Monday, December 8, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus, Total Secure 2009

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
rt, tah, cip, enaz, ot, er

Possible filenames are:
rtcipot.dll, rtciper.dll, rtenazot.dll, rtenazer.dll, tahcipot.dll, tahciper.dll, tahenazot.dll, tahenazer.dll

It displays alert messages with popups that download WinDefender 2009:

It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url , Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.