Tuesday, April 29, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: one, ssva, uno, nas, p, k, ek, ad, us

Files could look like: unopus.dll...

and displays alert messages:


Use SmitfraudFix to remove the infection.

Monday, April 28, 2008

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\gndarmbl???.dll (where ? is a random caracter)
%WINDOWS%\wxdbpfvo.dll
%WINDOWS%\qadovnel.dll
%WINDOWS%\bdkpfxqw.dll
%WINDOWS%\spwoqbmv.exe
%WINDOWS%\xbaqktfv.exe

Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\uyhjw.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

It also installs Toolbar, BHO, VirusHeat Rogue software...

SmitfraudFix removes the infection.

Friday, April 25, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\zfaiqwr.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0fdc513-46b9-46fc-8e70-d575ee546dae}"="frowardness "

It also installs Toolbar, BHO, VirusHeat Rogue software...

Use SmitfraudFix to remove the infection.

IE Antivirus

A new Rogue has been released: IE Antivirus.
This rogues looks like: IE Defender, Files Secure, Malware Bell.



SmitfraudFix removes the infection.

Wednesday, April 23, 2008

IE Defender, Files Secure, Malware Bell

IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: k, w, z, o, so, onsa, l, na, rad

Files could look like: zsol.dll, wol.dll...

and displays alert messages:


SmitfraudFix removes the infection.

Monday, April 21, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\rkaxfza.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"="garcea"

It also installs Toolbar, BHO, VirusHeat Rogue software...

Use SmitfraudFix to remove the infection.

Sunday, April 20, 2008

IE Defender, Files Secure, Malware Bell

IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: t, p, z, o, so, onsa, kr, pl, dnr, u, y, e

Files could look like: ponsadnru.dll, ponsaple.dll, tsoply.dll, zople.dll...

and displays alert messages:


Use SmitfraudFix to remove the infection.

Saturday, April 19, 2008

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\qnmargol???.dll (where ? is a random caracter)
%WINDOWS%\dpevflbg.dll
%WINDOWS%\vadokmxt.dll
%WINDOWS%\wdpoefan.dll

Use SmitfraudFix to remove the infection.

IE Defender, Files Secure, Malware Bell

IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: ol, si, un, ad, on, id, a, e, y, 16, 32, 64

Files could look like: unady64.dll

and displays alert messages:


Use SmitfraudFix to remove the infection.

IE Defender, Files Secure, Malware Bell

IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: sim, op, ku, _de, _uk, _us, 16, 32, 64...

Files could be: simop_de32.dll, simku_uk16.dll...

and displays alert messages:


Use SmitfraudFix to remove the infection.

Friday, April 18, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\bubbj.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"="exegeses"

It also installs Toolbar, BHO, VirusHeat Rogue software...

This bubbj.dll filename has already been used last year by this infection. This time the CLSID is different.

Use SmitfraudFix to remove the infection.

Thursday, April 17, 2008

IE Defender, Files Secure, Malware Bell

IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: pa, ko, ny, do, net, api, 32, 99...

Files could be: nydo32r.dll

and displays alert messages:


Use SmitfraudFix to remove the infection.

Wednesday, April 16, 2008

IE Defender, Files Secure, Malware Bell

IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: sys, pol, net, owl,api, web, 16,32,64...

Files could be: netweb64c.dll, sysapi32a.dll ...

and displays alert messages:


Use SmitfraudFix to remove the infection.

Tuesday, April 15, 2008

IEDefender

IE Defender/Files Secure/MalwareBell Codec has been update, it installs the following files:

%WINDOWS%\pctools.dll

and displays alert messages:


See: http://secubox.aldria.com/topic-2320.html
Use SmitfraudFix to remove the infection.

Monday, April 14, 2008

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\vualf.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{12a31567-9883-4cc0-a684-ad5804394d69}"="hemimorphite"

It also installs Toolbar, BHO, VirusHeat Rogue software...

Use SmitfraudFix to remove the infection.

Malware Bell

A new Rogue has been released: Malware Bell.
This rogues looks like: IE Defender, Files Secure.

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\lgmxvpat???.dll (where ? is a random caracter)
%WINDOWS%\qtvglped.dll
%WINDOWS%\pmsoarbf.dll
%WINDOWS%\omlbpkaw.dll

Use SmitfraudFix to remove the infection.

IEDefender

IE Defender/Files Secure Codec has been update, it installs the following files:

%WINDOWS%\ps16sys.dll

It displays alert messages:


See: http://secubox.aldria.com/edit-post3200.html
Use SmitfraudFix to remove the infection.

Sunday, April 13, 2008

IEDefender

IE Defender/Files Secure Codec has been update, it installs the following files:

%WINDOWS%\winsurf.dll

It displays alert messages:


See: http://secubox.aldria.com/topic-2318.html
Use SmitfraudFix to remove the infection.

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\nslbvxpg???.dll (where ? is a random caracter)
%WINDOWS%\sgoblxtm.dll
%WINDOWS%\ogxtsepr.dll
%WINDOWS%\dsktbwfe.dll

SmitfraudFix removes the infection.

VideoAccessCodec (VAC)

VideoAccessCodec (aka VAC, VideoCach, MediaTubeCodec, Media Codec Software, Video ActiveX Codec) is installed from web sites proposing video and a codec (trojan) installation.



It installs a toolbar in Internet Explorer:


and displays fake IE alert bars, linking to rogues: