We infected a system with mmcodecs (a relatively new fake codec variant) and have some screenshots to share with you.
You can see mmcodecs in this Google search result here (obviously, don’t go and install it):
So we install it and get a merry bunch of mayhem, with home page hijacking, desktop hijacking, a rootkit and more.
We gets a rootkit –– a DNS changer, no less!
It wants to sell us Safe-Strip (a rogue antispyware program). It really wants to sell us this program!
And it wants to sell us SystemErrorFixer (courtesy of Innovative Marketing). It really wants to sell us this program too!
Well, enough of that fun.
Sunbelt Sandbox results here, VirusTotal results here (pdf).
Alex Eckelberry and Patrick Jordan