223b24}"="coxite"

It also installs Toolbar, BHO, Antivirus Lab 2009 software...

SmitfraudFix removes the infection.

Antivirus Lab 2009

A new rogue, Antivirus Lab 2009, has been released. This rogue is automatically installed by a Zlob trojan.



Use SmitfraudFix to remove the infection.

Saturday, September 13, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
gc, lc, gx, pta, sto, ait

Possible filenames are:
gcpta.dll, gcsto.dll, gcait.dll, lcpta.dll, lcsto.dll, lcait.dll, gxpta.dll, gxsto.dll, gxait.dll

It displays alert messages with popups that download Total Secure 2009:


Use SmitfraudFix to remove the infection.

Friday, September 12, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
gas, gam, gm, pt, st, ai

Possible filenames are:
gaspt.dll, gasst.dll, gasai.dll, gampt.dll, gamst.dll, gamai.dll, gmpt.dll, gmst.dll, gmai.dll

It displays alert messages with popups that download Total Secure 2009:


Use SmitfraudFix to remove the infection.

Thursday, September 11, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
gax, gm, gmd, ptr, stc, api

Possible filenames are:
gaxptr.dll, gaxstc.dll, gaxapi.dll, gmptr.dll, gmstc.dll, gmapi.dll, gmdptr.dll, gmdstc.dll, gmdapi.dll

It displays alert messages with popups that download Total Secure 2009:


Use SmitfraudFix to remove the infection.

Wednesday, September 10, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
game, g, gmx, X, sxt, ap

Possible filenames are:
gameX.dll, gamesxt.dll, gameap.dll, gX.dll, gsxt.dll, gap.dll, gmxX.dll, gmxsxt.dll, gmxap.dll

It displays alert messages with popups that download Total Secure 2009:


Use SmitfraudFix to remove the infection.

Tuesday, September 9, 2008

Micro Antivirus 2009

Micro Antivirus 2009 is another fake security software (rogue) from the Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus family... that detects infections on a clean system.



SmitfraudFix removes the infection.

XPert Antivirus

XPert Antivirus is another fake security software (rogue) from the Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus family... that detects infections on a clean system.



SmitfraudFix removes the infection.

Power Antivirus

Power Antivirus is a new version of Power-Antivirus-2009, a fake security software from the Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus family... that detects infections on a clean system.





SmitfraudFix removes the infection.

Advanced Antivirus

Advanced Antivirus rogue, is another fake security software from the Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus family... that detects infections on a clean system.



SmitfraudFix removes the infection.

MS Antivirus

New version of the rogue MS Antivirus. Another fake security software from the Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009 family... that detects infections on a clean system.



SmitfraudFix removes the infection.

Monday, September 8, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
bhoie, b_ie, iebho, surf, sf, s

Possible filenames are:
bhoiesurf.dll, bhoiesf.dll, bhoies.dll, b_iesurf.dll, b_iesf.dll, b_ies.dll, iebhosurf.dll, iebhosf.dll, iebhos.dll

It displays alert messages with popups that download Total Secure 2009:


Use SmitfraudFix to remove the infection.

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\vmgspntb???.dll (where ? is a random caracter)
%WINDOWS%\fqbewlna.dll
%WINDOWS%\mgxfebsq.dll
%WINDOWS%\dtseqrxk.dll
%WINDOWS%\mqgldfvo.exe
%WINDOWS%\e???.exe (where ? is a random caracter)

Use SmitfraudFix to remove the infection.

Saturday, September 6, 2008

Total Secure 2009

Total Secure 2009 skin has been update.
A change for this rogue family that used to have the same GUI (IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009).



SmitfraudFix removes the infection.

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
sup, sys, roi, safe, sf, s

Possible filenames are:
supsafe.dll, supsf.dll, sups.dll, syssafe.dll, syssf.dll, syss.dll, roisafe.dll, roisf.dll, rois.dll

It displays alert messages with popups that download Total Secure 2009:


Use SmitfraudFix to remove the infection.

Friday, September 5, 2008

Smart Antivirus 2009

Smart Antivirus 2009 is a rogue from the same family as Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus family...
These fake security softwares detect infections on a clean system.



It is also trying to modify the desktop background. A fake dll file is dropped in the %TEMP% folder which is a JPG file:


SmitfraudFix removes the malware.
Thanks to Bharath M N.

Monday, September 1, 2008

System Antivirus 2008

System Antivirus 2008 is a rogue from the same family as Vista Antivirus 2008, Antispyware 2008 XP, Internet Antivirus family.
These fake security softwares detect infections on a clean system.



SmitfraudFix removes the malware.

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
cf, df, lp, ax, ov, en, 32i, 32u, 32x

Possible filenames are:
cfax32i.dll, dfax32i.dll, lpax32i.dll, cfov32i.dll, dfov32i.dll, lpov32i.dll, cfen32i.dll, dfen32i.dll, lpen32i.dll, cfax32u.dll, dfax32u.dll, lpax32u.dll, cfov32u.dll, dfov32u.dll, lpov32u.dll, cfen32u.dll, dfen32u.dll, lpen32u.dll, cfax32x.dll, dfax32x.dll, lpax32x.dll, cfov32x.dll, dfov32x.dll, lpov32x.dll, cfen32x.dll, dfen32x.dll, lpen32x.dll

It displays alert messages with popups that download Total Secure 2009:


and hijacks Google searches:


Use SmitfraudFix to remove the infection.