I guess you’re using IE? Its a BHO (browser helper object) which can be installed through exploit on IE silently. I guess your windows is not patched too for that to happen.

Fortunately BHOs can’t (by default) do much damage except do annoying stuff or fool you into downloading more dangerous program.

The problem with IE is aside from being a web browser, its also Window’s file manager so BHOs also runs when youre just browsing your files.

Get FireFox now and never use IE for Internet browsing.

godie’s last blog post..First True Mobile P2P Solution Developed in Philippines

To godie:
I don’t know how Firefox manages this threat, but I want to mention that neither IE nor Opera do. I’ll probably use FixIEDef, because I can’t get the warnings off my PC… despite two antiviruses scanning in turns and one more antispyware solution. No, they don’t conflict, but yes, they can do almost nothing.
I quite agree with the author… a rare kind of truly smart viruses… I’d be sorry for the lack of these, had they been less annoying.

Thanks it resolved my errors.

hey great work dude!!!!!!!!!!!!!
i also had same problem today i got it cleared…
!!! All Finshed !!!

It worked! Thank you!

Thnx DUde…. Maan this fraekin virus….
great post …tHANks million….

this dose not work for me, probably because i am running Vista.
i had this problem once before and got rid of it but i can’t seem to remember how but i can remember that u have to find it in regedit and remove it

Encontrastes la solución?
Entonces eres bueno, manolo, tio hombre!

FixIEDef has been updated to include the newest variant .

FixIEDef does run on Vista.

Any tool that alerts on FixIEDef as being a Trojan is incorrect. It is alerting on the signatures of files targeted by FixIEDef for removal.

If you are experiencing problems with FixIEDef; please visit my site and report issues in the bug tracker or start a support thread in the forum.

Thanks mate, it solved the popup when I was trying to enter the WINDOWS folder.

I’m glad to be helped.

run the program in safe mode!

cheers

Thank you Dennison. It resolved my problem too in one minute. God bless u!

OMG something that actually works first time with no probs at all.
I had this virus on xp using firefox, bin driving me mad for weeks, cleaned it up in seconds.
Thanks a lot.

Thought I might’ve had to resort to completely formatting the computer.. Thanks for this, fixed it in a matter of seconds .

thanks, i like this tools. verry good.

Windows Scripting is not working properly on your system.

For Windows XP, download and Install Windows Script 5.7
http://www.microsoft.com/downloads/details.aspx?FamilyID=47809025-D896-482E-A0D6-524E7E844D81&displaylang=en

For Windows 2000, download and install Windows Script 5.6
http://www.microsoft.com/downloads/details.aspx?FamilyId=C717D943-7E4B-4622-86EB-95A22B832CAA&displaylang=en#Requirements

Sorry, Windows Script 5.7 and Windows Script 5.6

Brilliant. Just brilliant. I was reading the comments and saw that some people who were running vista had problems. I ran it once and it was still there. So i just changed the compatability to xp service pack 2 and ran it in admin privileges and bam. G-O-N-E. Hope that helps anyone else. Thank you ever so much.

awesome ! thanks a billion !

I tried McAfee, AVG, Lavasoft, and a lot more BUT the virus DIDN’T DISAPPEAR.

This one finally works! Thank you very much.

THANK U M8!!! U ARE REAL HERO FOR ME. good luck in life.. hope these virus developers will rot and die.

Thank you so much. I finally got rid of that annoying thing. now i can work back again…. swiftly… Thanks again… U R d BEST!

thanks – worked – I’m switching to a mac as soon as I get some money , I’ve had enough so has Bill

Thank you!

Randy’s last blog post..UMASS Dartmouth Men’s Restroom – North Dartmouth, MA

wow tks lots for this GREAT help

Thanks a lot … u solved my problem

Another happy camper!! Thanks worked as advertised on XP system. Virus deleted in mere minutes.

Happy camper #2, thank you so very much!

Thanks for your excellent FixIEDef

Thanks, SPD. It’s great to have geniuses like u

Realmente me funcionó el programa, saludos.
Gracias

Kill the xmlsys.dll from taskmanager and delete following file to remove this virus.
C:\WINDOWS\system32\xmlsys.dll
Or use FixIEDef.exe to remove it.
Enjoy!!!!!!

Dani,

Then you have a variant that is not currently targeted by FixIEDef.

Visit my site and post a HijackThis log. That will give me some clue as to what is going on.

thanks a lot maaaaaan !!!

As the author of the tool.

This is not the support site for FixIEDef, this is simply a blog by Dennison about how FixIEDef solved the problem for him.

There is nothing wrong with your log, it is simply stating that FixIEDef found nothing to remove.

There are a few hundred variants of the IE Defender family of ‘Fake Alert’ Trojans. New variants are constantly being unleashed on unsuspecting surfers. Because of this there will be variants not included in FixIEDef’s database.

I am currently researching a new ’strain’ of the IE Defender ‘Fake Alert’ Trojan. An updated tool should be out tomorrow, if not tonight.

If you are experiencing problems with FixIEDef or something is not being removed, that you think should be targeted by FixIEDef; then you need to register at malwareteks, and start a support thread in the forums.

MalwarTeks is the support site for FixIEDef.

I just tried it, and it didnt work! What am I doing wrong!

hi,, lot of thanks to u.. it really work out!!

Thanks a lot for this fix… i too had that damn virus and after trying to get rid on my own i finally accepted that its beyond my capabilities and ended up here. Thanks again for the fix!

Thanks…Worked for me…

Im happy that good people like you are around
Thanks…

Thanks a million…i was worried about the virus

You’re my new hero! Ths

I noticed the author of that program came on briefly and in case he ever does again I just want to say THANK YOU. I ran some really great anti-virus and anti-spyware crap and nothing caught this son of a bitch except for yours! *BIG HUG*

Thank you guy, I was been mad to remove this virus, nothing detected it, but now this program worked very good to destroy it DDD

The FixIEDef log should be on your Desktop.

Hello, this removal tool doesn’t remove the IE virus on my computer. Please help me. The problem it’s same at Aleks.

First , this is not the OFFICIAL support site for FixIEDef.

I don’t know how many times I can say this before it sinks in.

Second,the authors of the IE Defender Family of ‘Fake Alert’ Trojans release at least 3 new variant’s each week.

There is no way that FixIEDef will be be able to remove every possible variant of the IE Defender Family of ‘Fake Alert’ Trojans..

If you suspect that you are infected with a variant of the IE Defender Family of ‘Fake Alert’ Trojans, post in Malware Removal Forum of malwareteks.com

Hi….I run this..but could not remove this virus….
the following is the out put log file:-

!!! Files that have been deleted !!!

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\*.*

——————————————————————————–

!!! Directories that have been removed !!!

No malicious directories to be removed

——————————————————————————–

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done

All I can say is thank you – I too was tearing my hair out.

Amazing ..awesome..excellent….realy thanx a milion

Couldn’t get to a fix because of the constant redirecting of my IE browser. Finally opened FireFox in order to get access to any website other than the one of the jackass who infected me. Good thing I already had that installed and operational.

BUT – as soon as I used The Fix, I found that now all of my files have changed so the extensions are visible in all of the names. I think there’s an easy fix to this, but… anyone else experiencing the same issue?

By the way, here’s the WhoIs info for the criminal who is responsible for this particular malware:

http://free-viruscan.com = [ 58.65.238.34 ]

(Asked whois.estdomains.com:43 about free-viruscan.com)

Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: FREE-VIRUSCAN.COM
Registrant:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Creation Date: 18-Jun-2008
Expiration Date: 18-Jun-2009
Domain servers in listed order:
ns2.free-viruscan.com
ns1.free-viruscan.com
Administrative Contact:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Technical Contact:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Billing Contact:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Status: ACTIVE

I can’t get onto the your website anymore shadow dude. did I get booted?

Try now.

The site software has an auto ban feature, that if flooding is detected it will automatically ban the IP if you are detected as clicking on pages to quickly.

I just removed a bunch of banned IPs that were Banned for Flooding.

As I stated earlier, the site software has built in protection against flooding. If you are moving between pages quickly the software will see this behavior as “Flooding” and will automatically ban your IP.

I have cleared all auto banned IPs, again this morning. You should now be able to reach the site.

Thanks bro!
It seems the problem is solved!

It worked.

I had this problem since I ran an ugly Keygen a few hours ago for a WM6 app. (so far I trusted on NOD32 so much that dared to run any exe, so far it always denied it if infected – this is first time I ran into a problem file that passed it)

Not even reboot or Safe Mode was needed, just run the exe and worked – no more pop-up on explorer clicks.

Thank you for the help and for the FixIEDef developer.

Thanks very much, it help in one minute, after i has problem from keygen.

rwmurrow,

All auto-bans have been cleared.

You are moving from page to page too quickly. The software sees this as “flooding” and if you continue to keep clicking on pages after the pop-up warning, you will be banned automatically.

This is a defense mechanism to mitigate DDoS attacks.

YOU ROCK MAN>> THANKS!! WAS JUST ABOUT TO REINSTALL!!!

sorry I got blocked again, I will be more careful.

…got the infection from keygen….

THANK YOU you are a lifesaver that was terribly annoying and i’ve never seen anything like it

Thxs i been trying to fix this problem for like a week
thxs to Dennison Uy for pointing this program out
thxs to ShadowPuterDude for developing the program

It didn’t work and the log show
!!! Files that have been deleted !!!

No malicious files found

——————————————————————————–

!!! Directories that have been removed !!!

No malicious directories to be removed

——————————————————————————–

!!! Registry entries that have been removed !!!

No malicious Registry entries found

Please could anyone help

Hi it only took a minute, and for now everything seems just dandy, thanx, if I get a problem I’ll repost.

thought i’d let you see a copy of my log, thanx again! happy campin everybody!

********************************************************************************
* *
* FixIEDef Log *
* Version 1.4.20.5956 *
* *
********************************************************************************

Created at 19:17:49 on Friday, July 11, 2008

Time Zone : (GMT-08:00) Pacific Time (US & Canada)

Logged On User : Pax

Operating System : Microsoft Windows XP Home Edition Service Pack 2
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel(R) Pentium(R) 4 CPU 2.00GHz

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 1039695872 bytes
Free Physical Memory : 678484 bytes
Total Virtual Memory : 2097024 bytes
Free Virtual Memory : 2054012 bytes

Boot State : Normal boot

——————————————————————————–

!!! Files that have been deleted !!!

C:\Program Files\Codec Pack – All In 1\DivXconfig.exe
C:\Program Files\Codec Pack – All In 1\ac3filter.ico
C:\Program Files\Codec Pack – All In 1\DivXSetup.ico
C:\Program Files\Codec Pack – All In 1\dvobsub.ico
C:\Program Files\Codec Pack – All In 1\ffdshow.ico
C:\Program Files\Codec Pack – All In 1\g400.ico
C:\Program Files\Codec Pack – All In 1\ie.ico
C:\Program Files\Codec Pack – All In 1\irunin.bmp
C:\Program Files\Codec Pack – All In 1\irunin.dat
C:\Program Files\Codec Pack – All In 1\irunin.ini
C:\Program Files\Codec Pack – All In 1\irunin.lng
C:\Program Files\Codec Pack – All In 1\Thumbs.db
C:\Program Files\Codec Pack – All In 1\verze.txt
C:\Program Files\Codec Pack – All In 1\xvid.ico
C:\WINDOWS\system32\nvgflt.dll

——————————————————————————–

!!! Directories that have been removed !!!

C:\Program Files\Codec Pack – All In 1

——————————————————————————–

!!! Registry entries that have been removed !!!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind “comment”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFE59EC6-5491-4EF3-BA0D-77B0D895B4F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4937D5D1-2039-409A-BD83-FEC9B39B2356}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFE59EC6-5491-4EF3-BA0D-77B0D895B4F7}

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

Hey Dude ! thnx a lot ! its all happened just like that and the virus vanished

Worked great and quick. Thanx a lot.

Thank you. It worked great.
I tried few antivirus and spyware softwares before this and none worked.

Brilliant!!

thanks — really helped — usually very careful not sure how it happened though!

Thank you so much, my computer just got infected with this today and Firefox did not solve the problem… I have a terrible history with computers and this is the family’s computer, my parents threatened to never by me a electronic device again if I recked it… anyway sorry to ramble on but i just want to say thank you so much for this post

THANK YOU, THANK YOU, THANK YOU!!!

I was ready to call McAfee and pay $2.95 per miniute
If I could hug you I would – I’m hugging my puter instead.

Thanks again!

Thanks man really worked, cool dude thanks again

i used this program it works perfectly. althought mcafee didnt find the rat this fixed it . now i can click my computer safely and anydocuments i have. i had the rat for 5 minuets and its gone now . tyvm

Had the issue earlier, googled it and came to this blog. Tried the program and it worked like a charm, thanks a lot!

thank you, thank you, thank you so much…

this program was so great !!!!!!!

Hi, thanks for the program, fixed all my problems

AJ, i got version: 1.5.0.94854…….

dunno know if its the latest version, but it seems like it

Can someone please help! I had the the first time, and used this and it worked. Now I have it again, and I used it again and it still has that pop up! PLEASE HELP!

thank u so much . it’s so great

Thanks, Man !! This saved my day. The bloody trojan didnt allow me to access any internet pages, as every click used to try taking me to the ‘free-virsucan.com…’ site. Finally I had to install mozilla browser to search for help and then run this utility.

Thanks a ton !!

I luv you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! lol
eset failed me
Thanks alot man cause that virus was pissing me of!

Also adding my thanks. Hopefully it’s gone, although I didn’t get a log or anything, it just ran a scan and then said scan finished. Does this sound right?

thankz alot man

Thanks so much !!! FixIEDef saved my life!!!

Thanks a lot, it helped:)

Thanks for the advice

thanks a lot..its working very fine…and solved my problem

i tried both in normal and safe mode.nothing happened.please give me an advice on how to remove that friggin virus of my pc. :@

thanx a bunch!!

Thanks a lot. I had the same problem and had made up my mind to reinstall my system.Finally Tried “FixIEDef “.It worked like a dream and solved the Problem.

Just want to say I was honestly skeptical about downloading this and was not sure but I took the leap of faith and it took care of the virus.

Thank you very much.

thnks man you are a genious…..

Thank you SOOOOO much…I just spend 3 hours figthting this thing…on a BRAND NEW computer! Was ready to throw it out the window until I found this…so THANX!!!!!!!

woo hoo! worked like a champ

very helpfull , thanks

very very very thank you.. i have gone crazy about this f*cking thing… I guess it completely removed from my comp. thanks dude

Thank you very much for this information! It worked like a charm and will keep it for future use!

Thanks! Worked for me:)

Grazie mille io sono italiano e avevo questo virus da giorni grazie a te ho risolto il problema sei il migliore!

Thank u too the author, jesus fucking christ, i spent hours fucking with other spyware programs, if the man who designed this program put up a paypal id send him a few dollars, lol

thanks!!! you are a life saver.

You know what? i love you guys! seriously! lol anyways this fixed it, it wasn’t much of a threat just annoying xD
so Thankyou!!!!!!!!

Thank you all for the words of appreciation. To answer Supreme Victory’s question, the author ShadowPuterDude does have a Paypal account. Just click on the donation link on his home page at http://www.malwareteks.com/

i dont think it worked, it reads for me

!!! Files that have been deleted !!!

——————————————————————————–

!!! Directories that have been removed !!!

No malicious directories to be removed

did it work, or not? please email me.

dude
thnx a lot.

Thank You Dennison! I was very worried when the results of the scan using nod said that my laptop was clean, when I knew it had a virus; your post totally solved my problem.

Olá, tenho uma duvida sobre Virus e gostaria aqui dividir com todos e quem sabe ser esclarecido por alguem.

É o seguinte: Ando tentando encontrar uma KEYGEN pra ativar os complementos do Adobe CS3. Bom, o fato é q todo vez q encontro e baixo uma desses Geradores de Codigos meu Anti-Virus detecta em cada um deles alguns virus como “Trojan”. Ja li alguma coisa sobre e alguns dizem ser eles inovencivos pq os Antivirus acusam tais “programinhas”. Qual a opniao de vcs?

Muito Obrigado pela atençao.
Grato!!

Thanks, Its works

Thanks buddy,

You just save lie life. I apply all the techniques to get rid of this sit but nothing work. This exe work like a miracle.

it did work for me, but after so many files deleted, it just started right over, is there something i missed?

It’s been a while since I’ve check Dennison’s blog.

This is not a Virus, it’s a Trojan. There is a difference. Also this is not a remote Access/Administration Tool (RAT), it is a Downloader.

The Trojan connects to a specific URL looking for instructions on what to download next. For the past year it’s singular behavior is to display fake warnings every time you open Internet Explorer or Windows Explorer in an attempt to get you to download and purchase a rogue security application. They are after your money.

I know exactly what this does to your system, I’ve been tracking these guys for nearly a year, and run complete forensics on what this thing does to your system. Each and every time they release a new downloader. Which is 3-5 times a week. FixIEDef removes this Trojan completely from the system. Removes all files and registry entries added by the dropper.

Since the perpetrators of this fraud , change the infection frequently; FixIEDef doesn’t always contain the newest variant. I normally have the new dropper within minutes of its release onto the net. I’m not the only one watching these criminals. Unless I have to code entirely new routines and functions, FixIEDef is updated and published within an hour or two of the new variant being released.

If the new variant requires new routines and functions, then it may take a day or two before the tool is updated and published for general release. New code requires extensive testing before release.

This did nothing for me, still getting the same pop ups, adaware, avg and windows defender also doing nothing.

Ok, I think it’s safe for me to say (touch wood) that my computer is now running normally. Windows Live One Care advises the removal of AVG and (after spending ages trying to uninstall it and scanning with various other applications) AVG went and my PC returned to normal.

Needless to say, I’m confused. Did the trojan originally mentioned in this blog download something that attacks AVG? To be quite honest, that’s the only thing I can think of.

Anyway, thanks again. Without this blog I’d still have those annoying “system error” messages!

THANK YOU!! :]

[...] ku minta bantuan om ku, yakni om gogel, dan finnaly ketemu juga yang kucari2. Baca Artikel ini atau untuk download Removal [...]

Thanks alot man,
that was getting real annoying..but that program worked,
even tho it was a slightly different virus

@Phil I believe your computer may still be infected by a different virus. Another possible cause is having too many applications running on the background. Hope that helps.

Thanks a lot for putting together this blog, mate. Although my problems aren’t all fixed yet it has at least given me some hope.

I was getting those exact “Attention, some dangerous trojan horses detected” messages, and the FixIEDef seems to have stopped these pop ups for now. It deleted a file: c:\Windows\system32\tbs.dll. No registries were deleted though.

But, on top of those messages, something has really slowed down my Windows. Since the FixIEDef fix it has sped up slightly but it is still hoplessly slow. Spydoctor and AVG can’t find anything. I’m currently downloading the trial of Windows Live One Care which has got rid of the most malicious and undetectable files I’ve had in the past… but the way things are going, I’m not holding my breath.

Any more advice or info would be much appreciated, guys.

you know what really makes me happy?
people like you who take the time to research the cure of this virus and then share it with other people, if there were more people like you on this earth we would probably completely rid the world of faggot virus geeks who have no life and get off on destroying peoples computers

you are honestly a saint, you fixed my machine from being hacked, you fixed my family from a potential secret information retrieval, and YOU have made a kid very happy so bless you! and well done and thankyou so very much!! thankyou thankyou thankyou! you are a bloody legend mate well DONE!

Oh my goodness, thank you so, so, so, so much!!!!!

greetings from Holland by the way…

Wow, it saved me so much headache in this month of Ramadhan !!!

Thank You.

Thnx a lott brother, it worked

Many thanks from Albania. It worked perfectly

Thanks!

hey why dont u guys chat wit me

Really really really thanks to you and ’shadowputerdude’. Thank you veeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeerrryyy much!!!!!!!. It was a headache for me for 3 days.At last I got rid of that damn thing.Oh god , so annoying.I thank you once again for putting up this matter on this blog.

wow!…
thank u very much..
thanks a lot!!!!!
that fuckin virus already gone..
thanks!!!!

I actually had this trojan on a laptop of mine and it caused complete havoc. I could not figure out how to get rid of it and eventually it ended up with a root kit. I had to reinstall the entire operating system and hope that the rootkit was still not there. Thanks for the great tips on getting rid of this.

[...] AM If you are facing the problem with following Warning! box on your computer Preview Click Here to solve it [...]

again…I would have collapsed if there is no such a virus cleaner….
thank you very very much