As I’m ‘playing around’ with Zlob-installing programs, like the fake codecs, and blogging about the most exceptional ones like this, this and this one, I wanted to write about something else …

I really tried to … honestly! And I almost succeeded …

So, here is the story of the “Wannabe a Zlob-installer”-fake codec called VCodec2007.

It even uses one of the webpage-layout of EstDomains.

But EstDomains is not the service-provider. Click Media takes that honour. And it doesn’t try to install a Fake Malware-scanner … or does it.

After downloading and installing VCodec2007.exe, there will be 2 new folders:

• - VideoBox, with just a uninstallation-file.
• - WinAntSpyPro, with 3 files; mstss32.ini, mstss.exe and plugin.exe.

The 3 files in the WinAntSpyPro (what’s in a name) are the files that maintain a hijacking of the search-functions of Internet Explorer.

That causes you to go to all kind of malware-containing sites (and can even send you on a rollercoaster-tour to several sites of Fake Malware-programs like WinAntiSpyware, ErrorSafe, DriveCleaner and more of those fakers), every time you use those hijacked search-functions.

There even is a fake malware-warning in the taskbar, like we see them with a real Smitfraud-infection!

For me, looking back at my first article about VCodec2007, remains the question WHY.

Why does anyone, with all his/her marbles counted for and in the right order, want to mimic a fake codec-site?

Is it someone that wishes to annoy EstDomains? Or Is it a prankster, playing a sick joke on us?

Or is EstDomains itself trying to be funny?

I have no idea, yet. But I have the feeling, that this won’t be the last we hear of fake EstDomains-sites.

… and I can assure you that I will follow the events and tell my stories time and time again.

Anyway, you can read my full story here.

If you want to talk with us about this fake fake-codecs, fake codecs or fake malware-scanners (in general), you’re very welcome too in our forum.

If you think or know that you have VCodec2007 on your computer, then we be more then glad to help you getting rid of it in our HijackThis-section.

Disclaimer:
“Security Cadets and myself, jahewi (the author of the article), write these blogs to warn people about fake malware-scanners, like VirusBursters, and other fake, malware-installing programs, like the fake Codecs.

Let me be absolutely and perfectly clear about them;

• Those programs are wicked and must be considered dangerous!
• We are not responsible for those fake scanners and we are certainly not the owners.

Please, read these blogs with this statement in mind and never ever install or buy VirusBursters or any other program, wich we are warning you about. “