Zlob fake codec has been update. It drops the following file:
%SYSTEM%\cwegus.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d5b7736-a3bc-4e5b-9fa2-1bcc3e587abb}"="evacuative"
It also installs Toolbar, BHO, AntivirusTrigger software...
SmitfraudFix removes the infection.
Sunday, November 30, 2008
Saturday, November 29, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
a, ax, v, vi, t, tu
Possible filenames are:
avt.dll, avtu.dll, avit.dll, avitu.dll, axvt.dll, axvtu.dll, axvit.dll, axvitu.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
a, ax, v, vi, t, tu
Possible filenames are:
avt.dll, avtu.dll, avit.dll, avitu.dll, axvt.dll, axvtu.dll, axvit.dll, axvitu.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Use SmitfraudFix to remove the infection.
Friday, November 28, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\ftfea.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{22ef8ba1-a18c-4ad3-ad84-01b95b581c5c}"="fractabling"
It also installs Toolbar, BHO, AntivirusTrigger software...
SmitfraudFix removes the infection.
%SYSTEM%\ftfea.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{22ef8ba1-a18c-4ad3-ad84-01b95b581c5c}"="fractabling"
It also installs Toolbar, BHO, AntivirusTrigger software...
SmitfraudFix removes the infection.
Thursday, November 27, 2008
Hosts file corrupted
A fake codec (stream_video_player.exe) is redirecting google's pages by corrupting the hosts file.
The file is a batch code compiled with Quick Batch File Compiler:
The file is a batch code compiled with Quick Batch File Compiler:
Monday, November 24, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\eebpj.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{854b8525-c907-4258-bc2e-7b118037419c}"="disaffiliation"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
%SYSTEM%\eebpj.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{854b8525-c907-4258-bc2e-7b118037419c}"="disaffiliation"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
da, sd, zs, she, ax, ol
Possible filenames are:
dazsax.dll, dazsol.dll, dasheax.dll, dasheol.dll, sdzsax.dll, sdzsol.dll, sdsheax.dll, sdsheol.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
da, sd, zs, she, ax, ol
Possible filenames are:
dazsax.dll, dazsol.dll, dasheax.dll, dasheol.dll, sdzsax.dll, sdzsol.dll, sdsheax.dll, sdsheol.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
Thursday, November 20, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\tiltmeo.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e0feeb92-908e-46d2-8a66-88c5295f2629}"="crimsonness"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
%SYSTEM%\tiltmeo.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e0feeb92-908e-46d2-8a66-88c5295f2629}"="crimsonness"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
Sunday, November 16, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\gowqug.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1f3dd9bf-1472-4a8b-b295-b596a597149b}"="behaves"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
%SYSTEM%\gowqug.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1f3dd9bf-1472-4a8b-b295-b596a597149b}"="behaves"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
Thursday, November 13, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\wakjs.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"="flaxen"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
%SYSTEM%\wakjs.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"="flaxen"
It also installs Toolbar, BHO, VirusTrigger software...
SmitfraudFix removes the infection.
Wednesday, November 12, 2008
VirusTrigger
A new rogue, VirusTrigger, has been released. This rogue is a new version of Virus Response Lab 2009. It is automatically installed by a Zlob trojan.
Use SmitfraudFix to remove the infection.
Use SmitfraudFix to remove the infection.
Tuesday, November 11, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ps, dz, g, h, uax, oil
Possible filenames are:
psguax.dll, psgoil.dll, pshuax.dll, pshoil.dll, dzguax.dll, dzgoil.dll, dzhuax.dll, dzhoil.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and install.
Use SmitfraudFix to remove the infection.
ps, dz, g, h, uax, oil
Possible filenames are:
psguax.dll, psgoil.dll, pshuax.dll, pshoil.dll, dzguax.dll, dzgoil.dll, dzhuax.dll, dzhoil.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and install.
Use SmitfraudFix to remove the infection.
Saturday, November 8, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
qip, vxf, auz, ecg, ax, kco
Possible filenames are:
qipauzax.dll, qipauzkco.dll, qipecgax.dll, qipecgkco.dll, vxfauzax.dll, vxfauzkco.dll, vxfecgax.dll, vxfecgkco.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
qip, vxf, auz, ecg, ax, kco
Possible filenames are:
qipauzax.dll, qipauzkco.dll, qipecgax.dll, qipecgkco.dll, vxfauzax.dll, vxfauzkco.dll, vxfecgax.dll, vxfecgkco.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
Friday, November 7, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\ebmkdz.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6b9a461b-893f-45ee-8c59-06d3a2223b24}"="cypselomorphae"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\ebmkdz.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6b9a461b-893f-45ee-8c59-06d3a2223b24}"="cypselomorphae"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
Thursday, November 6, 2008
SpywareGuard 2008
This fake AntiSpyware tool SpywareGuard 2008 detects infections on a clean system.
Use SmitfraudFix to remove the infection.
Thanks to MAD
Use SmitfraudFix to remove the infection.
Thanks to MAD
VideoAccessCodec (VAC)
VideoAccessCodec has been update, it installs the following files:
%WINDOWS%\xdsfqroe???.dll (where ? is a random caracter)
%WINDOWS%\mstoanrd.dll
%WINDOWS%\mqxvbdwk.dll
%WINDOWS%\fweqsvxo.dll
%WINDOWS%\nefstqdr.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
%WINDOWS%\xdsfqroe???.dll (where ? is a random caracter)
%WINDOWS%\mstoanrd.dll
%WINDOWS%\mqxvbdwk.dll
%WINDOWS%\fweqsvxo.dll
%WINDOWS%\nefstqdr.exe
%WINDOWS%\e???.exe (where ? is a random caracter)
Use SmitfraudFix to remove the infection.
Tuesday, November 4, 2008
Zlob
Zlob fake codec has been update. It drops the following file:
%SYSTEM%\qfrmwmq.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d54f12f7-4d76-4c39-a096-e51ef5d33f2b}"="displume"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
%SYSTEM%\qfrmwmq.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d54f12f7-4d76-4c39-a096-e51ef5d33f2b}"="displume"
It also installs Toolbar, BHO, Virus Response Lab 2009 software...
SmitfraudFix removes the infection.
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
hh, jo, ahg, fc, xda, sd
Possible filenames are:
hhahgxda.dll, hhahgsd.dll, hhfcxda.dll, hhfcsd.dll, joahgxda.dll, joahgsd.dll, jofcxda.dll, jofcsd.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
hh, jo, ahg, fc, xda, sd
Possible filenames are:
hhahgxda.dll, hhahgsd.dll, hhfcxda.dll, hhfcsd.dll, joahgxda.dll, joahgsd.dll, jofcxda.dll, jofcsd.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
Monday, November 3, 2008
IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009
IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
dip, lo, yn, if, xx2, sa
Possible filenames are:
dipynxx2.dll, dipynsa.dll, dipifxx2.dll, dipifsa.dll, loynxx2.dll, loynsa.dll, loifxx2.dll, loifsa.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
dip, lo, yn, if, xx2, sa
Possible filenames are:
dipynxx2.dll, dipynsa.dll, dipifxx2.dll, dipifsa.dll, loynxx2.dll, loynsa.dll, loifxx2.dll, loifsa.dll
It displays alert messages with popups that download WinDefender 2009:
It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url
Once installed, it connects to a server, downloads a config. file that contains various error messages to display and URL of malwares to download and installs.
Use SmitfraudFix to remove the infection.
Subscribe to:
Posts (Atom)
