Home > Threats > IE Defender

What is IE Defender

Posted on 2 January 2008 under Rogue Programs

1. What is IE Defender?

Rogue anti-spyware software, which is loaded on PC with the help of Browser Helper Object under the same name - "IE Defender". Once the IE Defender has been installed, it starts displaying fake security messages that the system is in danger and licensed version is compulsory in case to remove found threats. Google and Yahoo searches can be corrupted and redirected to aforesaid rogue software homepage.
The following fake warning messages keep popping (Internet Explorer):
Google Error:
"Your computer is infected! Some of your search results were changed by spyware. You have to clean your pc and we recommend to use our antispyware!"
Yahoo Search Error!
"Your computer is infected! Some of your search results were changed by spyware. You have to clean your pc and Yahoo Team recommend to use our ANTISPYWARE!"
Also known as IEDefender, IE Defender 2.2 (or 2.3).

2. IE Defender screen shot:

IE Defender

3. How to remove IE Defender:

  1. Internet connection might be disabled or Internet browser might be blocked by IE Defender, so it won't be possible to download any files to infected computer. In this case please download all files required for IE Defender removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove IE Defender download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove IE Defender.

  5. Restart the computer to complete IE Defender removal procedure.

4. IE Defender files:

a3gpcodec.dll, aDivX.dll, bDivX.dll, corpol.dll, dx50codec.dll, IntelVideo.dll, IntelVideoDivX.dll, IR9V0_QCX.dll, IR9V0_QCX.dll, mp3avi.dll, mscfg32.dll, msvideo.dll, pdswin.dll, pmspl.dll, PowerVideo.dll, stream32a.dll, sysdivx.dll, sysvideo32.dll, Video32.dll, VideoMP3.dll, XunLeiBHO_Now.dll, windivx.dll, websrc32.dll, poswin.dll, pwnbho.dll, oggview32.dll

5. Hijackthis entries:

O2 Entries:
* - can also be found under different CLSIDs.
O2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dll
O2 - BHO: AlphaDivX - {3B236BEE-8200-421D-919D-CA17D5739D8F} - C:\WINDOWS\system32\aDivX.dll
O2 - BHO: BetaDivX - {48BF2BC0-2945-11D8-8CAC-00080FC65465} - C:\WINDOWS\system32\IR9V0_QCX.dll
O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\Windows\System32\bDivX.dll
O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll
O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll
O2 - BHO: IntelVideoCodec - {AF36E90A-44CA-4EE3-B578-C07383623217} - C:\Windows\System32\Video32.dll
O2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dll
O2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dll
O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll *
O2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dll *
O2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dll *
O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dll *
O2 - BHO: Video - {15FEB658-AACC-412E-BC13-D54CFD74A8F6} - C:\Windows\stream32a.dll *
O2 - BHO: Video - {632F6863-1E54-49FC-A72F-BDEE592EAD52} - C:\WINDOWS\windivx.dll *
O2 - BHO: Video - {80590BC5-F4BA-4AD1-B216-C19EE86E2A77} - C:\WINDOWS\msvideo.dll
O2 - BHO: System DivX4 - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - C:\WINDOWS\system32\sysvideo32.dll *
O2 - BHO: IE plugin - {6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A} - C:\WINDOWS\pmspl.dll *
O2 - BHO: Web Search - {B3E45A9B-7756-46A2-AB14-90175CD374F9} - C:\WINDOWS\websrc32.dll *
O2 - BHO: FireFox Viewer - {8883BBC2-E716-4C98-B12C-BB40B4A415ED} - C:\WINDOWS\corpol.dll
O2 - BHO: IE Config Tools - {E780E148-0BAC-4654-81A4-8A649F4D4A90} - C:\WINDOWS\mscfg32.dll
O2 - BHO: PDS Viewer - {E2278F85-4584-4BEE-928C-600B38C385C1} - C:\Windows\pdswin.dll
O2 - BHO: OGG Viewer - {7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520} - C:\WINDOWS\oggview.dll *
O2 - BHO: player addon - {4EBAA7B0-740D-4CFA-9455-5C233BB354E1} - C:\WINDOWS\oggview32.dll
O2 - BHO: pwn plugin - {7E24E909-FB8A-4837-9DF7-05E7587CB26C} - C:\WINDOWS\pwnbho.dll *
O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll *