Tuesday, October 30, 2007

Multimedia Decoder

Multimedia Decoder is another fake codec installing malware.
It displays fake alert to install IEDefender Rogue and Hijacks google pages with an alert and a malware p0rn link.





Wednesday, October 24, 2007

VirusRay 3.8

A new Rogue has been released: VirusRay.
This rogues looks like: Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.

Saturday, October 6, 2007

Trojan SPM/LX

Smitfraud family Malware.
Displays fake alert messages, Hijacks desktop background.



Tuesday, October 2, 2007

Spyware.WinAntiVirus

A new version of Spyware.WinAntiVirus has been released.

HijackThis symptoms:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - Startup: info.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: info.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat