WinCodecPro

[Malekal_morte]

Thank to MAD

WinCodecPro est un codec qui soit disant améliore le rendu des vidéos et son.
Ce programme est bien sûr une arnaque.

Une infection de type Renos/Trojan.FakeAlert peut faire la promotion de faux programme en affichant des alertes stipulant que vous avez des problèmes de codecs, lecteur vidéos ou audio.





Les possibles alertes affichées par l'infection :

Fatal Error! The media system on your computer is corrupt. Update your video codec immediately to resolve this issue.
Warning! Fatal Error: Can't play audio video files. Update your video codec immediately to resolve this issue.
Warning: Internal error! Media player has been corrupted. Immediately update your video codec to resolve this issue
Fatal Error: Windows can't play the following media formats: AVI;ASF;WMV;AVS;FLV;MKV;MOV;3GP;MP4;MPG;MPEG;MP3;AAC;WAV;WMA;CDA;FLAC;M4A;MID. Update your video codec to resolve this issue.
Warning! Media codec has been destroyed. Risk of losing all your audio video files high. To resolve this issue, update your media codec immediately.
Warning: Critical media error! Your media driver is unstable. Video driver is corrupt and can no longer save your monitor settings. Driver is in critical mode. To restore your media drivers, update your video codec immediately.
Critical Media Error! Windows detected a fatal error in your media system. Your media codec has been corrupted. System can't play audio video files until this issue is resolved. Update your media codec immediately.
Warning! Your media codec is out of date. Press OK to update now.
Windows system error! Possible reasons: Media system crash, unable to play media files.

Le fond d'écran est aussi modifié, comme d'habitude, avec le message suivant :

Attention! Media components on your computer have been corrupted due to fatal error! Your system can't play audio video files and use media applications!

To resolve this issue and restore your system, update your media codec immediately!

et un lien vers le site de WinCodecPro : htxp://wincodecpro.com/purchase.php?id=1015



L'infection ajoute la ligne suivante sur HijackThis :

O4 - HKLM\..\Run: [WmpTray] C:\Program Files\MediaSystem\wmptray.exe

On assiste donc à une diversification puisque les rogues ne sont plus maintenant des antispywares ou des programmes pour nettoyer vore PC ou supprimer des traces.

[Malekal_morte]

Domain Name: WINCODECPRO.COM
Registrar: INTERNET INVEST, LTD. DBA IMENA.UA
Whois Server: whois.imena.ua
Referral URL: http://www.imena.ua
Name Server: NS1.WINCODECPRO.COM
Name Server: NS2.WINCODECPRO.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 12-feb-2009
Creation Date: 12-feb-2009
Expiration Date: 12-feb-2010

Domain Name: WINCODECPRO.COM

Registrant:
imena-pp-6b7d9ddbadd35264c00cf39f82b2ea27
Natalija Oreleckaja ([email protected])
Teatral'naja Pl. 13
Moskva
,67940
UA
Tel. +380.445732236

Creation Date: 12-Feb-2009
Expiration Date: 12-Feb-2010

Domain servers in listed order:
ns2.wincodecpro.com
ns1.wincodecpro.com


Administrative Contact:
imena-pp-6b7d9ddbadd35264c00cf39f82b2ea27
Natalija Oreleckaja ([email protected])
Teatral'naja Pl. 13
Moskva
,67940
UA
Tel. +380.445732236

Technical Contact:
imena-pp-6b7d9ddbadd35264c00cf39f82b2ea27
Natalija Oreleckaja ([email protected])
Teatral'naja Pl. 13
Moskva
,67940
UA
Tel. +380.445732236

Billing Contact:
imena-pp-6b7d9ddbadd35264c00cf39f82b2ea27
Natalija Oreleckaja ([email protected])
Teatral'naja Pl. 13
Moskva
,67940
UA
Tel. +380.445732236