Today, we are seeing a surge in the level of ridiculous and badly written delphi malware. It’s not a part of the zlob family that we wrote about last week, but there certainly is a fakealert somewhere in there. Can you find it?:
If you haven’t heard, and apparently some of our readers haven’t, in the course of trying to run videos on your system, you may be prompted to install what is really a phony video codec. One seems to be all the rage today and was at the very end of February, prompting the user to download and run “setup_axplugin.exe”.
This setup file may have a cute avi file icon once it is downloaded, as though it is going to install an appropriate piece of software to display that wholesome video you’re trying to view:
Setup_axplugin.exe drops and runs “sysockeu.exe” and a handful other files, which copies out “mywallpaper.bmp” and reconfigures your system and desktop to display the bitmap file, along with its bad grammar and mispellings that you saw in the first screenshot above: