This trojan installs either IEDefender, Files Secure, or Malware Bell. The main file associated with the infection is below.
C:\Windows\netweb64c.dll
We have provided removal instructions for anybody unfortunate to have downloaded these applications.
Removal instructions for Malware Bell
Marcin Kleczynski
A new rogue by the name of Malware Bell has been discovered. It is installed via the IE Defender trojan. In this specific case, the file most responsible for pushing the software is ps16sys.dll, which is located in the Windows directory..
If you have seen any of the windows above on your computer, it is recommended that you follow these instructions. We have provided removal instructions for anybody unfortunate to have downloaded these applications.
Removal instructions for Malware Bell
Marcin Kleczynski
VideoAccessCodec has been updated. The codec installs the following files.
C:\Windows\rtqmekwg.exe
C:\Windows\qtvglped.dll
C:\Windows\pmsoarbf.dll
C:\Windows\omlbpkaw.dll
C:\Windows\npqtsrak.exe
We have provided removal instructions for anybody unfortunate to have been infected by this codec.
New Zlob has been released again. It installs the following files and registry entries.
C:\Windows\System32\vualf.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{12a31567-9883-4cc0-a684-ad5804394d69} = hemimorphite
We have provided removal instructions for anybody unfortunate to have been infected by this trojan.
A new Files Secure trojan is present. Below is the files and registry entries it creates. This trojan hijacks your search engine hits and recommends you purchase Files Secure. Removal instructions below.
C:\WINDOWS\winsurf.dll
HKLM\SOFTWARE\Classes\AppID\{1F91C786-BBA0-41D2-8B3D-B88242677BAC}
HKLM\SOFTWARE\Classes\AppID\winsurf.dll
HKLM\SOFTWARE\Classes\winsurf.AVideo
HKLM\SOFTWARE\Classes\CLSID\{1F91C786-BBA0-41D2-8B3D-B88242677BAC}
HKLM\SOFTWARE\Classes\Interface\{D263B532-C528-49E5-8BB6-80FA67332C9A}
HKLM\SOFTWARE\Classes\TypeLib\{7165223D-D2C9-422B-8126-411B11842B8B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91C786-BBA0-41D2-8B3D-B88242677BAC}
We have provided removal instructions for anybody unfortunate to have been infected by this trojan or Files Secure.
VideoAccessCodec has been updated. The codec installs the following files.
C:\Windows\spnkfwad.exe
C:\Windows\sgoblxtm.dll
C:\Windows\ogxtsepr.dll
C:\Windows\dsktbwfe.dll
We have provided removal instructions for anybody unfortunate to have been infected by this codec.
New Zlob has been released again. It installs the following files and registry entries.
C:\Windows\System32\rkvdr.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{65bbf06c-ea06-4818-92a3-f3550d0e1004} = asparagine
We have provided removal instructions for anybody unfortunate to have been infected by this trojan.
New Zlob has been released again. It installs the following files and registry entries.
C:\Windows\System32\dcggain.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} = important
We have provided removal instructions for anybody unfortunate to have been infected by this trojan.
Yes, an updated variant of Zlob has been released. It installs the following files and registry entries.
C:\Windows\System32\baoohy.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{f43bfc6c-47cc-4798-8798-a0721b8ed7ab} = enviva
We have provided removal instructions for anybody unfortunate to have been infected by this trojan.
MediaTubeCodec has been updated. The codec installs a few of the following files.
C:\Windows\stfngdvw.dll
C:\Windows\sxfnewqb.dll
C:\Windows\fkdnrwsv.dll
C:\Windows\dwltqnmx.exe
We have provided removal instructions for anybody unfortunate to have been infected by this codec.
Recent Comments