IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
dip, lo, yn, if, xx2, sa
Possible filenames are:
dipynxx2.dll, dipynsa.dll, dipifxx2.dll, dipifsa.dll, loynxx2.dll, loynsa.dll, loifxx2.dll, loifsa.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.