IEDef family

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
dh, f, eg, of, oz, az, r, a

Possible filenames:
dhegozr.dll, dhegoza.dll, dhegazr.dll, dhegaza.dll, dhofozr.dll, dhofoza.dll, dhofazr.dll, dhofaza.dll, fegozr.dll, fegoza.dll, fegazr.dll, fegaza.dll, fofozr.dll, fofoza.dll, fofazr.dll, fofaza.dll

It displays alert messages with popups that download WinDefender 2009:


It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\ijofmsu.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2ecca339-c274-40e3-a582-ef4c0e917639}"="bussebuschke"

It also installs Toolbar, BHO, Antivirus Trigger software...

SmitfraudFix removes the infection.

IEDef family

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
fk, ul, im, in, jz, uv, g, e

Possible filenames:
fkimjzg.dll, fkimjze.dll, fkimuvg.dll, fkimuve.dll, fkinjzg.dll, fkinjze.dll, fkinuvg.dll, fkinuve.dll, ulimjzg.dll, ulimjze.dll, ulimuvg.dll, ulimuve.dll, ulinjzg.dll, ulinjze.dll, ulinuvg.dll, ulinuve.dll

It displays alert messages with popups that download WinDefender 2009:


It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Antivirus 360

Antivirus360 is a fake security software (rogue) from the same family as: Antivirus Sentry, PC Protection Center 2008, Antivirus 2010, eAntivirusPro, AntiMalware 2009, Micro Antivirus 2009, Vista Antivirus 2008, Antispyware 2008 XP, System Antivirus 2008, Internet Antivirus, Smart Antivirus 2009, MS Antivirus, Advanced Antivirus, Power Antivirus, XPert Antivirus.



SmitfraudFix removes the infection.

IEDef family

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
k, l, m, n, z, u, g, e

Possible filenames are:
kmzg.dll, kmze.dll, kmug.dll, kmue.dll, knzg.dll, knze.dll, knug.dll, knue.dll, lmzg.dll, lmze.dll, lmug.dll, lmue.dll, lnzg.dll, lnze.dll, lnug.dll, lnue.dll

It displays alert messages with popups that download WinDefender 2009:


It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\pgfshvp.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{50e9d039-fb50-4020-a841-1d226ae52b22}"="defroster"

It also installs Toolbar, BHO, Virus Response Lab 2009 software...

SmitfraudFix removes the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\elmnplw.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{341bd909-3367-4307-b37d-fb1cc56387ad}"="cacara"

It also installs Toolbar, BHO, Virus Response Lab 2009 software...

SmitfraudFix removes the infection.

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
rt, tah, cip, enaz, ot, er

Possible filenames are:
rtcipot.dll, rtciper.dll, rtenazot.dll, rtenazer.dll, tahcipot.dll, tahciper.dll, tahenazot.dll, tahenazer.dll

It displays alert messages with popups that download WinDefender 2009:


It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
g, h, c, z, o, e

Possible filenames are:
gco.dll, gce.dll, gzo.dll, gze.dll, hco.dll, hce.dll, hzo.dll, hze.dll

It displays alert messages with popups that download WinDefender 2009:


It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\gtckad.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{61d70260-527c-44e8-bb23-2243e93808d3}"="achromatic"

It also installs Toolbar, BHO, Virus Response Lab 2009 software...

SmitfraudFix removes the infection.

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
dj, ugs, ifv, ak, ot, er

Possible filenames are:
djifvot.dll, djifver.dll, djakot.dll, djaker.dll, ugsifvot.dll, ugsifver.dll, ugsakot.dll, ugsaker.dll

It displays alert messages with popups that download WinDefender 2009:


It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\pbhha.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{51e7273d-911a-445a-bf46-bd4b86b0e87b}"="fddi"

It also installs Toolbar, BHO, AntivirusTrigger software...

SmitfraudFix removes the infection.