Tuesday, February 24, 2009

IEDef family

IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
e, g, y, j, f, g, win, sys

Possible filenames:
eyfwin.dll, eyfsys.dll, eygwin.dll, eygsys.dll, ejfwin.dll, ejfsys.dll, ejgwin.dll, ejgsys.dll, gyfwin.dll, gyfsys.dll, gygwin.dll, gygsys.dll, gjfwin.dll, gjfsys.dll, gjgwin.dll, gjgsys.dll

It displays alert messages with popups that download WinDefender 2009 or IE-Security:


and alerts messages that redirect to fake online scanner.


It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.