Mystic Compressor...Greetings to Sunbelt - only they know my name! ;)
Thanks to MAD
Showing posts with label Malware. Show all posts
Showing posts with label Malware. Show all posts
Friday, September 25, 2009
Hidden message to Sunbelt in Mystic Compressor
The Security Fighter rogue trojan-downloader installs 3 malwares: the rogue, a fake windows security center, and a new component coming for the first time with Trust Warrior. In the packer called Mystic Compressor of this component there is a hidden message to Sunbelt Lab.
Thanks to MAD
Thanks to MAD
Friday, May 22, 2009
Presto TuneUp
PrestoTuneUp is a new fake optimizer/cleaner (rogue). It is a clone of My Supervisor.
PrestoTuneUp is made by the same creators of: FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm.
Presto TuneUp detects nonexistent problems (registry, IE Cache, Cookies,...) to scare users. Unlike FastAntivirus/MalwareCatcher family, PrestoTuneUp doesn't detect malware.
Thanks to Bharath
PrestoTuneUp is made by the same creators of: FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm.
Presto TuneUp detects nonexistent problems (registry, IE Cache, Cookies,...) to scare users. Unlike FastAntivirus/MalwareCatcher family, PrestoTuneUp doesn't detect malware.
Thanks to Bharath
Tuesday, February 24, 2009
IEDef family
IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
e, g, y, j, f, g, win, sys
Possible filenames:
eyfwin.dll, eyfsys.dll, eygwin.dll, eygsys.dll, ejfwin.dll, ejfsys.dll, ejgwin.dll, ejgsys.dll, gyfwin.dll, gyfsys.dll, gygwin.dll, gygsys.dll, gjfwin.dll, gjfsys.dll, gjgwin.dll, gjgsys.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
e, g, y, j, f, g, win, sys
Possible filenames:
eyfwin.dll, eyfsys.dll, eygwin.dll, eygsys.dll, ejfwin.dll, ejfsys.dll, ejgwin.dll, ejgsys.dll, gyfwin.dll, gyfsys.dll, gygwin.dll, gygsys.dll, gjfwin.dll, gjfsys.dll, gjgwin.dll, gjgsys.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Friday, February 13, 2009
IEDef family
IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
fe, gu, hy, jo, k, l, t, i
Possible filenames:
fehykt.dll, fehyki.dll, fehylt.dll, fehyli.dll, fejokt.dll, fejoki.dll, fejolt.dll, fejoli.dll, guhykt.dll, guhyki.dll, guhylt.dll, guhyli.dll, gujokt.dll, gujoki.dll, gujolt.dll, gujoli.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
fe, gu, hy, jo, k, l, t, i
Possible filenames:
fehykt.dll, fehyki.dll, fehylt.dll, fehyli.dll, fejokt.dll, fejoki.dll, fejolt.dll, fejoli.dll, guhykt.dll, guhyki.dll, guhylt.dll, guhyli.dll, gujokt.dll, gujoki.dll, gujolt.dll, gujoli.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Tuesday, February 3, 2009
IEDef family
IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
v, c, u, o, s, x, ext, it
Possible filenames:
vusext.dll, vusit.dll, vuxext.dll, vuxit.dll, vosext.dll, vosit.dll, voxext.dll, voxit.dll, cusext.dll, cusit.dll, cuxext.dll, cuxit.dll, cosext.dll, cosit.dll, coxext.dll, coxit.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
v, c, u, o, s, x, ext, it
Possible filenames:
vusext.dll, vusit.dll, vuxext.dll, vuxit.dll, vosext.dll, vosit.dll, voxext.dll, voxit.dll, cusext.dll, cusit.dll, cuxext.dll, cuxit.dll, cosext.dll, cosit.dll, coxext.dll, coxit.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Friday, January 30, 2009
IEDef family
IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ju, lo, n, m, as, ix, t, z
Possible filenames:
junast.dll, junasz.dll, junixt.dll, junixz.dll, jumast.dll, jumasz.dll, jumixt.dll, jumixz.dll, lonast.dll, lonasz.dll, lonixt.dll, lonixz.dll, lomast.dll, lomasz.dll, lomixt.dll, lomixz.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
ju, lo, n, m, as, ix, t, z
Possible filenames:
junast.dll, junasz.dll, junixt.dll, junixz.dll, jumast.dll, jumasz.dll, jumixt.dll, jumixz.dll, lonast.dll, lonasz.dll, lonixt.dll, lonixz.dll, lomast.dll, lomasz.dll, lomixt.dll, lomixz.dll
It displays alert messages with popups that download WinDefender 2009 or IE-Security:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Sunday, January 25, 2009
IEDef family
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
h, j, b, h, s, x, a, f
Possible filenames:
hbsa.dll, hbsf.dll, hbxa.dll, hbxf.dll, hhsa.dll, hhsf.dll, hhxa.dll, hhxf.dll, jbsa.dll, jbsf.dll, jbxa.dll, jbxf.dll, jhsa.dll, jhsf.dll, jhxa.dll, jhxf.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
h, j, b, h, s, x, a, f
Possible filenames:
hbsa.dll, hbsf.dll, hbxa.dll, hbxf.dll, hhsa.dll, hhsf.dll, hhxa.dll, hhxf.dll, jbsa.dll, jbsf.dll, jbxa.dll, jbxf.dll, jhsa.dll, jhsf.dll, jhxa.dll, jhxf.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Friday, January 16, 2009
IEDef family
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
kia, ke, w, g, o, o, 32a, 32
Possible filenames:
kiawo32a.dll, kiawo32.dll, kiawo32a.dll, kiawo32.dll, kiago32a.dll, kiago32.dll, kiago32a.dll, kiago32.dll, kewo32a.dll, kewo32.dll, kewo32a.dll, kewo32.dll, kego32a.dll, kego32.dll, kego32a.dll, kego32.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
kia, ke, w, g, o, o, 32a, 32
Possible filenames:
kiawo32a.dll, kiawo32.dll, kiawo32a.dll, kiawo32.dll, kiago32a.dll, kiago32.dll, kiago32a.dll, kiago32.dll, kewo32a.dll, kewo32.dll, kewo32a.dll, kewo32.dll, kego32a.dll, kego32.dll, kego32a.dll, kego32.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Friday, January 9, 2009
Zlob
A message found in a Zlob binary:
This is a response to Microsoft Windows Defender's Team, which found a first message in a previous binary and post a topic on their blog.
Post in French on MAD's Blog
For Windows Defender's Team:
I saw your post in the blog (10-Oct-2008) about my previous message.
Just want to say 'Hello' from Russia.
You are really good guys.
It was a surprise for me that Microsoft can respond on threats so fast.
I can't sign here now (he-he, sorry), how it was some years ago for more seriously vulnerability for all Windows ;)
Happy New Year, guys, and good luck!
P.S. BTW, we are closing soon. Not because of your work. :-))
So, you will not see some of my great ;) ideas in that family of software.
Try to search in exploits/shellcodes and rootkits.
Also, it is funny (probably for you), but Microsoft offered me a job to help
improve some of Vista's protection. It's not interesting for me, just a life's irony.
This is a response to Microsoft Windows Defender's Team, which found a first message in a previous binary and post a topic on their blog.
Post in French on MAD's Blog
Monday, January 5, 2009
IEDef family
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
int, syst, a, e, 1, 5, b, a
Possible filenames:
inta1b.dll, inta1a.dll, inta5b.dll, inta5a.dll, inte1b.dll, inte1a.dll, inte5b.dll, inte5a.dll, systa1b.dll, systa1a.dll, systa5b.dll, systa5a.dll, syste1b.dll, syste1a.dll, syste5b.dll, syste5a.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
int, syst, a, e, 1, 5, b, a
Possible filenames:
inta1b.dll, inta1a.dll, inta5b.dll, inta5a.dll, inte1b.dll, inte1a.dll, inte5b.dll, inte5a.dll, systa1b.dll, systa1a.dll, systa5b.dll, systa5a.dll, syste1b.dll, syste1a.dll, syste5b.dll, syste5a.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Friday, January 2, 2009
IEDef family
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
k, t, g, d, z, b, 32, 32a
Possible filenames:
kgz32.dll, kgz32a.dll, kgb32.dll, kgb32a.dll, kdz32.dll, kdz32a.dll, kdb32.dll, kdb32a.dll, tgz32.dll, tgz32a.dll, tgb32.dll, tgb32a.dll, tdz32.dll, tdz32a.dll, tdb32.dll, tdb32a.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
French version on MAD
k, t, g, d, z, b, 32, 32a
Possible filenames:
kgz32.dll, kgz32a.dll, kgb32.dll, kgb32a.dll, kdz32.dll, kdz32a.dll, kdb32.dll, kdb32a.dll, tgz32.dll, tgz32a.dll, tgb32.dll, tgb32a.dll, tdz32.dll, tdz32a.dll, tdb32.dll, tdb32a.dll
It displays alert messages with popups that download WinDefender 2009:
and alerts messages that redirect to fake online scanner.
It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
French version on MAD
Tuesday, December 23, 2008
IEDef family
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
dh, f, eg, of, oz, az, r, a
Possible filenames:
dhegozr.dll, dhegoza.dll, dhegazr.dll, dhegaza.dll, dhofozr.dll, dhofoza.dll, dhofazr.dll, dhofaza.dll, fegozr.dll, fegoza.dll, fegazr.dll, fegaza.dll, fofozr.dll, fofoza.dll, fofazr.dll, fofaza.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
dh, f, eg, of, oz, az, r, a
Possible filenames:
dhegozr.dll, dhegoza.dll, dhegazr.dll, dhegaza.dll, dhofozr.dll, dhofoza.dll, dhofazr.dll, dhofaza.dll, fegozr.dll, fegoza.dll, fegazr.dll, fegaza.dll, fofozr.dll, fofoza.dll, fofazr.dll, fofaza.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Sunday, December 21, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\ijofmsu.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2ecca339-c274-40e3-a582-ef4c0e917639}"="bussebuschke"
It also installs Toolbar, BHO, Antivirus Trigger software...
SmitfraudFix removes the infection.
%SYSTEM%\ijofmsu.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2ecca339-c274-40e3-a582-ef4c0e917639}"="bussebuschke"
It also installs Toolbar, BHO, Antivirus Trigger software...
SmitfraudFix removes the infection.
Thursday, December 18, 2008
IEDef family
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
fk, ul, im, in, jz, uv, g, e
Possible filenames:
fkimjzg.dll, fkimjze.dll, fkimuvg.dll, fkimuve.dll, fkinjzg.dll, fkinjze.dll, fkinuvg.dll, fkinuve.dll, ulimjzg.dll, ulimjze.dll, ulimuvg.dll, ulimuve.dll, ulinjzg.dll, ulinjze.dll, ulinuvg.dll, ulinuve.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
fk, ul, im, in, jz, uv, g, e
Possible filenames:
fkimjzg.dll, fkimjze.dll, fkimuvg.dll, fkimuve.dll, fkinjzg.dll, fkinjze.dll, fkinuvg.dll, fkinuve.dll, ulimjzg.dll, ulimjze.dll, ulimuvg.dll, ulimuve.dll, ulinjzg.dll, ulinjze.dll, ulinuvg.dll, ulinuve.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Thursday, December 11, 2008
IEDef family
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
k, l, m, n, z, u, g, e
Possible filenames are:
kmzg.dll, kmze.dll, kmug.dll, kmue.dll, knzg.dll, knze.dll, knug.dll, knue.dll, lmzg.dll, lmze.dll, lmug.dll, lmue.dll, lnzg.dll, lnze.dll, lnug.dll, lnue.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
k, l, m, n, z, u, g, e
Possible filenames are:
kmzg.dll, kmze.dll, kmug.dll, kmue.dll, knzg.dll, knze.dll, knug.dll, knue.dll, lmzg.dll, lmze.dll, lmug.dll, lmue.dll, lnzg.dll, lnze.dll, lnug.dll, lnue.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Wednesday, December 10, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\pgfshvp.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{50e9d039-fb50-4020-a841-1d226ae52b22}"="defroster"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\pgfshvp.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{50e9d039-fb50-4020-a841-1d226ae52b22}"="defroster"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Monday, December 8, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\elmnplw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{341bd909-3367-4307-b37d-fb1cc56387ad}"="cacara"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\elmnplw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{341bd909-3367-4307-b37d-fb1cc56387ad}"="cacara"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
rt, tah, cip, enaz, ot, er
Possible filenames are:
rtcipot.dll, rtciper.dll, rtenazot.dll, rtenazer.dll, tahcipot.dll, tahciper.dll, tahenazot.dll, tahenazer.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
rt, tah, cip, enaz, ot, er
Possible filenames are:
rtcipot.dll, rtciper.dll, rtenazot.dll, rtenazer.dll, tahcipot.dll, tahciper.dll, tahenazot.dll, tahenazer.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Saturday, December 6, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
g, h, c, z, o, e
Possible filenames are:
gco.dll, gce.dll, gzo.dll, gze.dll, hco.dll, hce.dll, hzo.dll, hze.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
g, h, c, z, o, e
Possible filenames are:
gco.dll, gce.dll, gzo.dll, gze.dll, hco.dll, hce.dll, hzo.dll, hze.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Wednesday, December 3, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\gtckad.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{61d70260-527c-44e8-bb23-2243e93808d3}"="achromatic"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\gtckad.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{61d70260-527c-44e8-bb23-2243e93808d3}"="achromatic"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Subscribe to:
Posts (Atom)
