IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: one, ssva, uno, nas, p, k, ek, ad, us
Files could look like: unopus.dll...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Tuesday, April 29, 2008
Monday, April 28, 2008
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\gndarmbl???.dll (where ? is a random caracter)
%WINDOWS%\wxdbpfvo.dll
%WINDOWS%\qadovnel.dll
%WINDOWS%\bdkpfxqw.dll
%WINDOWS%\spwoqbmv.exe
%WINDOWS%\xbaqktfv.exe
Use SmitfraudFix to remove the infection.
%WINDOWS%\gndarmbl???.dll (where ? is a random caracter)
%WINDOWS%\wxdbpfvo.dll
%WINDOWS%\qadovnel.dll
%WINDOWS%\bdkpfxqw.dll
%WINDOWS%\spwoqbmv.exe
%WINDOWS%\xbaqktfv.exe
Use SmitfraudFix to remove the infection.
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\uyhjw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
It also installs Toolbar, BHO, VirusHeat Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\uyhjw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
It also installs Toolbar, BHO, VirusHeat Rogue software...
SmitfraudFix removes the infection.
Friday, April 25, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\zfaiqwr.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0fdc513-46b9-46fc-8e70-d575ee546dae}"="frowardness "
It also installs Toolbar, BHO, VirusHeat Rogue software...
Use SmitfraudFix to remove the infection.
%SYSTEM%\zfaiqwr.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0fdc513-46b9-46fc-8e70-d575ee546dae}"="frowardness "
It also installs Toolbar, BHO, VirusHeat Rogue software...
Use SmitfraudFix to remove the infection.
IE Antivirus
A new Rogue has been released: IE Antivirus.
This rogues looks like: IE Defender, Files Secure, Malware Bell.
SmitfraudFix removes the infection.
This rogues looks like: IE Defender, Files Secure, Malware Bell.
SmitfraudFix removes the infection.
Libellés :
IEDef,
Rogues,
ScreenShots
Wednesday, April 23, 2008
IE Defender, Files Secure, Malware Bell
IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: k, w, z, o, so, onsa, l, na, rad
Files could look like: zsol.dll, wol.dll...
and displays alert messages:
SmitfraudFix removes the infection.
Files could look like: zsol.dll, wol.dll...
and displays alert messages:
SmitfraudFix removes the infection.
Monday, April 21, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\rkaxfza.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"="garcea"
It also installs Toolbar, BHO, VirusHeat Rogue software...
Use SmitfraudFix to remove the infection.
%SYSTEM%\rkaxfza.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"="garcea"
It also installs Toolbar, BHO, VirusHeat Rogue software...
Use SmitfraudFix to remove the infection.
Sunday, April 20, 2008
IE Defender, Files Secure, Malware Bell
IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: t, p, z, o, so, onsa, kr, pl, dnr, u, y, e
Files could look like: ponsadnru.dll, ponsaple.dll, tsoply.dll, zople.dll...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Files could look like: ponsadnru.dll, ponsaple.dll, tsoply.dll, zople.dll...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Saturday, April 19, 2008
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\qnmargol???.dll (where ? is a random caracter)
%WINDOWS%\dpevflbg.dll
%WINDOWS%\vadokmxt.dll
%WINDOWS%\wdpoefan.dll
Use SmitfraudFix to remove the infection.
%WINDOWS%\qnmargol???.dll (where ? is a random caracter)
%WINDOWS%\dpevflbg.dll
%WINDOWS%\vadokmxt.dll
%WINDOWS%\wdpoefan.dll
Use SmitfraudFix to remove the infection.
IE Defender, Files Secure, Malware Bell
IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: ol, si, un, ad, on, id, a, e, y, 16, 32, 64
Files could look like: unady64.dll
and displays alert messages:
Use SmitfraudFix to remove the infection.
Files could look like: unady64.dll
and displays alert messages:
Use SmitfraudFix to remove the infection.
IE Defender, Files Secure, Malware Bell
IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: sim, op, ku, _de, _uk, _us, 16, 32, 64...
Files could be: simop_de32.dll, simku_uk16.dll...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Files could be: simop_de32.dll, simku_uk16.dll...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Friday, April 18, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\bubbj.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"="exegeses"
It also installs Toolbar, BHO, VirusHeat Rogue software...
This bubbj.dll filename has already been used last year by this infection. This time the CLSID is different.
Use SmitfraudFix to remove the infection.
%SYSTEM%\bubbj.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{db763ed8-100a-481b-8913-50a2f41dcdc3}"="exegeses"
It also installs Toolbar, BHO, VirusHeat Rogue software...
This bubbj.dll filename has already been used last year by this infection. This time the CLSID is different.
Use SmitfraudFix to remove the infection.
Thursday, April 17, 2008
IE Defender, Files Secure, Malware Bell
IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: pa, ko, ny, do, net, api, 32, 99...
Files could be: nydo32r.dll
and displays alert messages:
Use SmitfraudFix to remove the infection.
Files could be: nydo32r.dll
and displays alert messages:
Use SmitfraudFix to remove the infection.
Wednesday, April 16, 2008
IE Defender, Files Secure, Malware Bell
IE Defender/Files Secure/MalwareBell Codec has been update, it installs files with semi-random filenames, composed from fragment words: sys, pol, net, owl,api, web, 16,32,64...
Files could be: netweb64c.dll, sysapi32a.dll ...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Files could be: netweb64c.dll, sysapi32a.dll ...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Tuesday, April 15, 2008
IEDefender
IE Defender/Files Secure/MalwareBell Codec has been update, it installs the following files:
%WINDOWS%\pctools.dll
and displays alert messages:
See: http://secubox.aldria.com/topic-2320.html
Use SmitfraudFix to remove the infection.
%WINDOWS%\pctools.dll
and displays alert messages:
See: http://secubox.aldria.com/topic-2320.html
Use SmitfraudFix to remove the infection.
Monday, April 14, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\vualf.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{12a31567-9883-4cc0-a684-ad5804394d69}"="hemimorphite"
It also installs Toolbar, BHO, VirusHeat Rogue software...
Use SmitfraudFix to remove the infection.
%SYSTEM%\vualf.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{12a31567-9883-4cc0-a684-ad5804394d69}"="hemimorphite"
It also installs Toolbar, BHO, VirusHeat Rogue software...
Use SmitfraudFix to remove the infection.
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\lgmxvpat???.dll (where ? is a random caracter)
%WINDOWS%\qtvglped.dll
%WINDOWS%\pmsoarbf.dll
%WINDOWS%\omlbpkaw.dll
Use SmitfraudFix to remove the infection.
%WINDOWS%\lgmxvpat???.dll (where ? is a random caracter)
%WINDOWS%\qtvglped.dll
%WINDOWS%\pmsoarbf.dll
%WINDOWS%\omlbpkaw.dll
Use SmitfraudFix to remove the infection.
IEDefender
IE Defender/Files Secure Codec has been update, it installs the following files:
%WINDOWS%\ps16sys.dll
It displays alert messages:
See: http://secubox.aldria.com/edit-post3200.html
Use SmitfraudFix to remove the infection.
%WINDOWS%\ps16sys.dll
It displays alert messages:
See: http://secubox.aldria.com/edit-post3200.html
Use SmitfraudFix to remove the infection.
Libellés :
IEDef,
Malware,
ScreenShots
Sunday, April 13, 2008
IEDefender
IE Defender/Files Secure Codec has been update, it installs the following files:
%WINDOWS%\winsurf.dll
It displays alert messages:
See: http://secubox.aldria.com/topic-2318.html
Use SmitfraudFix to remove the infection.
%WINDOWS%\winsurf.dll
It displays alert messages:
See: http://secubox.aldria.com/topic-2318.html
Use SmitfraudFix to remove the infection.
Libellés :
IEDef,
Malware,
ScreenShots
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\nslbvxpg???.dll (where ? is a random caracter)
%WINDOWS%\sgoblxtm.dll
%WINDOWS%\ogxtsepr.dll
%WINDOWS%\dsktbwfe.dll
SmitfraudFix removes the infection.
%WINDOWS%\nslbvxpg???.dll (where ? is a random caracter)
%WINDOWS%\sgoblxtm.dll
%WINDOWS%\ogxtsepr.dll
%WINDOWS%\dsktbwfe.dll
SmitfraudFix removes the infection.
VideoAccessCodec (VAC)
VideoAccessCodec (aka VAC, VideoCach, MediaTubeCodec, Media Codec Software, Video ActiveX Codec) is installed from web sites proposing video and a codec (trojan) installation.
It installs a toolbar in Internet Explorer:
and displays fake IE alert bars, linking to rogues:
It installs a toolbar in Internet Explorer:
and displays fake IE alert bars, linking to rogues:
Libellés :
FakeSiteMessage,
Malware,
ScreenShots,
VAC
Subscribe to:
Posts (Atom)