Saturday, March 01, 2008

Ax Video Plugin

Ax Video Plugin is one of the latest fake codec/plugin in the block. The site uses the same old fake "Video ActiveX Object Error" messages to lure viewers to download their fake plugin installer named setup_axplugin.exe.

At the time of this writing, the Ax Video Plugin was sparsely detected at VirusTotal, and only 4 AVs managed to detect it. Here's a report from VirusTotal scan:
AntiVir - TR/Crypt.XDR.Gen
AVG - BackDoor.RBot.EA
Panda - Suspicious file
Webwasher Gateway - Trojan.Crypt.XDR.Gen

When setup_axplugin.exe is executed, it drops a bunch of malware files to %WINDIR% and creates few "Run" Registry keys to load these executables at system startup. These dropped files display fake security alerts, change Desktop wallpaper and try to download fake anti-spyware applications like SystemErrorFixer, SysCleaner and SpyBurner etc. This is how the Desktop looks after the infection!


Anonymous Anonymous said...

I got the same problem

can u just help me out

4:56 PM  
Blogger swatkat said...

You can download Avira AntiVir, and scan your PC with that. Also, you can use RogueRemover to remove all the junk/rogue software downloaded by Ax Video Plugin.

10:52 AM  

Post a Comment

<< Home