What is IE Defender?
Rogue anti-spyware software, which is loaded on PC with the help of Browser Helper Object under the same name - "IE Defender". Once the IE Defender has been installed, it starts displaying fake security messages that the system is in danger and licensed version is compulsory in case to remove found threats. Google and Yahoo searches can be corrupted and redirected to aforesaid rogue software homepage.
The following fake warning messages keep popping (Internet Explorer):
Google Error:
"Your computer is infected! Some of your search results were changed by spyware. You have to clean your pc and we recommend to use our antispyware!"
Yahoo Search Error!
"Your computer is infected! Some of your search results were changed by spyware. You have to clean your pc and Yahoo Team recommend to use our ANTISPYWARE!"
Also known as IEDefender, IE Defender 2.2 (or 2.3).
The following fake warning messages keep popping (Internet Explorer):
Google Error:
"Your computer is infected! Some of your search results were changed by spyware. You have to clean your pc and we recommend to use our antispyware!"
Yahoo Search Error!
"Your computer is infected! Some of your search results were changed by spyware. You have to clean your pc and Yahoo Team recommend to use our ANTISPYWARE!"
Also known as IEDefender, IE Defender 2.2 (or 2.3).
IE Defender removal tool:
- Spyware Doctor (see here for the installation guide)
Screenshot:
IE Defender Entries:
The following dll files are created: a3gpcodec.dll, aDivX.dll, bDivX.dll, corpol.dll, dx50codec.dll, IntelVideo.dll, IntelVideoDivX.dll, IR9V0_QCX.dll, IR9V0_QCX.dll, mp3avi.dll, mscfg32.dll, msvideo.dll, pdswin.dll, pmspl.dll, PowerVideo.dll, stream32a.dll, sysdivx.dll, sysvideo32.dll, Video32.dll, VideoMP3.dll, XunLeiBHO_Now.dll, windivx.dll, websrc32.dll, poswin.dll, pwnbho.dll, oggview32.dll
Hijackthis Entries:
O2 Entries:
* - can also be found under different CLSIDs.
O2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dll
O2 - BHO: AlphaDivX - {3B236BEE-8200-421D-919D-CA17D5739D8F} - C:\WINDOWS\system32\aDivX.dll
O2 - BHO: BetaDivX - {48BF2BC0-2945-11D8-8CAC-00080FC65465} - C:\WINDOWS\system32\IR9V0_QCX.dll
O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\Windows\System32\bDivX.dll
O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll
O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll
O2 - BHO: IntelVideoCodec - {AF36E90A-44CA-4EE3-B578-C07383623217} - C:\Windows\System32\Video32.dll
O2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dll
O2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dll
O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll *
*
{5AF8125F-9BB3-482D-8B49-B4B3E9D8DB59}
{333E0189-EB79-4D24-BA64-FAF768284313}
{032706C0-EB72-4DF0-ABF6-B89958D2A6CC}
{66D69CC1-5373-4730-AB8E-24D2AB7FF95F}
{7E4C5F57-FF13-4006-A5F6-BE97D9CD6261}
{323301C5-CB6B-490C-B59F-E7FAD4D69C93}
{065B1210-E57F-41AD-90C5-F70D63388640}
{A9A82440-64E7-4177-86AE-B58DEE731AF3}
{BD907325-42B2-4077-BA63-F636B627C998}
O2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dll *
*
{9A1EF21C-B0D4-4EB0-894F-CBAE2F4D0A82}
O2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dll *
*
{6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F}
{5DE176A4-B5FF-4D50-B084-E047526B8E97}
O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dll *
*
{F02B8C83-C817-4EA2-A499-29257DA0373A}
{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}
O2 - BHO: Video - {15FEB658-AACC-412E-BC13-D54CFD74A8F6} - C:\Windows\stream32a.dll *
*
{6430CCA7-032A-4EB0-BCFF-838998E73EF5}
{14A6B963-7C6C-414B-B5BD-9CD0929F928F}
{02788C74-8A3E-455D-9820-59784297DF96}
O2 - BHO: Video - {632F6863-1E54-49FC-A72F-BDEE592EAD52} - C:\WINDOWS\windivx.dll *
*
{D0995F82-90C7-4C78-9B4C-C1700FB8B120}
{38329D14-1302-4CA7-BEE4-C954516C43B3}
{4AB15165-917A-4AE4-AE42-7FF13F61805B}
{BC462E4B-C520-4CA9-B1EC-A7DD36FD6D0A}
{F5E81149-92B2-47D2-A12B-1B966AB46EA7}
O2 - BHO: Video - {80590BC5-F4BA-4AD1-B216-C19EE86E2A77} - C:\WINDOWS\msvideo.dll
O2 - BHO: System DivX4 - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - C:\WINDOWS\system32\sysvideo32.dll *
*
{0459F04A-F7CC-4F98-B66E-E19690702AE4}
{71314E7C-1713-49FA-90F2-54D275023981}
{052FB21E-D259-485E-AA2A-FDD489D090F9}
O2 - BHO: IE plugin - {6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A} - C:\WINDOWS\pmspl.dll *
*
{D17CFF74-A19C-4C36-821A-E074E4F889CA}
O2 - BHO: Web Search - {B3E45A9B-7756-46A2-AB14-90175CD374F9} - C:\WINDOWS\websrc32.dll *
*
{6A719349-BDF5-4268-9019-4ACA0C2562D2}
O2 - BHO: FireFox Viewer - {8883BBC2-E716-4C98-B12C-BB40B4A415ED} - C:\WINDOWS\corpol.dll
O2 - BHO: IE Config Tools - {E780E148-0BAC-4654-81A4-8A649F4D4A90} - C:\WINDOWS\mscfg32.dll
O2 - BHO: PDS Viewer - {E2278F85-4584-4BEE-928C-600B38C385C1} - C:\Windows\pdswin.dll
O2 - BHO: OGG Viewer - {7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520} - C:\WINDOWS\oggview.dll *
*
{82FE0677-75EC-49BF-83E9-A815F68F6212}
{90F39E5A-1C6C-4597-8B59-9AED38E88387}
O2 - BHO: player addon - {4EBAA7B0-740D-4CFA-9455-5C233BB354E1} - C:\WINDOWS\oggview32.dll
O2 - BHO: pwn plugin - {7E24E909-FB8A-4837-9DF7-05E7587CB26C} - C:\WINDOWS\pwnbho.dll *
*
{4AAC4708-FE47-4B80-92EF-47406444DDD2}
O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll *
*
{7753B2C4-8E27-4CEC-87EB-2739480D8A11}
{F60777DA-D6A6-40F6-B665-6F361C1017B6}
* - can also be found under different CLSIDs.
O2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dll
O2 - BHO: AlphaDivX - {3B236BEE-8200-421D-919D-CA17D5739D8F} - C:\WINDOWS\system32\aDivX.dll
O2 - BHO: BetaDivX - {48BF2BC0-2945-11D8-8CAC-00080FC65465} - C:\WINDOWS\system32\IR9V0_QCX.dll
O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\Windows\System32\bDivX.dll
O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll
O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll
O2 - BHO: IntelVideoCodec - {AF36E90A-44CA-4EE3-B578-C07383623217} - C:\Windows\System32\Video32.dll
O2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dll
O2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dll
O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll *
*
{5AF8125F-9BB3-482D-8B49-B4B3E9D8DB59}
{333E0189-EB79-4D24-BA64-FAF768284313}
{032706C0-EB72-4DF0-ABF6-B89958D2A6CC}
{66D69CC1-5373-4730-AB8E-24D2AB7FF95F}
{7E4C5F57-FF13-4006-A5F6-BE97D9CD6261}
{323301C5-CB6B-490C-B59F-E7FAD4D69C93}
{065B1210-E57F-41AD-90C5-F70D63388640}
{A9A82440-64E7-4177-86AE-B58DEE731AF3}
{BD907325-42B2-4077-BA63-F636B627C998}
O2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dll *
*
{9A1EF21C-B0D4-4EB0-894F-CBAE2F4D0A82}
O2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dll *
*
{6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F}
{5DE176A4-B5FF-4D50-B084-E047526B8E97}
O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dll *
*
{F02B8C83-C817-4EA2-A499-29257DA0373A}
{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}
O2 - BHO: Video - {15FEB658-AACC-412E-BC13-D54CFD74A8F6} - C:\Windows\stream32a.dll *
*
{6430CCA7-032A-4EB0-BCFF-838998E73EF5}
{14A6B963-7C6C-414B-B5BD-9CD0929F928F}
{02788C74-8A3E-455D-9820-59784297DF96}
O2 - BHO: Video - {632F6863-1E54-49FC-A72F-BDEE592EAD52} - C:\WINDOWS\windivx.dll *
*
{D0995F82-90C7-4C78-9B4C-C1700FB8B120}
{38329D14-1302-4CA7-BEE4-C954516C43B3}
{4AB15165-917A-4AE4-AE42-7FF13F61805B}
{BC462E4B-C520-4CA9-B1EC-A7DD36FD6D0A}
{F5E81149-92B2-47D2-A12B-1B966AB46EA7}
O2 - BHO: Video - {80590BC5-F4BA-4AD1-B216-C19EE86E2A77} - C:\WINDOWS\msvideo.dll
O2 - BHO: System DivX4 - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - C:\WINDOWS\system32\sysvideo32.dll *
*
{0459F04A-F7CC-4F98-B66E-E19690702AE4}
{71314E7C-1713-49FA-90F2-54D275023981}
{052FB21E-D259-485E-AA2A-FDD489D090F9}
O2 - BHO: IE plugin - {6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A} - C:\WINDOWS\pmspl.dll *
*
{D17CFF74-A19C-4C36-821A-E074E4F889CA}
O2 - BHO: Web Search - {B3E45A9B-7756-46A2-AB14-90175CD374F9} - C:\WINDOWS\websrc32.dll *
*
{6A719349-BDF5-4268-9019-4ACA0C2562D2}
O2 - BHO: FireFox Viewer - {8883BBC2-E716-4C98-B12C-BB40B4A415ED} - C:\WINDOWS\corpol.dll
O2 - BHO: IE Config Tools - {E780E148-0BAC-4654-81A4-8A649F4D4A90} - C:\WINDOWS\mscfg32.dll
O2 - BHO: PDS Viewer - {E2278F85-4584-4BEE-928C-600B38C385C1} - C:\Windows\pdswin.dll
O2 - BHO: OGG Viewer - {7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520} - C:\WINDOWS\oggview.dll *
*
{82FE0677-75EC-49BF-83E9-A815F68F6212}
{90F39E5A-1C6C-4597-8B59-9AED38E88387}
O2 - BHO: player addon - {4EBAA7B0-740D-4CFA-9455-5C233BB354E1} - C:\WINDOWS\oggview32.dll
O2 - BHO: pwn plugin - {7E24E909-FB8A-4837-9DF7-05E7587CB26C} - C:\WINDOWS\pwnbho.dll *
*
{4AAC4708-FE47-4B80-92EF-47406444DDD2}
O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll *
*
{7753B2C4-8E27-4CEC-87EB-2739480D8A11}
{F60777DA-D6A6-40F6-B665-6F361C1017B6}