Saturday, September 20, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ha, p, re, gy, 32, ss

Possible filenames are:
hare32.dll, haress.dll, hagy32.dll, hagyss.dll, pre32.dll, press.dll, pgy32.dll, pgyss.dll

It displays alert messages with popups that download Total Secure 2009:

At this time, there is no more extra dropper (users64.dat) in this version. But things could change quickly.

Use SmitfraudFix to remove the infection.