MalwareTeks Blog

Before proceeding with these removal instructions you will want to download all tools and print the instructions.

Download to your desktop FixIEDef

If you are connected via a router, download the User’s Guide for your router if you don’t have one on-hand.

Now disconnect your computer from the router and power off your router.  Next on the underside of the router should be a little red reset button that is slightly recessed.  Press and hold the reset button for a least 10 seconds.  This is going to reset the router to factory defaults.

Run FixIEDef (Instructions for use can be found at the FixIEDef Webpage)

Now let’s reset the DNS Settings for your computer:

1. Click Windows menu go to Start > Run (if you’re using Vista the search box).
2. Type “cmd”. (This will open the command console).
3. Type the following commands, exactly as shown, pressing the enter key after each command:
ipconfig /release
ipconfig /renew
exit

The command console will exit after the last command is entered.

Now reboot your computer.

Reconnect the router to the computer, turn it on and configure your router. This is where you need the User’s Guide for your router.

If for some reason this does not work, start a thread in the Malware Removal Forum, you must be a registered member of the site to post in the forums.

By Jack M. Germain
LinuxInsider
Part of the ECT News Network
03/25/08 4:00 AM PT

The Linux operating system is not immune to virus infections, although Linux-specific viruses are extremely rare. Linux servers face more risk of virus attack than Linux desktops. That said, IT security and control firm Sophos recently issued a warning about potential virus infections targeting Linux servers that could pose risks to the Linux operating system. Sophos researchers warned Linux users of the importance of properly securing their Linux systems following findings from SophosLabs that a 6-year-old threat known as “Linux/Rst-B” is still infecting computers and servers. [More...]

Since, writing and making FixIEDef available to the general public; free of charge of course; I’m starting to get some feed back from users that were infected by this piece of fraudware.

Comments can be viewed here: http://blog.malwareteks.com/?p=163#comments.

Also started receiving email feed back.

Rick said:

Dear ShadowPuterDude,

I just wanted to extend a thank-you for taking a stand against those assholes at IE Defender and not only calling them out on the carpet but by writing and providing the FixIEDef utility. I was infected the first time and was able to find the .dll that was causing the problem and delete it. But not two days later a new version that was almost impossible to correct and had me ready to throw my laptop out the window. I am a bit of a tech guy and this virus kicked my ass and had me on my last nerve as my IE was useless because the error message would not go away. I wrote to the IE Defender guys and got an e-mail back saying that they don’t hijack systems they fix them…… I found your script and I had everything fixed in moments. So again thank-you for your time and effort to help guys like me deal with a very nasty problem. You have a new fan and supporter of your site and what you do.

Sincerely, Rick <Last Name Removed>

Email message edited for format and spelling.

So, In you face! IE Defender.

FixIEDef can be download from the following locations:

Primary Download location:
MalwareTeks: http://downloads.malwareteks.com/FixIEDef.exe

Download Mirrors for FixIEDef:
http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe
http://hosts-file.net/download/fixiedef/fixiedef.exe
http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef
http://archives.mysteryfcm.co.uk/?f=Security/AntiMalware/Antispyware/F ixIEDef

Instructions: See http://www.malwareteks.com/FixIEDef.php

Today someone posting as iedefender registered at CastleCops® and posted in the thread by the very same name. http://www.castlecops.com/p1017137-iedefender.html#1017137

Hello, we’re developers of IEDefender, our software is clean and is real antispyware. As we can see, people from your site send our exe to different antivirus and antispyware companies, trying to black PR our company. They’ve got answers, that our soft is clean, because IT IS CLEAN! We contacted Kaspersky, they also confirmed, there are no problems with our software, you can check our .exe with any popular antiviruses, there no problems! Stop sending your detractive mails and messages, in other case we would be forced to send all information to our lawyers and meet your representative in the court, where it would be very hard for you to prove, that our software is not real, because IT’S REAL ANTISPYWARE!

Give me a break. This craptacular “Rogue” Anti-Spyware application is fraudware. The IE Defender site is registered through ESTDomains, known as the registrar of record for several other fraudulent applications. Their website is hosted by InHoster also known for hosting several fraudulent applications and malware.

IE Defender finds it’s way onto your system via a fake video codec. Now IE Defender would like you to believe that this is because of some “Rogue” affiliate(s). Nice try fellas, that might work on someone else, a bit more naive then the folks you are currently engaging in a dialog.

Your software is detected as Malware, Fraudware, Risktool … etc, by Ad-Aware SE, Avira, Kaspersky, PrevX, Trojan Hunter, VBA32, WebWasher. More Anti-Virus, Anti-Spyware vendors will be detecting your Crapware very soon.

Then iedefender has the balls, to take a poke at RogueRemover by MalwareBytes. H’m, that’s interesting, just how many fraudulent security applications do you guys put out that are targeted by the very legit program, RogueRemover? Don’t even bother to answer that question. The answer would just be a lie. Just like all the lies you have told so far.

So, I have taken the liberty to put together a batch script to remove your malware and generally craptacular IE Defender “Rogue” Anti-Spyware application.

Download FixIEDef by ShadowPuterDude to the Desktop.

Direction for using FixIEDef can be found on the FixIEDef Web Page

Because of the speed at which new variants are released, FixIEDef may not have your particular variant added to the script. In that case, complete the steps in our Malware Cleaning Guide.

Start a new thread in the Malware Removal Forum of this site.

Attach the following logs:

1. ISeeYouXp log
2. HijackThis log
3. Both Online AV scan logs

(You must Register before posting anywhere on this board. Registering is 100% FREE)

Download Mirrors for FixIEDef:
http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe
http://hosts-file.net/download/fixiedef/fixiedef.exe
http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef
http://archives.mysteryfcm.co.uk/?f=Security/AntiMalware/Antispyware/F ixIEDef

EDIT: (03 November 2007) Added download mirrors

EDIT: (03 November 2007) Removed
[HKEY_CLASSES_ROOT\AppID\{0EEDB911-C5FA-486F-8334-57288578C627}]
 [HKEY_CLASSES_ROOT\CLSID\{0EEDB911-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0EEDB911-C5FA-486F-8334-57 288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB911-C5FA-486F-8334-57 288578C627}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer  \Browser Helper Objects\{0EEDB911-C5FA-486F-8334-57288578C627}]

Legit software, XunLei a Chinese P2P application, uses the same CLSID as the infection.

Mammary stick malfunction

By Dan Goodin in San Francisco
Published Friday 5th October 2007 22:39 GMT

Ohio state legislator Matthew Barrett was supposed to give a group of high school seniors a civics presentation using PowerPoint slides he had prepared on how a bill becomes a law. What they got was an anatomy lesson when the computer he was using displayed the image of a topless woman.

The busty photo appeared shortly after Barrett inserted a memory stick into a school computer. He said there were several snickers from the 20 or so students in the senior government class at Norwalk High School.

[Full Article at The Register]