Monday, September 1, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
cf, df, lp, ax, ov, en, 32i, 32u, 32x

Possible filenames are:
cfax32i.dll, dfax32i.dll, lpax32i.dll, cfov32i.dll, dfov32i.dll, lpov32i.dll, cfen32i.dll, dfen32i.dll, lpen32i.dll, cfax32u.dll, dfax32u.dll, lpax32u.dll, cfov32u.dll, dfov32u.dll, lpov32u.dll, cfen32u.dll, dfen32u.dll, lpen32u.dll, cfax32x.dll, dfax32x.dll, lpax32x.dll, cfov32x.dll, dfov32x.dll, lpov32x.dll, cfen32x.dll, dfen32x.dll, lpen32x.dll

It displays alert messages with popups that download Total Secure 2009:

and hijacks Google searches:

Use SmitfraudFix to remove the infection.