IE Defender a rogue antispyware application that is starting to infect a lot of users. This particular infection is harder to remove. Also IE Defender installed in your Internet Explorer browser that hijacks searches you input into the Google and Yahoo search engines. When infected your Internet Explorer opens Google or Yahoo and make search request you will see a hijacked search result listing. You will also periodically get fake message:
Google Error
Your computer is infected! Some of your search results were changed by spyware
You have to clean your PC and we recommendto use our ANTISPYWARE!
For remove IE Defender spyware, make follow steps:
Download FixIED.reg and save the file to your desktop.
Download CCleaner. Double click on the file for install.
Download Avenger and unzip to your desktop.
Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: IE Defender
On your desktop find and double-click on the FixIED.reg file that you just downloaded. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.
Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:
Files to delete:
C:\Windows\System32\bDivX.dll
C:\Windows\System32\bDivX.dll.bak
C:\WINDOWS\system32\IR9V0_QCX.dll
C:\WINDOWS\system32\IR9V0_QCX.dll.bak
C:\Windows\System32\Video32.dll
C:\Windows\System32\Video32.dll.bak
C:\WINDOWS\system32\IntelVideo.dll
C:\WINDOWS\system32\IntelVideo.dll.bak
C:\WINDOWS\system32\IntelVideoDivX.dll
C:\WINDOWS\system32\IntelVideoDivX.dll.bak
C:\WINDOWS\system32\XunLeiBHO_Now.dll
C:\WINDOWS\system32\XunLeiBHO_Now.dll.bak
C:\Windows\System32\dx50codec.dll
C:\Windows\System32\dx50codec.dll.bak
C:\Windows\System32\a3gpcodec.dll
C:\Windows\System32\a3gpcodec.dll.bak
C:\WINDOWS\system32\aDivX.dll
C:\WINDOWS\system32\aDivX.dll.bak
C:\WINDOWS\system32\mp3avi.dll
C:\WINDOWS\system32\mp3avi.dll.bak
C:\Windows\System32\VideoMP3.dll
C:\Windows\System32\VideoMP3.dll.bak
Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.
Boot your PC in Safe Mode.
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode
Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.
Run the Panda online virus scan.
– Once you are on the Panda site click the Scan your PC button
– A new window will open…click the Check Now button
– Enter your Country
– Enter your State/Province
– Enter your e-mail address and click send
– Select either Home User or Company
– Click the big Scan Now button
– If it wants to install an ActiveX component allow it
– It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
– When download is complete, click on Local Disks to start the scan
– When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Run CCleaner.
Click Analyze button. After scan your system, click Run Cleaner.
Disable system restore to flush out infected restore points. Reboot your computer again. Turn on Windows System Restore. After that click START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE. click on “create new restore point” > click on NEXT and follow the prompts.
If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below
