Today someone posting as iedefender registered at CastleCops® and posted in the thread by the very same name. http://www.castlecops.com/p1017137-iedefender.html#1017137

Hello, we’re developers of IEDefender, our software is clean and is real antispyware. As we can see, people from your site send our exe to different antivirus and antispyware companies, trying to black PR our company. They’ve got answers, that our soft is clean, because IT IS CLEAN! We contacted Kaspersky, they also confirmed, there are no problems with our software, you can check our .exe with any popular antiviruses, there no problems! Stop sending your detractive mails and messages, in other case we would be forced to send all information to our lawyers and meet your representative in the court, where it would be very hard for you to prove, that our software is not real, because IT’S REAL ANTISPYWARE!

Give me a break. This craptacular “Rogue” Anti-Spyware application is fraudware. The IE Defender site is registered through ESTDomains, known as the registrar of record for several other fraudulent applications. Their website is hosted by InHoster also known for hosting several fraudulent applications and malware.

IE Defender finds it’s way onto your system via a fake video codec. Now IE Defender would like you to believe that this is because of some “Rogue” affiliate(s). Nice try fellas, that might work on someone else, a bit more naive then the folks you are currently engaging in a dialog.

Your software is detected as Malware, Fraudware, Risktool … etc, by Ad-Aware SE, Avira, Kaspersky, PrevX, Trojan Hunter, VBA32, WebWasher. More Anti-Virus, Anti-Spyware vendors will be detecting your Crapware very soon.

Then iedefender has the balls, to take a poke at RogueRemover by MalwareBytes. H’m, that’s interesting, just how many fraudulent security applications do you guys put out that are targeted by the very legit program, RogueRemover? Don’t even bother to answer that question. The answer would just be a lie. Just like all the lies you have told so far.

So, I have taken the liberty to put together a batch script to remove your malware and generally craptacular IE Defender “Rogue” Anti-Spyware application.

Download FixIEDef by ShadowPuterDude to the Desktop.

Direction for using FixIEDef can be found on the FixIEDef Web Page

Because of the speed at which new variants are released, FixIEDef may not have your particular variant added to the script. In that case, complete the steps in our Malware Cleaning Guide.

Start a new thread in the Malware Removal Forum of this site.

Attach the following logs:

1. ISeeYouXp log
2. HijackThis log
3. Both Online AV scan logs

(You must Register before posting anywhere on this board. Registering is 100% FREE)

Download Mirrors for FixIEDef:
http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe
http://hosts-file.net/download/fixiedef/fixiedef.exe
http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef
http://archives.mysteryfcm.co.uk/?f=Security/AntiMalware/Antispyware/F ixIEDef

EDIT: (03 November 2007) Added download mirrors

EDIT: (03 November 2007) Removed
[HKEY_CLASSES_ROOT\AppID\{0EEDB911-C5FA-486F-8334-57288578C627}]
 [HKEY_CLASSES_ROOT\CLSID\{0EEDB911-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0EEDB911-C5FA-486F-8334-57 288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB911-C5FA-486F-8334-57 288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer  \Browser Helper Objects\{0EEDB911-C5FA-486F-8334-57288578C627}]

Legit software, XunLei a Chinese P2P application, uses the same CLSID as the infection.

Enough with the Web 2.0 drivel.

There are all sorts of articles all over the place about Web 2.0, securing your Web 2.0 site, are you ready for Web 2.0; and the like

There is no such thing as Web 2.0. It’s all media hype. The core programs that drive the Internet have not changed. Web 2.0 was a term coined by O’Reilly for one of his conferences that the media seized on, and have hyped beyond ridiculousness.

Web 2.0 is nothing more than fluff, eye candy. Period. End of Story.

So, stop with this Web 2.0 drivel, already.

Long over due rant.

The 2.0.0.8 release fixed some 200 issues, but accidentally regressed a few things. Most users won’t see any difference or experience any problems, and those 200 fixes make the 2.0.0.8 update very valuable, but you should never have to choose functionality over security.

The specific problems are:

• Bug 400406 - Firefox will ignore the “clear” CSS property when used beneath a box that is using the “float” property. There is a temporary workaround JS/CSS code available for web developers with affected layouts.
• Bug 400467 - Windows Vista users will get “Java not found” or “Java not working” errors when trying to load Java applets after updating. To fix this, users can right-click the Firefox icon and “Run as administrator”, then browse to a page with a Java applet — doing this once will fix the problem and permanently restore Java functionality.
• Bug 396695 - Add-ons are disabled after updating. Users can fix this problem by opening their profile folder and removing three files (extensions.rdf, extensions.ini and extensions.cache)
• Bug 400421 - Removing a single area element from an image map will cause the entire map to disappear. There is no workaround available at this time.
• Bug 400735 - Some Windows users may experience crashes at startup. There is no workaround available at this time.

For a list of changes and more information, please review the Firefox 2.0.0.9 Release Notes.

If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

Download Firefox 2.0.0.9