IEDef family

IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
e, g, y, j, f, g, win, sys

Possible filenames:
eyfwin.dll, eyfsys.dll, eygwin.dll, eygsys.dll, ejfwin.dll, ejfsys.dll, ejgwin.dll, ejgsys.dll, gyfwin.dll, gyfsys.dll, gygwin.dll, gygsys.dll, gjfwin.dll, gjfsys.dll, gjgwin.dll, gjgsys.dll

It displays alert messages with popups that download WinDefender 2009 or IE-Security:


and alerts messages that redirect to fake online scanner.


It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

Total Virus Protection

Total Virus Protection (TotalVirusProtection) is a new rogue (fake security software). It belongs to the same family as Anti-Virus Number-1, Antivirus Sentry, Antivirus 2010, Micro Antivirus 2009, MS Antivirus, Smart Antivirus 2009, System Antivirus 2008, Antivirus 2009, Internet-antivirus



This rogue detects infections on a clean system. It displays alerts and messages to sell a license to remove those fake infections.

Anti-Virus Number-1

Antivirus-1 is a new rogue (fake security software). It belongs to the same family as Total Virus Protection, Antivirus Sentry, Antivirus 2010, Micro Antivirus 2009, MS Antivirus, Smart Antivirus 2009, System Antivirus 2008, Antivirus 2009, Internet-antivirus

IEDef rogues and XP Police Antivirus

A blog post on MAD shows a link between IEDef rogues and XP-Police Antivirus (in french).

IEDef family

IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
fe, gu, hy, jo, k, l, t, i

Possible filenames:
fehykt.dll, fehyki.dll, fehylt.dll, fehyli.dll, fejokt.dll, fejoki.dll, fejolt.dll, fejoli.dll, guhykt.dll, guhyki.dll, guhylt.dll, guhyli.dll, gujokt.dll, gujoki.dll, gujolt.dll, gujoli.dll

It displays alert messages with popups that download WinDefender 2009 or IE-Security:


and alerts messages that redirect to fake online scanner.


It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.

SmitfraudFixTool Rogue

SmitfraudFixTool is the new version of MalwareRemovalBot, a fake security software (rogue). It is using the same name as the real (and free) SmitfraudFix cleaner.
The rogue contain files and reference of another rogue application:SpyCleaner.
The company (Antispyware LLC) is also responsible of many other rogues like: RegSweep, ErrorSmart...




SmitfraudFixTool GUI


MalwareRemovalBot GUI

Thanks to sho-dan

MS Antispyware 2009

MS Antispyware 2009 is a fake security software (rogue) detecting fake malware infections and displaying lots of alerts messages.

Spyware Protect 2009

Spyware Protect 2009 is a fake security software (rogue) detecting malware infections on a clean system, and displaying lots of alerts messages.

IEDef family

IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
v, c, u, o, s, x, ext, it

Possible filenames:
vusext.dll, vusit.dll, vuxext.dll, vuxit.dll, vosext.dll, vosit.dll, voxext.dll, voxit.dll, cusext.dll, cusit.dll, cuxext.dll, cuxit.dll, cosext.dll, cosit.dll, coxext.dll, coxit.dll

It displays alert messages with popups that download WinDefender 2009 or IE-Security:


and alerts messages that redirect to fake online scanner.


It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.