Life, the Universe, and Everything
A day in the life of an audio visual junkie
How to fix the “Attention, some dangerous trojan horses detected” virus
Author: Dennison Uy22 Jun
I recently fixed a machine that got infected by a virus that works like this: every time you click on a directory, an error message gets displayed that goes like this:
bq. Attention, [name]! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
This error message is then followed by a dialog box. Clicking on it takes you to the website http://free-viruscan.com/id/4912933/4/1/ (WARNING: The website is a FAKE meant to deceive the visitor into downloading and executing a program that will create more virii. Do not interact with it).
Normally it takes me 5 minutes to find a kill a virus but today I was stumped. The way the virus operated was unusual. It does not load any memory-resident programs. It does not get loaded on startup. It does not run a service.
Finally convinced that this was beyond my own power, I downloaded and ran HijackThis. Still nothing. Now things were getting real interesting. I did not want to resort to using an antivirus. That would be too easy. I wanted to know what exactly the virus does and how.
After what seemed like hours of research I finally came upon the FixIEDef program developed by ShadowPuterDude of Malwareteks. Ran it, it was bye bye virus. The logs showed the following entries:
!!! Files that have been deleted !!!
C:\WINDOWS\system32\dadef.dll
C:\WINDOWS\system32\dapol.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\tmp.txt!!! Registry entries that have been removed !!!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind “comment”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FF811E6-8925-4084-A649-C159955E67E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “KernelFaultCheck”
Wish I knew more about how it worked, but I guess I should be happy and contented for now that the virus is gone.
Addendum:
It appears that a new strain of this “dangerous trojan horses” virus comes out almost every week, if running the program does not solve your problem, or if you have any support requests, please visit the official website at http://malwareteks.com/. Note again that I did not create this program. ShadowPuterDude did. Hence, I cannot provide any support 
PhotoStream
Categories
- Animals
- Blogging
- Bored
- Business
- Cars
- Cool
- Design
- Development
- Downloads
- Entertainment
- Environment
- Events
- Experimental
- Finance
- Food
- Funny
- Gaming
- Health
- Inspiration
- Internet
- Literature
- Love
- Me
- Movies
- Music
- Philantrophy
- Philippines
- Philosophy
- Photography
- Poetry
- Politics
- Quotes
- SEO
- Social
- Software
- Sports
- Technology
- Theology
- Toys
- Uncategorized
- Videos
- Web2.0
- Work
- World
Recent Comments
- BokSnunkobelo: Очень понравился ваш блог! Подписался
- angela: ginawa lahat ni DRA. BELO
- angela: hi,ipapahayag ko lang ang aking
- racercode: My paypal account is Limited
- Tima: Ooh ma Gosh!!! i luv
- Yep.: I'm right there with you.
- Amelia: Ha Ha I'm probably a
- Bertholemeuw: Try to contact google.
- Google AdWords keeps declining my Unionbank E-On VISA card
What’s wrong? | Life, the Universe, and Everything: [...] to use my UnionBank - Dennison Uy: @Jake maybe you should try
Blogroll
- Antonette Uy
- Sean Uy
- Jack Galt
- Jobert
- Christine Yap
- Neil
- Marhgil Macuha
- Marilli Malaki
- Sherrie Sison
- Chalky
- Ashier de Leon
- Jose Illenberger
- JR Ignacio
- Nestor Tan
- Bel Ragay
- Kyo Suayan
- Rico Sta. Cruz
- Jeff Mendoza
- Brownspank
- John Bee Corpuz
Links
- CSS Vault Blog
- CODESIGN Studios
- Philweavers
- CSS Vault
- Spinweb Productions
- ACTS
- The Tea Square
- QWERTY Concepts
- WHC
- Earn money online with
Archives
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- January 2007
Badge-O-Rama!
Leave a reply
255 Responses for "How to fix the “Attention, some dangerous trojan horses detected” virus"
again…I would have collapsed if there is no such a virus cleaner….
thank you very very much
tanks, tanks, Very Very TANKS!!!
Its horrable experience. but I fix it.
Your post save my laptop.
thankyou. (>.
[…] AM If you are facing the problem with following Warning! box on your computer Preview Click Here to solve it […]
Thanks for this it is a great help. Stumped me too and no AV was helping.
I actually had this trojan on a laptop of mine and it caused complete havoc. I could not figure out how to get rid of it and eventually it ended up with a root kit. I had to reinstall the entire operating system and hope that the rootkit was still not there. Thanks for the great tips on getting rid of this.
Thanks so mutch for this. I though I was goina get sacked for putin a virus (unknowingly) on my company laptop. Thanks so mutch for showin me how to removie it you have saved my job.
wow!…
thank u very much..
thanks a lot!!!!!
that fuckin virus already gone..
thanks!!!!
thanks for the link! excellent program.. =)
Really really really thanks to you and ’shadowputerdude’. Thank you veeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeerrryyy much!!!!!!!. It was a headache for me for 3 days.At last I got rid of that damn thing.Oh god , so annoying.I thank you once again for putting up this matter on this blog.
Hey guy… thanks for the help with that blinking virus… the program really did the trick… and so quick too. No support needed (^-^)… thanks also to ur guy ShadowPuterDude, im glad he’s on our side… thanks again!!
hey why dont u guys chat wit me
hey hav u gotta mesge.pls tell me about yours nex up coming album
Thanks!
Thanks a lot dear friend. Even I was totally foxed by this pest. The remedy worked for me and also restored my mental balance too. I offer my gratitude to you for offering me this solution.
Many thanks from Albania. It worked perfectly
hey , its so wonderful , thanks a lot .
Thnx a lott brother, it worked
thanks a milli puterdude and thanks to Dennison Uy for the post! saved me mad time!
Wow, it saved me so much headache in this month of Ramadhan !!!
Thank You.
Warm Greetings …
*********************************
!!! Files that have been deleted !!!
C:\WINDOWS\WLXPGSS.SCR
C:\WINDOWS\System32\jadz.dll
——————————————————————————–
!!! Directories that have been removed !!!
No malicious directories to be removed
——————————————————————————–
!!! Registry entries that have been removed !!!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind “comment”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.Bho
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WARP
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07EF0649-D5BA-4139-B0A2-4D047F223B2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4889BC79-638C-4D09-99A3-2CB4AD8AB956}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D55D6501-3AFD-44B6-8C7D-4E5C6293EE33}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07EF0649-D5BA-4139-B0A2-4D047F223B2D}
================================================================================
All Done
greetings from Holland by the way…
thx man, just what i needed!!!
You the Man!
Oh my goodness, thank you so, so, so, so much!!!!!
God bless your soul! I’ve had this problem for days and it has been driving me nuts (especially, since it would crash windows explorer randomly).
Thank you so much!
you know what really makes me happy?
people like you who take the time to research the cure of this virus and then share it with other people, if there were more people like you on this earth we would probably completely rid the world of faggot virus geeks who have no life and get off on destroying peoples computers
you are honestly a saint, you fixed my machine from being hacked, you fixed my family from a potential secret information retrieval, and YOU have made a kid very happy so bless you! and well done and thankyou so very much!! thankyou thankyou thankyou! you are a bloody legend mate well DONE!
you are a legend! thanks for the help!
@Phil I believe your computer may still be infected by a different virus. Another possible cause is having too many applications running on the background. Hope that helps.
solved the problem on my computer, Thanks ShadowPuterDude
Thanks alot man,
that was getting real annoying..but that program worked,
even tho it was a slightly different virus
Yes, This is what i’m talking about.
You the man!
Give Big Thanks for Dennison Uy
and ShadowPuterDude of Malwareteks.
[…] ku minta bantuan om ku, yakni om gogel, dan finnaly ketemu juga yang kucari2. Baca Artikel ini atau untuk download Removal […]
[…] ku minta bantuan om ku, yakni om gogel, dan finnaly ketemu juga yang kucari2. Baca Artikel ini atau untuk download Removal […]
THANK YOU!! :]
Great Job !
Ok, I think it’s safe for me to say (touch wood) that my computer is now running normally. Windows Live One Care advises the removal of AVG and (after spending ages trying to uninstall it and scanning with various other applications) AVG went and my PC returned to normal.
Needless to say, I’m confused. Did the trojan originally mentioned in this blog download something that attacks AVG? To be quite honest, that’s the only thing I can think of.
Anyway, thanks again. Without this blog I’d still have those annoying “system error” messages!
Thanks a lot for putting together this blog, mate. Although my problems aren’t all fixed yet it has at least given me some hope.
I was getting those exact “Attention, some dangerous trojan horses detected” messages, and the FixIEDef seems to have stopped these pop ups for now. It deleted a file: c:\Windows\system32\tbs.dll. No registries were deleted though.
But, on top of those messages, something has really slowed down my Windows. Since the FixIEDef fix it has sped up slightly but it is still hoplessly slow. Spydoctor and AVG can’t find anything. I’m currently downloading the trial of Windows Live One Care which has got rid of the most malicious and undetectable files I’ve had in the past… but the way things are going, I’m not holding my breath.
Any more advice or info would be much appreciated, guys.
This did nothing for me, still getting the same pop ups, adaware, avg and windows defender also doing nothing.
thank you so much!I really didn’t know what to do!:)
It’s been a while since I’ve check Dennison’s blog.
This is not a Virus, it’s a Trojan. There is a difference. Also this is not a remote Access/Administration Tool (RAT), it is a Downloader.
The Trojan connects to a specific URL looking for instructions on what to download next. For the past year it’s singular behavior is to display fake warnings every time you open Internet Explorer or Windows Explorer in an attempt to get you to download and purchase a rogue security application. They are after your money.
I know exactly what this does to your system, I’ve been tracking these guys for nearly a year, and run complete forensics on what this thing does to your system. Each and every time they release a new downloader. Which is 3-5 times a week. FixIEDef removes this Trojan completely from the system. Removes all files and registry entries added by the dropper.
Since the perpetrators of this fraud , change the infection frequently; FixIEDef doesn’t always contain the newest variant. I normally have the new dropper within minutes of its release onto the net. I’m not the only one watching these criminals. Unless I have to code entirely new routines and functions, FixIEDef is updated and published within an hour or two of the new variant being released.
If the new variant requires new routines and functions, then it may take a day or two before the tool is updated and published for general release. New code requires extensive testing before release.
OMG, i did this a few days ago, and it didnt work, i tried it again today, and(i dont know if necesary)restarted my pc right after the scan, and now its gone
thanx!!!!
it did work for me, but after so many files deleted, it just started right over, is there something i missed?
guys, this virus is supposed to give the controller of it remote access to your machine.
I’m reinstalling. it’s not worth the assumed potential risk even if it was removed.
I freaking hate Windows.
Thanks buddy,
You just save lie life. I apply all the techniques to get rid of this sit but nothing work. This exe work like a miracle.
Hi.. i got problems with this virus… i ran the FixIEDef but nothing, the log says that nothing was found, and the message is continue apearing…
Thanks, Its works
Hi All,
Worked great for me, deleted three files and 2 registry entries
Many Thanks
Dodgy
Olá, tenho uma duvida sobre Virus e gostaria aqui dividir com todos e quem sabe ser esclarecido por alguem.
É o seguinte: Ando tentando encontrar uma KEYGEN pra ativar os complementos do Adobe CS3. Bom, o fato é q todo vez q encontro e baixo uma desses Geradores de Codigos meu Anti-Virus detecta em cada um deles alguns virus como “Trojan”. Ja li alguma coisa sobre e alguns dizem ser eles inovencivos pq os Antivirus acusam tais “programinhas”. Qual a opniao de vcs?
Muito Obrigado pela atençao.
Grato!!
Thank you so much for this- it had been driving me insane-
it only took a few minutes to download and run- and it’s gone!!
Thanks again!!
You rule- i owe ya one.
Thank You Dennison! I was very worried when the results of the scan using nod said that my laptop was clean, when I knew it had a virus; your post totally solved my problem.
it doesnt work man….the antivirus/antispyware deletes it…but when i restart it appears again……plz help
dude
thnx a lot.
Thanks very much. You are such a genius!
i dont think it worked, it reads for me
!!! Files that have been deleted !!!
——————————————————————————–
!!! Directories that have been removed !!!
No malicious directories to be removed
did it work, or not? please email me.
ShadowPuterDude - you ROCK!! Working on a friends puter and your routen fixed it right up!!!
Thanks to Dennison Uy for posting this!!!
With out you both I would not have found this or fixed it.
Thank you all for the words of appreciation. To answer Supreme Victory’s question, the author ShadowPuterDude does have a Paypal account. Just click on the donation link on his home page at http://www.malwareteks.com/
Thank you so much for the info! I’ve been really worried about this virus… I’ve been running two anti-virus programs already and none worked. Thank you so much for your help
You know what? i love you guys! seriously! lol anyways this fixed it, it wasn’t much of a threat just annoying xD
so Thankyou!!!!!!!!
omg thx u so much one run and my problems were gone
thanks!!! you are a life saver.
Thanx
it works great!
Thank u too the author, jesus fucking christ, i spent hours fucking with other spyware programs, if the man who designed this program put up a paypal id send him a few dollars, lol
my cousin got this problem and he deleted the files but its still there. please help he e-mail me if you wanna!
Grazie mille io sono italiano e avevo questo virus da giorni grazie a te ho risolto il problema sei il migliore!
Thanks a ton. You saved me from this bugging.
Thanks! Worked for me:)
Same here, there was no running process.
Couldn’t detect it at all, spent half an hour wondering before I gave up and asked Google.
Thanks for the info~
Jackie
Thank you very much for this information! It worked like a charm and will keep it for future use!
Dude, thanks, this is awesome, i was almost crying 5 minutes before till i see your blog. thanks!
very very very thank you.. i have gone crazy about this f*cking thing… I guess it completely removed from my comp. thanks dude
Thanks a bunch! My mother-in-law got this and I searched the net right away. Came upon this post in a matter of 2 minutes. Saved me hours of pain. Thanks
very helpfull , thanks
WOW!! is all I can say. I was struggling with this F-ing hijacking son of a B for a few days and this simple tool removed. GREAT JOB and many thanks.
woo hoo! worked like a champ
Thanks man! you just saved my life!
Emin’s last blog post..Undergraduate Scholarships for International Students/Australia
Thank you SOOOOO much…I just spend 3 hours figthting this thing…on a BRAND NEW computer! Was ready to throw it out the window until I found this…so THANX!!!!!!!
thanks dude.that worked…
thnks man you are a genious…..
THANKSSSSS
U ARE THE BEST
Just want to say I was honestly skeptical about downloading this and was not sure but I took the leap of faith and it took care of the virus.
Thank you very much.
Thanks so much. I too was about to nuke my hard drive, but this worked like a charm.
Thanks a lot. I had the same problem and had made up my mind to reinstall my system.Finally Tried “FixIEDef “.It worked like a dream and solved the Problem.
Thanks a million! Saved my laptop - spent a whole downloading different AV’s and anti-spyware and Widnows Defender - nothing helped….except this…should have done a google search before. ShadowPuterDude you’re the best!
By the way does anyone know what I should have installed on my laptop to prevent this and anthing else that might pop-up? E.g. AVG, Panda, Spydoctorm Adaware etc…any expert advice would be great (because it seems a lot of websites have differing opinions on what is the best!). Thanking everyone in advance.
thanx a bunch!!
Worked like a charm. Thanks so much!
i tried both in normal and safe mode.nothing happened.please give me an advice on how to remove that friggin virus of my pc. :@
worked, thanks for the fix. damn trojan’s. thats why i stick with lifestyles.
thanks a lot..its working very fine…and solved my problem
[…] La soluzione si è dimostrata molto semplice, in quanto si trattava più che altro di un piccolo “sputtanamento” di chiavi di registro e di qualche DLL maligna, come spiegato nel sito di codesignstudios. […]
Thanks for the advice
THANKS!! You da man.
Awesome.
Thanks a lot, it helped:)
it wont work,………. leme try on the safe mode xD wish me luck
Thanks so much !!! FixIEDef saved my life!!!
thanks dude
it works
thankz alot man
thanks sooo much! It works!
Also adding my thanks. Hopefully it’s gone, although I didn’t get a log or anything, it just ran a scan and then said scan finished. Does this sound right?
hey thank you,
I luv you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! lol
eset failed me
Thanks alot man cause that virus was pissing me of!
Hi
it works thnx man. Now i can go further with my business!
Thanks, Man !! This saved my day. The bloody trojan didnt allow me to access any internet pages, as every click used to try taking me to the ‘free-virsucan.com…’ site. Finally I had to install mozilla browser to search for help and then run this utility.
Thanks a ton !!
THanks
it worked for me very well.
thank u so much . it’s so great
OMG MAN THANKS SOOOOO MUCH!!!!
IM COMMON TO TROJAN VIRUSES CAUSE I “PIRATE” ALOT
BUT THANKS MAN!!!!!
IVE HAD TO REFORMAT MY COMP ABOUT 4 TIMES THIS YEAR THANKS FOR SAVING ME 70$
Can someone please help! I had the the first time, and used this and it worked. Now I have it again, and I used it again and it still has that pop up! PLEASE HELP!
Great work!! thanks a lot.
Mr. AJ. it seems you don’t surf internet, you cultivate virus.
If there is any way to export the virus, you could be new bill gates. ha,ha,ha
Hi, thanks for the program, fixed all my problems
AJ, i got version: 1.5.0.94854…….
dunno know if its the latest version, but it seems like it
I wonder if I have a new variant since the original post of this forum. I had dozens of “attention…” pop-ups and similar “errors” which would cause more pop-up windows to order anti-virus or malware-removal sites. The program worked to stop most of the pop-ups, but a few still show up. The difference is that I can click them to close now.
The new problems since is that I have problems starting up, to the point where sometimes I can’t even get to desktop, or the desktop goes black on me. I noticed one person above said that they can’t see the extention to their files anymore. I noticed the same thing. I have a ton of other files in the /Windows directory when this trojan first appeared.
Maybe an updated version will come up soon to fully remove this trojan and some lasting side effects?
thank you, thank you, thank you so much…
this program was so great !!!!!!!
Two sleepless nights trying to get rid of the virus i unknowingly infected the wife’s computer with. now that the computer is free of the virus, i am now allowed to sleep with the wife again. YEAH!
Had the issue earlier, googled it and came to this blog. Tried the program and it worked like a charm, thanks a lot!
WOW. glad i got rid of that i was about to toss my compter out the window then run out with matches and gas and light it on fire. then hit it with a bat till the ashes was beat into the ground
i used this program it works perfectly. althought mcafee didnt find the rat this fixed it . now i can click my computer safely and anydocuments i have. i had the rat for 5 minuets and its gone now :D. tyvm
Cool, thx for that. It really helped.
you say using a anti-virus is a easy option, What other options are there? im interested.
Thanks man really worked, cool dude thanks again
Nice program.
I run it and the log says it not find anything but now the mailware is gone.
Thanks
THANK YOU, THANK YOU, THANK YOU!!!
I was ready to call McAfee and pay $2.95 per miniute
If I could hug you I would - I’m hugging my puter instead.
Thanks again!
Thanks a lot!! You have done a great help. Keep going
Thank you so much, my computer just got infected with this today and Firefox did not solve the problem… I have a terrible history with computers and this is the family’s computer, my parents threatened to never by me a electronic device again if I recked it… anyway sorry to ramble on but i just want to say thank you so much for this post
THANK YOU SOOOOOOOOOOOOOOOO MUCH!!! IT WORKED!
thanks — really helped — usually very careful not sure how it happened though!
thank you very much…
it’s gone…
great work…
THANK You!!!
Thank you. It worked great.
I tried few antivirus and spyware softwares before this and none worked.
Brilliant!!
THANK U VERY MUCH ! IT SOLVED MY PROBLEMS ! :>
Worked great and quick. Thanx a lot.
Thanks, ShadowPuterDude,
This virus is a weird one, no services or processes (on task manager or start up) and couldn’t find anything in Application data, stumped me, and Trend Micro couldn’t even find it.
I wonder how i got it, i don’t use IE, only FF3
Hey Dude ! thnx a lot ! its all happened just like that and the virus vanished
Thank You!!! ACIŪ from Lithuania:)
Hi it only took a minute, and for now everything seems just dandy, thanx, if I get a problem I’ll repost.
thought i’d let you see a copy of my log, thanx again! happy campin everybody!
********************************************************************************
* *
* FixIEDef Log *
* Version 1.4.20.5956 *
* *
********************************************************************************
Created at 19:17:49 on Friday, July 11, 2008
Time Zone : (GMT-08:00) Pacific Time (US & Canada)
Logged On User : Pax
Operating System : Microsoft Windows XP Home Edition Service Pack 2
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel(R) Pentium(R) 4 CPU 2.00GHz
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
Total Physical Memory : 1039695872 bytes
Free Physical Memory : 678484 bytes
Total Virtual Memory : 2097024 bytes
Free Virtual Memory : 2054012 bytes
Boot State : Normal boot
——————————————————————————–
!!! Files that have been deleted !!!
C:\Program Files\Codec Pack - All In 1\DivXconfig.exe
C:\Program Files\Codec Pack - All In 1\ac3filter.ico
C:\Program Files\Codec Pack - All In 1\DivXSetup.ico
C:\Program Files\Codec Pack - All In 1\dvobsub.ico
C:\Program Files\Codec Pack - All In 1\ffdshow.ico
C:\Program Files\Codec Pack - All In 1\g400.ico
C:\Program Files\Codec Pack - All In 1\ie.ico
C:\Program Files\Codec Pack - All In 1\irunin.bmp
C:\Program Files\Codec Pack - All In 1\irunin.dat
C:\Program Files\Codec Pack - All In 1\irunin.ini
C:\Program Files\Codec Pack - All In 1\irunin.lng
C:\Program Files\Codec Pack - All In 1\Thumbs.db
C:\Program Files\Codec Pack - All In 1\verze.txt
C:\Program Files\Codec Pack - All In 1\xvid.ico
C:\WINDOWS\system32\nvgflt.dll
——————————————————————————–
!!! Directories that have been removed !!!
C:\Program Files\Codec Pack - All In 1
——————————————————————————–
!!! Registry entries that have been removed !!!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind “comment”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFE59EC6-5491-4EF3-BA0D-77B0D895B4F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4937D5D1-2039-409A-BD83-FEC9B39B2356}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFE59EC6-5491-4EF3-BA0D-77B0D895B4F7}
================================================================================
All Done
ShadowPuterDude
Safe Surfing!!!
hi, thanks a lot. I have remove IE virus with your tool.
Thanks again.
It didn’t work and the log show
!!! Files that have been deleted !!!
No malicious files found
——————————————————————————–
!!! Directories that have been removed !!!
No malicious directories to be removed
——————————————————————————–
!!! Registry entries that have been removed !!!
No malicious Registry entries found
Please could anyone help
OMGG. thank you soo much. I almost wanted to kick my computer. thanks soo much u r suchaa lifesaver
Thxs i been trying to fix this problem for like a week
thxs to Dennison Uy for pointing this program out
thxs to ShadowPuterDude for developing the program
i know youve received so many thanks and this will probably fall on deaf ears but i just had to make my point. THANK YOU SO MUUUUUCH
THANK YOU you are a lifesaver that was terribly annoying and i’ve never seen anything like it
My log says:
——————————————————————————-
!!! Registry entries that have been removed !!!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp.1
But those entries are still there. Please help me get these deleted!!!
…got the infection from keygen….
Thanks! Works great!
sorry I got blocked again, I will be more careful.
Thanks Man! ITS GREAT
Its working Normal again……
You saved my day! Hats Off to you….
YOU ROCK MAN>> THANKS!! WAS JUST ABOUT TO REINSTALL!!!
Thanks, it worked great on my Laptop and my PC…
rwmurrow,
All auto-bans have been cleared.
You are moving from page to page too quickly. The software sees this as “flooding” and if you continue to keep clicking on pages after the pop-up warning, you will be banned automatically.
This is a defense mechanism to mitigate DDoS attacks.
I got banned again.
Thanks very much, it help in one minute, after i has problem from keygen.
Great Post.
Fix my problem.
It worked.
I had this problem since I ran an ugly Keygen a few hours ago for a WM6 app. (so far I trusted on NOD32 so much that dared to run any exe, so far it always denied it if infected - this is first time I ran into a problem file that passed it)
Not even reboot or Safe Mode was needed, just run the exe and worked - no more pop-up on explorer clicks.
Thank you for the help and for the FixIEDef developer.
Dear ShadowPuterDude and Dennison,
Thank you very much. At first, I get frustated. But now, I can relax because of your GREAT Tool.
Even My BitDefender Total Security 2008 can not detect the virus.
The Virus is very unique, though. It’s really interesting.
Joned. Indonesia.
datedoctor_papi@yahoo.com
Thanks bro!
It seems the problem is solved!
Hi man,
I faced the problem and it drove me crazy. I have tried to scan the virus but nothing detected. Because IE always lead me to that website, it make me install mozilla and get the information about this virus on this page.
Your solution works well and really help me.
Thank you, dude..!!
As I stated earlier, the site software has built in protection against flooding. If you are moving between pages quickly the software will see this behavior as “Flooding” and will automatically ban your IP.
I have cleared all auto banned IPs, again this morning. You should now be able to reach the site.
Yeah I was browsing your malware tools as the FixIEDef didnt fix my issue and suddenly I couldnt go to your website anymore
i was like omg this site mite fix my problem! and then i got banned and went omg this suxs
Try now.
The site software has an auto ban feature, that if flooding is detected it will automatically ban the IP if you are detected as clicking on pages to quickly.
I just removed a bunch of banned IPs that were Banned for Flooding.
I mean, I posted in someone else’s forum and now I am denied access to the site
I can’t get onto the your website anymore shadow dude. did I get booted?
Hey guy
thank you it solved my troubles!!!
thanks!!!!!!
Couldn’t get to a fix because of the constant redirecting of my IE browser. Finally opened FireFox in order to get access to any website other than the one of the jackass who infected me. Good thing I already had that installed and operational.
BUT - as soon as I used The Fix, I found that now all of my files have changed so the extensions are visible in all of the names. I think there’s an easy fix to this, but… anyone else experiencing the same issue?
By the way, here’s the WhoIs info for the criminal who is responsible for this particular malware:
http://free-viruscan.com = [ 58.65.238.34 ]
(Asked whois.estdomains.com:43 about free-viruscan.com)
Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: FREE-VIRUSCAN.COM
Registrant:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Creation Date: 18-Jun-2008
Expiration Date: 18-Jun-2009
Domain servers in listed order:
ns2.free-viruscan.com
ns1.free-viruscan.com
Administrative Contact:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Technical Contact:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Billing Contact:
N/A
Alexander iedefender@gmail.com
Yborevicha street
Kiev
Kiev Oblast 93000
UA
Tel. 380.993363649
Status: ACTIVE
Thank you very much!!!
Amazing ..awesome..excellent….realy thanx a milion
Thank you so much. This was driving me nuts! Avast couldn’t even get rid of it. I use Firefox too but I need IE for some things as well.
All I can say is thank you - I too was tearing my hair out.
Ha i usualy never reply/comment on blogs but damn this shit saved my ass, and it was fast. thanks man.
Hi….I run this..but could not remove this virus….
the following is the out put log file:-
!!! Files that have been deleted !!!
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\*.*
——————————————————————————–
!!! Directories that have been removed !!!
No malicious directories to be removed
——————————————————————————–
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
Awesome program and advice, really appreciate it!
First , this is not the OFFICIAL support site for FixIEDef.
I don’t know how many times I can say this before it sinks in.
Second,the authors of the IE Defender Family of ‘Fake Alert’ Trojans release at least 3 new variant’s each week.
There is no way that FixIEDef will be be able to remove every possible variant of the IE Defender Family of ‘Fake Alert’ Trojans..
If you suspect that you are infected with a variant of the IE Defender Family of ‘Fake Alert’ Trojans, post in Malware Removal Forum of malwareteks.com
Thanks, it worked for me.
Hello, this removal tool doesn’t remove the IE virus on my computer. Please help me. The problem it’s same at Aleks.
THANK YOU V MUCH. IT WORKED GREAT TO REMOVE “FREE-VIRUSSCAN” VIRUS WITHIN A MINUTE.
The FixIEDef log should be on your Desktop.
Looks to have worked for me too.. Thanks a million. The window says creating log, but I couldnt locate it. Can you point me to the probable location ?
Thank you guy, I was been mad to remove this virus, nothing detected it, but now this program worked very good to destroy it :-DDDD
OMG its worked & kicked that f*****g virus a** :))
very very thanx to the author
I noticed the author of that program came on briefly and in case he ever does again I just want to say THANK YOU. I ran some really great anti-virus and anti-spyware crap and nothing caught this son of a bitch except for yours! *BIG HUG*
I have the Kaspersky and it doesn’t found nothing! Thank you!
You’re my new hero! Ths
wow.. it worked really, even on vista.. hope i didn’t get an even worser virus now..
Thanks a million…i was worried about the virus
this finally worked….
soyware doctor and norton could not do nething to get this problem sorted…
but this program finally did…
thanks to all…
Thanks…Worked for me…
Im happy that good people like you are around
Thanks…
Thanks a lot!!!!!!!!!!!!! one more saved laptop!!!!!!!!!!!!!
Thanks a lot for this fix… i too had that damn virus and after trying to get rid on my own i finally accepted that its beyond my capabilities and ended up here. Thanks again for the fix!
Thanks thanks thanks
it works for me too.This is the real salvation:)
hi,, lot of thanks to u.. it really work out!!
Hello, Jatin,
As I have stated in an earlier comment, this is not the support site for FixIEDef,
Please go to mawareteks.com, register and then post in the FixIEDef support forum.
I just tried it, and it didnt work! What am I doing wrong!
thank you so much puter dude you are the man!!!!!!!!!!! i almost threw my computer against the wall!!! now its fixed
As the author of the tool.
This is not the support site for FixIEDef, this is simply a blog by Dennison about how FixIEDef solved the problem for him.
There is nothing wrong with your log, it is simply stating that FixIEDef found nothing to remove.
There are a few hundred variants of the IE Defender family of ‘Fake Alert’ Trojans. New variants are constantly being unleashed on unsuspecting surfers. Because of this there will be variants not included in FixIEDef’s database.
I am currently researching a new ’strain’ of the IE Defender ‘Fake Alert’ Trojan. An updated tool should be out tomorrow, if not tonight.
If you are experiencing problems with FixIEDef or something is not being removed, that you think should be targeted by FixIEDef; then you need to register at malwareteks, and start a support thread in the forums.
MalwarTeks is the support site for FixIEDef.
Hey, I have a problem with FixIEDef…
Here what it shows in the log after scanning:
——————————————————————————–
!!! Files that have been deleted !!!
No malicious files found
——————————————————————————–
!!! Directories that have been removed !!!
No malicious directories to be removed
——————————————————————————–
!!! Registry entries that have been removed !!!
No malicious Registry entries found
thanks a lot maaaaaan !!!
Jitendra,
If it was as simple as killing the running process and then deleting the malicious file; then there would be no need for FixIEDef. There is way more to the infection then just a file.
Dani,
Then you have a variant that is not currently targeted by FixIEDef.
Visit my site and post a HijackThis log. That will give me some clue as to what is going on.
Well… I have the virus, I ran the FixIEDef.exe…
But, it did’nt work…
Kill the xmlsys.dll from taskmanager and delete following file to remove this virus.
C:\WINDOWS\system32\xmlsys.dll
Or use FixIEDef.exe to remove it.
Enjoy!!!!!!
Thanks very much!
Now, my computer run well
Realmente me funcionó el programa, saludos.
Gracias
Thank you, your’e great, this thing was keeping me from opening program files and documents, really thanks a lot
Thanks, SPD. It’s great to have geniuses like u
It’s really works! Thanks MAN! :)))
ESED Smart Security don’t find this trojan
Thanks for your excellent FixIEDef
thank you…thank you…thank you…thank you…thank you…thank you…thank you…thank you…thank you…thank you…thank you…thank you…
Happy camper #2, thank you so very much!
thanks a lot!
it works!
Another happy camper!! Thanks worked as advertised on XP system. Virus deleted in mere minutes.
Ty your like god to me teehee
Thanks a lot … u solved my problem
THANK YOU VERY MUCH!! Great help.
wow tks lots for this GREAT help
Thank you very much to the Malwareteks team, and you for putting the solution up on the internet and to Google which helped me find your site. Solved my problem like a charm. It was quite annoying. Thanks once again!
Thank you!
Randy’s last blog post..UMASS Dartmouth Men’s Restroom - North Dartmouth, MA
thank you!
thanks - worked - I’m switching to a mac as soon as I get some money , I’ve had enough so has Bill
In Vista change compatibility to XP SP2 and Run as Administrator.
Thanks.
Thank you so much. I finally got rid of that annoying thing. now i can work back again…. swiftly… Thanks again… U R d BEST!
wow thnx
THANK U M8!!! U ARE REAL HERO FOR ME. good luck in life..
hope these virus developers will rot and die.
thank you
I tried McAfee, AVG, Lavasoft, and a lot more BUT the virus DIDN’T DISAPPEAR.
This one finally works! Thank you very much.
Thanks, it help solve my problem
awesome ! thanks a billion !
hey thank you so much…
Brilliant. Just brilliant. I was reading the comments and saw that some people who were running vista had problems. I ran it once and it was still there. So i just changed the compatability to xp service pack 2 and ran it in admin privileges and bam. G-O-N-E. Hope that helps anyone else. Thank you ever so much.
Cool! Best tool ever when anti-virus can not perform.
Sorry, Windows Script 5.7 and Windows Script 5.6
Windows Scripting is not working correctly on your system.
Download and install:
Windows 5.7 if using XP
Windows 5.6 if using Windows 2000.
If this doesn’t resolve the issue, then there is a tool that can be used to rebuild the WMI engine.
Windows Scripting is not working properly on your system.
For Windows XP, download and Install Windows Script 5.7
http://www.microsoft.com/downloads/details.aspx?FamilyID=47809025-D896-482E-A0D6-524E7E844D81&displaylang=en
For Windows 2000, download and install Windows Script 5.6
http://www.microsoft.com/downloads/details.aspx?FamilyId=C717D943-7E4B-4622-86EB-95A22B832CAA&displaylang=en#Requirements
I have tried running this removal tool but I just get the error message:
Line -1:
Error: Variable must be of type “Object1″
Can someone help me, this virus isn’t getting picked up by AVG for some reason, and I can’t get rid of it!
thanks, i like this tools. verry good.
Add me to the list of ppl who are thankful for the tool!
Thought I might’ve had to resort to completely formatting the computer.. Thanks for this, fixed it in a matter of seconds :D.
hi
thanks. It worked very well
only one minute
OMG something that actually works first time with no probs at all.
I had this virus on xp using firefox, bin driving me mad for weeks, cleaned it up in seconds.
Thanks a lot.
thanks man I almost got nuts
Thank you Dennison. It resolved my problem too in one minute. God bless u!
Thanks Man, I use XP Service pack 2 and Firefox 2 with Kaspersky antivirus, not much has got past kaspersky, but this one did, fix was excellent and so easy.
run the program in safe mode!
cheers
Hey SPD thanks for dropping by and for releasing the FixIEDef program. As evident by the comments here it saved a lot of lives. Cheers!
Thanks mate, it solved the popup when I was trying to enter the WINDOWS folder.
I’m glad to be helped.
Hi !!!!!
thank’s a lot for this page !!!! You have made me experience how to kill this problem….My computer has been infected like this then I searched how to kill the proccess and I get your page…
Thank’s a lot yach !!!!
It helps me !!!!
GBU
- Natasha - Indonesia -
FixIEDef has been updated to include the newest variant .
FixIEDef does run on Vista.
Any tool that alerts on FixIEDef as being a Trojan is incorrect. It is alerting on the signatures of files targeted by FixIEDef for removal.
If you are experiencing problems with FixIEDef; please visit my site and report issues in the bug tracker or start a support thread in the forum.
Oh My God this lprogram really worked thanks…This is a proof that people can actually help you online. I downloaded a key gen and all of a sudden my IE was acting up giving me this error message..Thank God I found this site..
A girl from Montreal
Encontrastes la solución?
Entonces eres bueno, manolo, tio hombre!
It worked for me. Where can you find the logs for this nifty program?
this dose not work for me, probably because i am running Vista.
i had this problem once before and got rid of it but i can’t seem to remember how but i can remember that u have to find it in regedit and remove it
uhm this wont work for me any know why?
Thnx DUde…. Maan this fraekin virus….
great post …tHANks million….
thanks a lot! it fixed my issue too…only took about a minute…
It worked! Thank you!
thanks dude,
i had the same problem this morning by inserting my usb key in my computer and it’s gone with FixIEDef…
hey great work dude!!!!!!!!!!!!!
i also had same problem today i got it cleared…
!!! All Finshed !!!
Thanks, my virus got removed. Now i m doing further investigation.
Thanks it resolved my errors.
Hi,
I also have this problem, and the fix isn’t fixing it! BTW, i DO use firefox. I click on the box (yes or no) and it opens up firefox and takes me to that web page.
To godie:
I don’t know how Firefox manages this threat, but I want to mention that neither IE nor Opera do. I’ll probably use FixIEDef, because I can’t get the warnings off my PC… despite two antiviruses scanning in turns and one more antispyware solution. No, they don’t conflict, but yes, they can do almost nothing.
I quite agree with the author… a rare kind of truly smart viruses… I’d be sorry for the lack of these, had they been less annoying.
MACAFEE noticed a trojan and shut that FIXIEDEF.exe down!
I guess you’re using IE? Its a BHO (browser helper object) which can be installed through exploit on IE silently. I guess your windows is not patched too for that to happen.
Fortunately BHOs can’t (by default) do much damage except do annoying stuff or fool you into downloading more dangerous program.
The problem with IE is aside from being a web browser, its also Window’s file manager so BHOs also runs when youre just browsing your files.
Get FireFox now and never use IE for Internet browsing.
godie’s last blog post..First True Mobile P2P Solution Developed in Philippines