Zlob fake codec has been update. It drops the following file:
%SYSTEM%\duzakwq.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7ca07c92-0ab2-4346-b119-a076695d46ed}"="hemielytron"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Friday, October 31, 2008
Personal Defender 2009
This fake AntiSpyware tool Personal Defender 2009 detects infections on a clean system.
SmitfraudFix removes the malware.
SmitfraudFix removes the malware.
Libellés :
Rogues,
ScreenShots
Thursday, October 30, 2008
WinDefender 2009
New Rogue released: WinDefender 2009. It is using the same GUI as Total Secure 2009.
SmitfraudFix removes the infection.
Thanks to Bharath
SmitfraudFix removes the infection.
Thanks to Bharath
Libellés :
IEDef,
Rogues,
ScreenShots
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\vimhx.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d04bbe06-7ce7-405e-8730-cd56d9531cbb}"="bismuthiferous"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\vimhx.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d04bbe06-7ce7-405e-8730-cd56d9531cbb}"="bismuthiferous"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Wednesday, October 29, 2008
Autorun Plasma
Yesterday, I received 2 new PC from my supplier. 2 computers with Windows and last updates. Nothing more, nothing less. Before delivering them to my customer, I checked if everything was Okay.
One of them was infected by VBS.Solow.b. This infection who spreads from USB keys and modifies IE title.
A brand new PC already infected !
I decided to code a quick and dirty program, AutorunPlasma, to place on USB keys root with its autorun.inf file. If the message is displayed when the key is insert, it is Virus Free...
One of them was infected by VBS.Solow.b. This infection who spreads from USB keys and modifies IE title.
A brand new PC already infected !
I decided to code a quick and dirty program, AutorunPlasma, to place on USB keys root with its autorun.inf file. If the message is displayed when the key is insert, it is Virus Free...
Libellés :
misc
Tuesday, October 28, 2008
Antivirus Sentry
Antivirus Sentry is a fake security software (rogue) from the same family as: PC Protection Center 2008, Antivirus 2010, eAntivirusPro, AntiMalware 2009, Micro Antivirus 2009, Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus.
SmitfraudFix removes the infection.
Thanks to MAD
SmitfraudFix removes the infection.
Thanks to MAD
Libellés :
Anti200X,
Rogues,
ScreenShots
Monday, October 27, 2008
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\rsdgbtkq???.dll (where ? is a random caracter)
%WINDOWS%\wvfsrqab.dll
%WINDOWS%\wfexqnrp.dll
%WINDOWS%\wvbegpqs.dll
%WINDOWS%\emnvoqgx.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
%WINDOWS%\rsdgbtkq???.dll (where ? is a random caracter)
%WINDOWS%\wvfsrqab.dll
%WINDOWS%\wfexqnrp.dll
%WINDOWS%\wvbegpqs.dll
%WINDOWS%\emnvoqgx.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
Sunday, October 26, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\gcqltg.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ba934431-76af-4c99-93c2-c3d21944a72e}"="gey"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\gcqltg.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ba934431-76af-4c99-93c2-c3d21944a72e}"="gey"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Friday, October 24, 2008
Internet Antivirus Pro
InternetAntivirusPro is a new rogue (fake security software). It belongs to the same family as Anti-Virus Number-1, Antivirus Sentry, Antivirus 2010, Micro Antivirus 2009, MS Antivirus, Smart Antivirus 2009, System Antivirus 2008, Antivirus 2009, Internet-antivirus
This rogue detects infections on a clean system. It displays alerts and messages to sell a license to remove those fake infections.
This rogue detects infections on a clean system. It displays alerts and messages to sell a license to remove those fake infections.
Libellés :
Anti200X,
Rogues,
ScreenShots
Thursday, October 23, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\bcxjqr.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e3623691-f85d-48d8-8e4d-abe79077f841}"="awash"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\bcxjqr.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e3623691-f85d-48d8-8e4d-abe79077f841}"="awash"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Wednesday, October 22, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
A new IEDef dropper has been released. It is using the same dictionary and same alert messages as previously.
Something new: it replace the original %SYSTEM%\userinit.exe by an infected file. Do not delete it, the system will not reboot ! A similar filename is used by Windows.
Each time Windows runs userinit.exe, the infected one is called and executes a backup of the Microsoft original file. If the infection is deleted/removed, the chain is broken and Windows will not boot.
This infection have been seen with another fake codec. It is new for IEDef.
You can use SmitfraudFix to remove the infection and restore the original Microsoft file.
Something new: it replace the original %SYSTEM%\userinit.exe by an infected file. Do not delete it, the system will not reboot ! A similar filename is used by Windows.
Each time Windows runs userinit.exe, the infected one is called and executes a backup of the Microsoft original file. If the infection is deleted/removed, the chain is broken and Windows will not boot.
This infection have been seen with another fake codec. It is new for IEDef.
You can use SmitfraudFix to remove the infection and restore the original Microsoft file.
Tuesday, October 21, 2008
VideoAccessCodec (VAC) + Total Secure 2009 (IEDef)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\aetlsrkn???.dll (where ? is a random caracter)
%WINDOWS%\bkqxdons.dll
%WINDOWS%\qnflkotm.dll
%WINDOWS%\vwnskbot.dll
%WINDOWS%\woprdagt.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
This infection installs Total Secure 2009 Rogue, which drops an IEDef infection:
%WINDOWS%\sysbase32.dll
%WINDOWS%\aetlsrkn???.dll (where ? is a random caracter)
%WINDOWS%\bkqxdons.dll
%WINDOWS%\qnflkotm.dll
%WINDOWS%\vwnskbot.dll
%WINDOWS%\woprdagt.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
This infection installs Total Secure 2009 Rogue, which drops an IEDef infection:
%WINDOWS%\sysbase32.dll
Libellés :
IEDef,
Malware,
Rogues,
ScreenShots,
VAC
Sunday, October 19, 2008
Spy Protector
This fake AntiSpyware tool Spy Protector detects infections on a clean system.
SmitfraudFix removes the malware.
Thanks snemelk.
SmitfraudFix removes the malware.
Thanks snemelk.
Libellés :
Rogues,
ScreenShots
Saturday, October 18, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\teoga.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2f199d0e-f3e7-41a7-a060-816c24cceea0}"="emaa"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\teoga.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2f199d0e-f3e7-41a7-a060-816c24cceea0}"="emaa"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
PC Protection Center 2008
PC Protection Center 2008 is a fake security software (rogue) from the same family as: Antivirus 2010, eAntivirusPro, AntiMalware 2009, Micro Antivirus 2009, Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus.
SmitfraudFix removes the infection.
SmitfraudFix removes the infection.
Libellés :
Anti200X,
Rogues,
ScreenShots
Friday, October 17, 2008
XLG Security Center
The fake AntiSpyware tool XLG Security Center detects infections on a clean system.
SmitfraudFix removes the malware.
Thanks to Malekal_morte.
SmitfraudFix removes the malware.
Thanks to Malekal_morte.
Libellés :
Rogues,
ScreenShots
Thursday, October 16, 2008
Virus Remover 2008
Virus Remover 2008 is a fake security software (rogue) installed with VAC infections.
Use SmitfraudFix to remove the infection.
Use SmitfraudFix to remove the infection.
Libellés :
Rogues,
ScreenShots
Wednesday, October 15, 2008
Malwarebytes' Anti-Malware (MBAM)
I have joined Malwarebytes' team as Malware Researcher.
Malwarebytes' Anti-Malware is a new easy-to-use, simple, powerful cleaning application against Malwares.
Malwarebytes' Anti-Malware is a new easy-to-use, simple, powerful cleaning application against Malwares.
Libellés :
misc
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ifs, go, n, p, du, fa
Possible filenames are:
ifsndu.dll, ifsnfa.dll, ifspdu.dll, ifspfa.dll, gondu.dll, gonfa.dll, gopdu.dll, gopfa.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
ifs, go, n, p, du, fa
Possible filenames are:
ifsndu.dll, ifsnfa.dll, ifspdu.dll, ifspfa.dll, gondu.dll, gonfa.dll, gopdu.dll, gopfa.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Tuesday, October 14, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
mi, mo, pin, pon, u, a
Possible filenames are:
mipinu.dll, mipina.dll, miponu.dll, mipona.dll, mopinu.dll, mopina.dll, moponu.dll, mopona.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
mi, mo, pin, pon, u, a
Possible filenames are:
mipinu.dll, mipina.dll, miponu.dll, mipona.dll, mopinu.dll, mopina.dll, moponu.dll, mopona.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Monday, October 13, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\eivrbsi.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{da75fab1-136e-4ead-834d-0e04fbd6edc1}"="euphuize"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\eivrbsi.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{da75fab1-136e-4ead-834d-0e04fbd6edc1}"="euphuize"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Friday, October 10, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\obicx.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fb357e54-83f1-4a3c-80a2-319201ed6c17}"="bisque"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\obicx.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fb357e54-83f1-4a3c-80a2-319201ed6c17}"="bisque"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Wednesday, October 8, 2008
SearchAndDestroy
Search And Destroy rogue can (should?) do better and be more aggressive to sell.
Libellés :
Digiweb,
Rogues,
ScreenShots
Antivirus 2010
eAntivirusPro is a fake security software (rogue) from the same family as: eAntivirusPro, AntiMalware 2009, Micro Antivirus 2009, Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus.
A component of the rogue displays an image of a BSOD followed by a Windows XP reboot animation.
SmitfraudFix removes the infection.
A component of the rogue displays an image of a BSOD followed by a Windows XP reboot animation.
SmitfraudFix removes the infection.
Libellés :
Anti200X,
DesktopHijack,
Rogues,
ScreenShots
Tuesday, October 7, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
msys, lsyst, amd, ipl, 32, 64
Possible filenames are:
msysamd32.dll, msysamd64.dll, msysipl32.dll, msysipl64.dll, lsystamd32.dll, lsystamd64.dll, lsystipl32.dll, lsystipl64.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
msys, lsyst, amd, ipl, 32, 64
Possible filenames are:
msysamd32.dll, msysamd64.dll, msysipl32.dll, msysipl64.dll, lsystamd32.dll, lsystamd64.dll, lsystipl32.dll, lsystipl64.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Sunday, October 5, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\oanlvs.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0ba3e00d-b660-46e6-a2db-2672ee82dc98}"="impetuousities"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\oanlvs.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0ba3e00d-b660-46e6-a2db-2672ee82dc98}"="impetuousities"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Friday, October 3, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
r, f, g, h, f, l
Possible filenames are:
rgf.dll, rgl.dll, rhf.dll, rhl.dll, fgf.dll, fgl.dll, fhf.dll, fhl.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Free Porn.url , Free MP3 Search.url, Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
r, f, g, h, f, l
Possible filenames are:
rgf.dll, rgl.dll, rhf.dll, rhl.dll, fgf.dll, fgl.dll, fhf.dll, fhl.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Free Porn.url , Free MP3 Search.url, Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Wednesday, October 1, 2008
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\nkefbltd???.dll (where ? is a random caracter)
%WINDOWS%\dkwqgnbe.dll
%WINDOWS%\neksolda.dll
%WINDOWS%\xgpsarbm.dll
%WINDOWS%\fkebanrw.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
%WINDOWS%\nkefbltd???.dll (where ? is a random caracter)
%WINDOWS%\dkwqgnbe.dll
%WINDOWS%\neksolda.dll
%WINDOWS%\xgpsarbm.dll
%WINDOWS%\fkebanrw.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
sd, gj, et, op, cs, li
Possible filenames are:
sdetcs.dll, sdetli.dll, sdopcs.dll, sdopli.dll, gjetcs.dll, gjetli.dll, gjopcs.dll, gjopli.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Free Porn.url , Free MP3 Search.url, Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
sd, gj, et, op, cs, li
Possible filenames are:
sdetcs.dll, sdetli.dll, sdopcs.dll, sdopli.dll, gjetcs.dll, gjetli.dll, gjopcs.dll, gjopli.dll
It displays alert messages with popups that download Total Secure 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Free Porn.url , Free MP3 Search.url, Search Online.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Subscribe to:
Posts (Atom)