Monday, September 29, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
gp, hj, at, ax, bs, vok

Possible filenames are:
gpatbs.dll, gpatvok.dll, gpaxbs.dll, gpaxvok.dll, hjatbs.dll, hjatvok.dll, hjaxbs.dll, hjaxvok.dll

It displays alert messages with popups that download Total Secure 2009:

It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Free Porn.url , Free MP3 Search.url, Search Online.url and VIP Casino.url

Use SmitfraudFix to remove the infection.