Zlob fake codec has been update. It drops the following file:
%SYSTEM%\jkqvjzl.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c96395b8-ab09-46a4-b539-7ddf6e061808}"="ceroxylon"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Thursday, July 31, 2008
Tuesday, July 29, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs a file with semi-random filename composed from fragment words: aol, aol_, aol2, tbl, bho, toolbar
Possible filenames are: aoltbl.dll, aolbho.dll, aoltoolbar.dll, aol_tbl.dll, aol_bho.dll, aol_toolbar.dll, aol2tbl.dll, aol2bho.dll, aol2toolbar.dll
It displays alert messages with popups that download IE Antivirus:
Use SmitfraudFix to remove the infection.
Possible filenames are: aoltbl.dll, aolbho.dll, aoltoolbar.dll, aol_tbl.dll, aol_bho.dll, aol_toolbar.dll, aol2tbl.dll, aol2bho.dll, aol2toolbar.dll
It displays alert messages with popups that download IE Antivirus:
Use SmitfraudFix to remove the infection.
Monday, July 28, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\yizgdux.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ba934431-76af-4c99-93c2-c3d21944a72e}"="chokestrap"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\yizgdux.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ba934431-76af-4c99-93c2-c3d21944a72e}"="chokestrap"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Thursday, July 24, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: dom, hom, sof, ie, bho, iebho
Files could look like: domie.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: domie.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Wednesday, July 23, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: bho, bho2, ie, ext, extn, _e
Files could look like: bho2extn.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: bho2extn.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Tuesday, July 22, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\uszhv.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{629340b5-8df6-4211-9245-a86563a35792}"="cramping"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\uszhv.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{629340b5-8df6-4211-9245-a86563a35792}"="cramping"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Sunday, July 20, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: ie, iex, IE_, filter, flt, fil
Files could look like: iefilter.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: iefilter.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
MO5.com in danger.
A post in French, for once, about one of my hobby (vintage 8-bit computers): A non-profit association, MO5.com, is in danger. A collection of 30.000 items composed of old school computers might be scattered or disappear.
Suite à la visite d'une commission de sécurité , les locaux où sont entreposés plus de 30.000 pièces (ordinateurs, consoles, magazines, CD et diverses geekeries) ont été jugés dangereux.
Cette commission demande le départ de cette fabuleuse collection, seulement l'association n'a pas les moyens logistiques et financier pour rebondir.
C'est pourquoi MO5.COM demande un coup de main à tous les geeks/geekettes de France, pour sauver de l'anéantissement tout ce travail.
Pour plus d'informations, rendez-vous sur leur lettre de soutien.
Suite à la visite d'une commission de sécurité , les locaux où sont entreposés plus de 30.000 pièces (ordinateurs, consoles, magazines, CD et diverses geekeries) ont été jugés dangereux.Cette commission demande le départ de cette fabuleuse collection, seulement l'association n'a pas les moyens logistiques et financier pour rebondir.
C'est pourquoi MO5.COM demande un coup de main à tous les geeks/geekettes de France, pour sauver de l'anéantissement tout ce travail.
Pour plus d'informations, rendez-vous sur leur lettre de soutien.
Saturday, July 19, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\xevhbpw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{201a14d7-b5b4-422c-816f-5f2a1e92e0e7}"="incorrectnesses"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\xevhbpw.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{201a14d7-b5b4-422c-816f-5f2a1e92e0e7}"="incorrectnesses"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: tb, toolbar, tbr, srch, s, sch
Files could look like: toolbars.dll, tbrsrch.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: toolbars.dll, tbrsrch.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Saturday, July 12, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: ie, iexp, inte, fltr, fl, _f
Files could look like: iefltr.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: iefltr.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Wednesday, July 9, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: nav, nvg, nv, filter, flt, f
Files could look like: nvgflt.dll, nvgf.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: nvgflt.dll, nvgf.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Monday, July 7, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: eps, epson, eps, drv, bho, 32
Files could look like: epsdrv.dll, epsondrv.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: epsdrv.dll, epsondrv.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Sunday, July 6, 2008
Fake Cracks/Keygen Video
Following the serie Zlob for dummies, MAD made a video of the consequences of running a Trojan from a Fake Crack Blog. (MAD Article)
Friday, July 4, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\hkushdr.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d1577581-2ed7-469f-99b1-72c1339e0ee0}"="doctordom"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\hkushdr.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d1577581-2ed7-469f-99b1-72c1339e0ee0}"="doctordom"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: avg, ant, avira, safe, _sr, _ss
Files could look like: avg_sr.dll, avirasafe.dll, ant_ss.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: avg_sr.dll, avirasafe.dll, ant_ss.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Thursday, July 3, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: agin, snop, wdol, _bho, tas, o32
Files could look like: agintas.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: agintas.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Wednesday, July 2, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus
IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: sl, ps, dig, a32, onyx, arox
Files could look like: slarox.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Files could look like: slarox.dll ...
and displays alert messages with popups:
Use SmitfraudFix to remove the infection.
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\blbpeoy.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ecc974ae-6ede-44a2-90da-93b996d8eaf8}"="frizzed"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
%SYSTEM%\blbpeoy.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ecc974ae-6ede-44a2-90da-93b996d8eaf8}"="frizzed"
It also installs Toolbar, BHO, Antispycheck Rogue software...
SmitfraudFix removes the infection.
Tuesday, July 1, 2008
Zlob for dummies.
MAD wrote a topic (french) about Zlob infections.
The second part is less technical and speaks about infected victims. Some users have irresponsible comportments that lead to infection. This can sometimes be resumed as: I have an Antivirus suite, I'msafe still vulnerable.
Image Copyright: IKARUS Security Software GmbH.
The second part is less technical and speaks about infected victims. Some users have irresponsible comportments that lead to infection. This can sometimes be resumed as: I have an Antivirus suite, I'm
Image Copyright: IKARUS Security Software GmbH.
Subscribe to:
Posts (Atom)
