Tuesday, September 16, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ajk, gj, pik, tbl, avn, i

Possible filenames are:
ajktbl.dll, ajkavn.dll, ajki.dll, gjtbl.dll, gjavn.dll, gji.dll, piktbl.dll, pikavn.dll, piki.dll

It displays alert messages with popups that download Total Secure 2009:


This infection runs a file from its resources, who modifies Avira Antivirus .ini file. This will prevent the Antivirus from scanning some infected files on the system. Easy, and powerful.

This new malware drops users64.dat in %SYSTEM% folder. This lib is executed by infected (patched) binaries in HKLM..Run or HKCU..Run keys.

Use SmitfraudFix to remove the infection.