During the past months it has been possible to download an executable file called c-setup.exe. It promotes itself in a similar way as the normal Win32.TrojanDownloader.Zlob, but has a different behavior. You can find it at adult sites where it recommends the user to install a Video ActiveX Object to be able to play the desired video clip. If the user chooses to download and run c-setup.exe it will be forwarded to google.com.

The malware then opens the local browser and installs a Browser Helper Object, shown in the picture below.

The result will be that every time users chooses to open objects (folders) in Explorer or click on links in the local browser they will get security alerts which trick them into believing they are infected. The security alert will look like this:

Attention, USER! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted.This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!

Click OK to download the antispyware. (Recommended)

If the user clicks on the link it will display a new window where the user has the option to run, save or cancel the installation of IE Antivirus as the picture below shows.

It's a chain of "social engineer events" which leads to installation of one of the most annoying rogues out there. It looks like IE Antivirus is stealing the "normal Zlobs" business idea by tricking users from porno sites and make them believe they need a Video ActiveX Object to watch the movie.

Never ever click continue on Video ActiveX Object links, close the browser as fast as you can to avoid installation of IE Antivirus. They just want people to purchase their useless antivirus scanner for removal of malware which they themselves established on the system.