Monday, June 23, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: opus, sigma, nada, 64, 32, 16

Files could look like: sigma64.dll ...

and displays alert messages with popups:


Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\sgntu.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c27abdde-8a43-4a7f-81c0-3fc3c952284f}"="chicot"

It also installs Toolbar, BHO, Antispycheck Rogue software...

SmitfraudFix removes the infection.

Thursday, June 19, 2008

Zlob, fake download

Fake site proposing software download (or Keygen/Crack) installing a Zlob Malware.

Wednesday, June 18, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: da, co, i, def, pol, ni

Files could look like: dadef.dll ...

and displays alert messages with popups:


Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\funfsnv.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{99f8405b-63d1-421a-83bb-7b4b0642ac28}"="eulogical"

It also installs Toolbar, BHO, Antispycheck Rogue software...

SmitfraudFix removes the infection.

Tuesday, June 17, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: x, c, s, edif, osys, ecol, ns, pd, gd, a, o, y

Files could look like: cosysnsy.dll, xecolgda.dll ...

and displays alert messages with popups:


Use SmitfraudFix to remove the infection.

Monday, June 16, 2008

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\ksendlbt???.dll (where ? is a random caracter)
%WINDOWS%\vrmdtneg.dll
%WINDOWS%\xvorfwbd.dll
%WINDOWS%\wpvmqosg.dll
%WINDOWS%\neltabxw.exe
%WINDOWS%\e???.exe (where ? is a random caracter)

Use SmitfraudFix to remove the infection.

Zlob, fake download

Zlob infections are related to p0rn sites !
This used to be true but it is not anymore. After Fake Codec Errors , Fake Flash Errors, Fake Flash Version, Faked MP3 Download.
Zlob infections familly (Rogue installer Antispycheck/IEAntivirus, DNS Changer, VAC) is also spread on Fake Cracks/Warez Blogs or Fake Softwares Downloads WebSites.



Notice the "*100% checked by Antivirus" comment ;)

Sunday, June 15, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: t, p, b, a, o, u, pdf, sdg, pls, an, o, im

Files could look like: paplsan.dll, pasdgo.dll, tasdgo.dll ...

and displays alert messages with popups:


Use SmitfraudFix to remove the infection.

Friday, June 13, 2008

Routers DNS.Changer

A new version of DNSChanger trojan has been discovered. This time, the malware doesn't only affect the system DNS settings. It targets the router itself.

From a list of different routers URLs and a dictionary of default passwords, the malware brute force the web interface and hijacks DNS settings.


List of URL from various routers


Dictionary of default login:passwords


DNSChanger IP address in Ukraine

If the attack succeeds, all computers in the network using the router DNS settings are affected. The hijacked devise can redirects connections to a fake website.

See trustedsource.org and washingtonpost.com blogs.

Antispycheck 2.1.0

A new rogue, AntiSpyCheck, has been released. This rogue is automatically installed by a Zlob trojan.



Use SmitfraudFix to remove the infection.

Zlob

Zlob fake codec has been update. It drops the following file:

%SYSTEM%\kfcpnd.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}"="campaniform"

It also installs Toolbar, BHO, Antispycheck Rogue software...

SmitfraudFix removes the infection.

Monday, June 9, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it installs files with semi-random filenames, composed from fragment words: t, p, b, a, o, u, sant, post, sect, 32, 16a, 8x

Files could look like: tosant32.dll, pasant32.dll ...

and displays alert messages:


Use SmitfraudFix to remove the infection.

Thursday, June 5, 2008

VideoAccessCodec (VAC)

VideoAccessCodec has been update, it installs the following files:

%WINDOWS%\nogxfvbl???.dll (where ? is a random caracter)
%WINDOWS%\nmwegbsf.dll
%WINDOWS%\adgpfoxs.dll
%WINDOWS%\erpobmsw.dll
%WINDOWS%\xbqmfsed.exe
%WINDOWS%\e???.exe (where ? is a random caracter)

Use SmitfraudFix to remove the infection.

Monday, June 2, 2008

IE Defender, Files Secure, Malware Bell, IE Antivirus

IE Defender/Files Secure/MalwareBell/IE Antivirus Codec has been update, it still use the same dictionary to compose the filename but it displays a new message box with the registered user name (pixelized on the screenshot):



Use SmitfraudFix to remove the infection.