IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ajk, gj, pik, tbl, avn, i
Possible filenames are:
ajktbl.dll, ajkavn.dll, ajki.dll, gjtbl.dll, gjavn.dll, gji.dll, piktbl.dll, pikavn.dll, piki.dll
It displays alert messages with popups that download Total Secure 2009:
This infection runs a file from its resources, who modifies Avira Antivirus .ini file. This will prevent the Antivirus from scanning some infected files on the system. Easy, and powerful.
This new malware drops users64.dat in %SYSTEM% folder. This lib is executed by infected (patched) binaries in HKLM..Run or HKCU..Run keys.
Use SmitfraudFix to remove the infection.