How To Remove Ie Defender (removal Instructions)

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Spyware and Malware Removal Guides and Reading Room

How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

How To Remove Ie Defender (removal Instructions)

Options

Grinler View Member Profile	Oct 29 2007, 03:54 PM Post #1
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	How to remove IE Defender (Removal Instructions) Skip all of this and go to the removal instructions! What these programs do: The IE Defender infection is a Browser Helper Object installed in your Internet Explorer browser that hijacks searches you input into the Google, Yahoo, and Windows Live search engines. These hijacked searches will state that you are infected and that you need to install the IE Defender rogue anti-spyware program. You will also receive popups that state you are infected when browsing the web. The reality is that all of these messages and alerts are fake and should be ignored. When you enter a search into Google or Yahoo you will see a hijacked search result listing as shown below. IE Defender Fake Google Listings Depending on the keyword entered, the first search result will either be a link to the IE Defender home page, or a link to a page that shows a fake security warning and stating that you need to install IE Defender in order to fix it. This fake page is seen below. Fake IE Defender Search Result in Google The second result in the search engine results will be a fake warning stating that Google or Yahoo has detected that your computer is infected and that you need to install IE Defender. The third result will show a pornographic image next to a link stating it is a video on youtube. In fact, though, if you click on the link you will instead be brought to an unrelated adult site. Finally, the rest of the search engine results will bring you to a site that is currently not working. A screenshot of the IE Defender program is shown below. IE Defender Screenshot Tools Needed to remove IE Defender: SmitFraudFix Symptoms in a HijackThis Log (Other ones not listed may be present): O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll O2 - BHO: BetaDivX - {48BF2BC0-2945-11D8-8CAC-00080FC65465} - C:\WINDOWS\system32\IR9V0_QCX.dll O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\Windows\System32\bDivX.dll O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll O2 - BHO: IntelVideoCodec - {AF36E90A-44CA-4EE3-B578-C07383623217} - C:\Windows\System32\Video32.dll O2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dll O2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dll O2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dll O2 - BHO: AlphaDivX - {3B236BEE-8200-421D-919D-CA17D5739D8F} - C:\WINDOWS\system32\aDivX.dll O2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dll O2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dll O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dll O2 - BHO: Video - {6430CCA7-032A-4EB0-BCFF-838998E73EF5} - C:\WINDOWS\stream32a.dll O2 - BHO: Video - {F5E81149-92B2-47D2-A12B-1B966AB46EA7} - C:\WINDOWS\windivx.dll O2 - BHO: IE plugin - {6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A} - C:\WINDOWS\pmspl.dll O2 - BHO: Web Search - {6A719349-BDF5-4268-9019-4ACA0C2562D2} - C:\WINDOWS\websrc32.dll O2 - BHO: IE Config Tools - {E780E148-0BAC-4654-81A4-8A649F4D4A90} - C:\WINDOWS\mscfg32.dll O2 - BHO: OGG Viewer - {82FE0677-75EC-49BF-83E9-A815F68F6212} - C:\WINDOWS\oggview.dll O2 - BHO: pwn plugin - {7E24E909-FB8A-4837-9DF7-05E7587CB26C} - C:\WINDOWS\pwnbho.dll O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll O2 - BHO: player addon - {4EBAA7B0-740D-4CFA-9455-5C233BB354E1} - C:\Windows\oggview32.dll Add/Remove Programs control panel entry: IE Defender Guide Updates: 10/29/07 - Initial guide creation. 12/21/07 - Updated to include automatica removal instructions using SmitFraudFix Automated Removal Instructions for IE Defender: Print out these instructions as we will need to close every window that is open later in the fix. Download SmitfraudFix.exe from here and save it to your desktop: SmitFraudFix.exe Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below: Next, please reboot your computer into Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. When you are at the logon prompt, log in as the same user that you had performed the previous steps as. When your computer has started in safe mode, and you see the desktop, close all open Windows. Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below: When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen. You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option *Clean (safe mode recommended).* The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below. This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen. Your computer should now be free of the IEDefender infection. If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below: Preparation Guide For Use Before Posting A Hijackthis Log This is a self-help guide. Use at your own risk. BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum. If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you. -------------------- Lawrence

Grinler View Member Profile	Oct 31 2007, 08:26 AM Post #2
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated for new file: O2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dll -------------------- Lawrence

Grinler View Member Profile	Nov 8 2007, 03:49 PM Post #3
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated for: O2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dll -------------------- Lawrence

Grinler View Member Profile	Nov 18 2007, 03:28 PM Post #4
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated for new infector: O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll -------------------- Lawrence

Grinler View Member Profile	Nov 29 2007, 05:02 PM Post #5
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated for new infector: O2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dll -------------------- Lawrence

Grinler View Member Profile	Dec 12 2007, 10:26 AM Post #6
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated for new infector: O2 - BHO: Video - {F5E81149-92B2-47D2-A12B-1B966AB46EA7} - C:\Windows\windivx.dll -------------------- Lawrence

Grinler View Member Profile	Dec 15 2007, 01:44 PM Post #7
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated for new infector: O2 - BHO: IE plugin - {6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A} - C:\WINDOWS\pmspl.dll -------------------- Lawrence

Grinler View Member Profile	Dec 18 2007, 11:03 AM Post #8
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated for: O2 - BHO: IE Config Tools - {E780E148-0BAC-4654-81A4-8A649F4D4A90} - C:\WINDOWS\mscfg32.dll -------------------- Lawrence

Grinler View Member Profile	Dec 21 2007, 11:49 AM Post #9
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Added infector: O2 - BHO: OGG Viewer - {82FE0677-75EC-49BF-83E9-A815F68F6212} - C:\WINDOWS\oggview.dll -------------------- Lawrence

Grinler View Member Profile	Dec 27 2007, 12:23 PM Post #10
Bleep Bleep! Group: Admin Posts: 27,962 Joined: 24-January 04 From: USA Member No.: 3	Updated to include: O2 - BHO: pwn plugin - {7E24E909-FB8A-4837-9DF7-05E7587CB26C} - C:\WINDOWS\pwnbho.dll O2 - BHO: POS plugin - {369A87BB-07DF-4AB6-B23D-B5BF81338572} - C:\WINDOWS\poswin.dll O2 - BHO: player addon - {4EBAA7B0-740D-4CFA-9455-5C233BB354E1} - %windir%\oggview32.dll -------------------- Lawrence

« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 12th May 2008 - 05:28 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database