VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\boqnrwdm???.dll (where ? is a random caracter)
%WINDOWS%\atfxqogp.dll
%WINDOWS%\vltdfabw.dll
%WINDOWS%\vregfwlx.dll
%WINDOWS%\xmpstean.exe
%WINDOWS%\eqln.exe

Use SmitfraudFix to remove the infection.

VideoAccessCodec (VAC), Virus Alert!

The new version of Video Access Codec infection installs some policies that prevent Command Line execution.

It also displays a message: Virus Alert! in the Windows Clock, removes some Start Menu icons, and hides drives icons.



Use SmitfraudFix to remove the infection.

Video ActiveX Object Error

Fake Video suggesting Fake Codec installation, and dropping iSecurity Malware (infected Windows Security icon in Control Panel).



Thanks to nosirrah.

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: ap, od, ik, sa, do, unbe, gy, ps, xu

Files could look like: iksaps.dll, apunbeps.dll, apsagy.dll ...

and displays alert messages:


Use SmitfraudFix to remove the infection.

Zlob, VideoAccessCodec (VAC)

Websites proposing malware installation under fake codec message have seen an evolution, according to Secure Computing, Zlob threat hides as free, faked MP3 download.

VideoAccessCodec fake messages content have also changed, proposing a Fake Flash installation:



Thanks to MAD.

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\fvowketq???.dll (where ? is a random caracter)
%WINDOWS%\pvnsmfor.dll
%WINDOWS%\mpfanvqg.dll
%WINDOWS%\vbksrofa.dll
%WINDOWS%\oadkxrts.exe
%WINDOWS%\epfg.exe

Use SmitfraudFix to remove the infection.

SecuGate

SecuGate is a new service provided by MAD. Users can submit infected URL (Sploited WebSite, Link to files) to a semi-automated analyse engine.

With it, analysts can get precious informations about new, updated and old infections.

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs the following a file:

%WINDOWS%\iebho.dll

and displays alert messages:


Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\rtmipr.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"="delayingly"

It also installs Toolbar, BHO, VirusHeat Rogue software...

SmitfraudFix removes the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\qdsba.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af73a174-ea1b-4f0b-b0b1-fe1486a6719c}"="communa"

It also installs Toolbar, BHO, VirusHeat Rogue software...

SmitfraudFix removes the infection.

VirusHeat 4.4

A new version of the rogue VirusHeat has been released. This rogues looks like: VirusProtect, VirusRay, Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: f, vid, pn, as, op, k, 32, 16, 64

Files could look like: vidk32.dll...

and displays alert messages:


Use SmitfraudFix to remove the infection.