Files could look like: sigma64.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Monday, June 23, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: opus, sigma, nada, 64, 32, 16
Files could look like: sigma64.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: sigma64.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\sgntu.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c27abdde-8a43-4a7f-81c0-3fc3c952284f}"="chicot"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\sgntu.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c27abdde-8a43-4a7f-81c0-3fc3c952284f}"="chicot"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Thursday, June 19, 2008
Wednesday, June 18, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: da, co, i, def, pol, ni
Files could look like: dadef.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: dadef.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\funfsnv.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{99f8405b-63d1-421a-83bb-7b4b0642ac28}"="eulogical"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\funfsnv.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{99f8405b-63d1-421a-83bb-7b4b0642ac28}"="eulogical"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Tuesday, June 17, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: x, c, s, edif, osys, ecol, ns, pd, gd, a, o, y
Files could look like: cosysnsy.dll, xecolgda.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: cosysnsy.dll, xecolgda.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Monday, June 16, 2008
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\ksendlbt???.dll (where ? is a random caracter)
%WINDOWS%\vrmdtneg.dll
%WINDOWS%\xvorfwbd.dll
%WINDOWS%\wpvmqosg.dll
%WINDOWS%\neltabxw.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
%WINDOWS%\ksendlbt???.dll (where ? is a random caracter)
%WINDOWS%\vrmdtneg.dll
%WINDOWS%\xvorfwbd.dll
%WINDOWS%\wpvmqosg.dll
%WINDOWS%\neltabxw.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
Zlob, fake download
Zlob infections are related to p0rn sites !
This used to be true but it is not anymore. After Fake Codec Errors , Fake Flash Errors, Fake Flash Version, Faked MP3 Download.
Zlob infections familly (Rogue installer Antispycheck/IEAntivirus, DNS Changer, VAC) is also spread on Fake Cracks/Warez Blogs or Fake Softwares Downloads WebSites.
Notice the "*100% checked by Antivirus" comment ;)
This used to be true but it is not anymore. After Fake Codec Errors , Fake Flash Errors, Fake Flash Version, Faked MP3 Download.
Zlob infections familly (Rogue installer Antispycheck/IEAntivirus, DNS Changer, VAC) is also spread on Fake Cracks/Warez Blogs or Fake Softwares Downloads WebSites.
Notice the "*100% checked by Antivirus" comment ;)
Sunday, June 15, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: t, p, b, a, o, u, pdf, sdg, pls, an, o, im
Files could look like: paplsan.dll, pasdgo.dll, tasdgo.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: paplsan.dll, pasdgo.dll, tasdgo.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Friday, June 13, 2008
Routers DNS.Changer
A new version of DNSChanger trojan has been discovered. This time, the malware doesn't only affect the system DNS settings. It targets the router itself.
From a list of different routers URLs and a dictionary of default passwords, the malware brute force the web interface and hijacks DNS settings.
List of URL from various routers
Dictionary of default login:passwords
DNSChanger IP address in Ukraine
If the attack succeeds, all computers in the network using the router DNS settings are affected. The hijacked devise can redirects connections to a fake website.
See trustedsource.org and washingtonpost.com blogs.
From a list of different routers URLs and a dictionary of default passwords, the malware brute force the web interface and hijacks DNS settings.
List of URL from various routers
Dictionary of default login:passwords
DNSChanger IP address in Ukraine
If the attack succeeds, all computers in the network using the router DNS settings are affected. The hijacked devise can redirects connections to a fake website.
See trustedsource.org and washingtonpost.com blogs.
Antispycheck 2.1.0
A new rogue, AntiSpyCheck, has been released. This rogue is automatically installed by a Zlob trojan.
Use SmitfraudFix to remove the infection.
Use SmitfraudFix to remove the infection.
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\kfcpnd.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}"="campaniform"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\kfcpnd.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}"="campaniform"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Monday, June 9, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: t, p, b, a, o, u, sant, post, sect, 32, 16a, 8x
Files could look like: tosant32.dll, pasant32.dll ...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Files could look like: tosant32.dll, pasant32.dll ...
and displays alert messages:
Use SmitfraudFix to remove the infection.
Thursday, June 5, 2008
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\nogxfvbl???.dll (where ? is a random caracter)
%WINDOWS%\nmwegbsf.dll
%WINDOWS%\adgpfoxs.dll
%WINDOWS%\erpobmsw.dll
%WINDOWS%\xbqmfsed.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
%WINDOWS%\nogxfvbl???.dll (where ? is a random caracter)
%WINDOWS%\nmwegbsf.dll
%WINDOWS%\adgpfoxs.dll
%WINDOWS%\erpobmsw.dll
%WINDOWS%\xbqmfsed.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
Monday, June 2, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it still use the same dictionary to compose the filename but it displays a new message box with the registered user name (pixelized on the screenshot):
Use SmitfraudFix to remove the infection.
Use SmitfraudFix to remove the infection.
Subscribe to:
Posts (Atom)
