IE Defender – Not defending you at all!
Once again another fraudware application reaches the public. This time going by the name “IE Defender“.
The infection behind this is a “Browser Helper Object” which is installed in your Internet Explorer. This one hijacks your searches. The results of your searches in the engines state that you are infected with x, y and z when in fact you probably are not, other than the hijack itself. IE Defender then introduces itself as an application that informs you it will help with all your problems. When in fact those warnings are fake. Do not purchase anything!
Multimedia Decoder is associated with this.
IE Defender looks like this:
Over the years we have reported about rogues, but they have been getting out of hand. More rogues and hijacks appear out of the woodwork and more and more of you are a victim of fraud. This is why we are here, so we can warn you ahead of any fraud being committed. Whilst there are other malware to report about and to try and shutdown, this type of fraud is still at large. Hence why we blog about it. If you do wish to complain, then you can do so at MalwareComplaints. Tell your friend, neighbour and your boss!
So what are the details for IE Defender? Well as most of them, these are a part of Estdomains Inc and Inhoster. Known organisations behind these fraudware. Inhoster are also blacklisted, or at least their IP is.
And it’s website is;
www(dot)iedefender(dot)com
If you manage to have this and need help, then make sure you visit our Malware Removal support forum. If English isn’t your first language then visit other ASAP sites with support sites for different languages.
Click here for an Automated Removal guide (IE Defender removal instructions).
Have you been a victim of this? Want to express your opinion? Then tell us!
just got it yesterday. can hardly use my PC anymore. don’t really know if I can get rid of this crap! not an IT geek myself :-)
You can remove it by simply following the automated removal guide, or of you are not sure, enter our forums for free support.
Let us know how you get on.
I will try the removal process. Will let you know how it works. Was trying to find individual files but thats tough.
It will work unless it’s:
1. A new varient and SmitFraduFix has not got it in the database.
2. The removal guide was not followed correctly.
If you still have problems, simply post the requested logs we post about at the end of the removal guide in our forum in a new topic.
My little brother was infected by this and paid for the “software.” Is the software on hxxp://www.iedefender.com/ legit or should he contact his bank and have the card cancelled?
IE Defender (or AntiSpy Pro as it’s now known) is not legit. They commit fraud and looks like they have with your “brother”.
I would get him to check his bank account and make sure any forthcoming payments, if it hasen’t been taken out yet, to be stopped.
Now back to the state of his “system”, either follow our guide or get step-by-step help in our forum.
Then complain about this at malwarecomplaints.info.
Tell them your story, or your “brother’s story”.
Andy
Hey, I got this the other day and was just wondering (i’m about to follow your removal advice for it, but just wanted to ask) does it affect the performance of my pc, other than the irritating popup that tries to direct me to www(dot)xiedefender(dot)com (the X is in the address it directs to),
I ask because since it started, I have had trouble with almost all aspects of my PC…is this associated?
Thanks,
Stevie
In a short answer, yes. A lot of these rogue programs, depending which varient, also slow a system down to a halt. I have cleaned several laptops in person withanother rogue that halted a system so much to a hold that it took 20 minutes to fully load. Once removed it booted up within a few minutes as expected.
However, you may have other crap that you may not realise you had before.
Your best bet would be to follow the guide and post any requested logs in our forum for a double check against anything else.
Remember, any help during the festive season will be limited and delayed. From the 21st onwards.
Regards, Andy
So how do you stop the popup that says you’ve been infected?
I didn’t download the program…but it pops up everytime I try to do anything in IE.
You can only stop it by removing it using removal tools we use and other methods. These are recommended to be used with a specialized helper like those in our forum.
Of course there is prevention, and that can be anserred from within our forum.
Did anyone actually bother to test the application (2.4) downloaded from iedefender[DOT]com?
In my tests, no malicious BHO was located and no malware was detected (if it was fraudware wouldn’t there be some false claims or atleast false positives?).
I believe the BHO is referring to the variant of the ‘Zlob’ trojan that installs IEDefender. After e-mailing (support@iedefender[DOT]com) they told me that this was a result of a “misbehaving afflite”. Could this be true?
Maybe someone should actually bother to test the app, this is starting to annoy me now.
———————————–
d4rkr1d3r
Hello d4rkr1d3r,
Rest assured v2.4 has been tested as will the next version and the next.
Testing and research always goes on in the background when it comes to rogues and in many cases we are ahead of the game. We already have the samples before it hits the mainstream.
As regards to e-mailing them itself. I wouldn’t listen to their comments, replies or advice if it was the last think I did. A load of cobblers.
Regards, Andy
Great, I purchased this yesterday. IE Defender. I have not received an email to confirm or anything and it surley is not helping the so-called trojan virus that has infected my computer, at home. I’m definetly not a member of the Geek Squad, so I am a little oblivious to all of this. I am going to print this page out and try it when I get home. Thanks. Cross your fingers for me.
Yes I understand your point Andy as I am also a malware analyst. However, during the tests I carried out on ‘IEDefender 2.4′s trial download (from iedefeneder[DOT]com, no malware was detected when none was present. Does this not seem strange to you? Surely if it was rogue it would detect fake threats or at least false positives? How are they suppost to goad a user into entering financial details if there is nothing there to scare them into doing it?
Furthermore, after installing adware.minibug, it was detected by ‘IEDefender’. Why don’t you try it for yourself?
(If you want to reply -> e-mail removed by admin)
There is a very simple explination to this. The applications are 9 times out of 10 useless. And also 9 times out of 10 not even harmful. It’s how it auto-installs with codecs and other means that causes the damage.
If you test applications like this by just downloading it from the site, you won’t get anywhere. You need to digg deeper and search for the fake codecs that auto-installs it. That’s how these operate.
If you watch video A on a site which happens to need a codec to view, 9 times out of 10 you will download and install, right? Well these applications get auto-installed with fake codecs, namely placed on pr0n sites.
Once a user installs a codec, which we know is fake but the victim doesn’t, you’ll get things popping up. Warnings in the toolbar and eventually the latest rogue’s site pop-up. This is the tactic these organisations use. For a complete computer n00b, this can scare them and eventually make them pay for the application which is entirely useless and without the fake codecs (which are the trojans) wouldn’t even excist as far as the user is concerned.
I know that rogues like this may detect the odd cookie on your system, the odd adware, but other than that it’s useless. Whatever it detects or doesn’t is not to be trusted due to the tactics they use to lure people into purchasing it.
I hope that explains it a bit.
I’ve edited your e-mail out of your comment due to the fact it will only get harvested by spam bots.
Regards, Andy
Didnt know anything about this untill I got caught today. Panicked at first but then reasoned that any genuine threat should have been picked up by my regular anti-virus (apart from this one obviously!) I run Avast.
After several atempts finally removed it by uninstalling the program and then doing a simple system restore. Seems to have worked OK.
I am fully aware of trojan.zlob (otherwise known as Puper and Popuper) installing POPUPS goading the user into downloading IEDefender (as that is different from actually installing it. I am also fully aware of the dynamics of trojan.zlob and don’t need them explained to me :P
However, what I was attempting was to highlight the possibility that trojan.zlob may be marketing the software due to it’s creator’s paying afflites to advertise for them (as they do).
Imagine malware such as W32/Alcan.worm!p2p which connects to legitimate domains in order to gain cash via afflite payments. Or an adclicker trojan e.t.c..
Anyway, in light of the new xiedefender domain, I don’t think I can continue to fight this battle anymore -_-
Thanks for at least humoring me :P
please please help me… this stupid thing keeps popping up everytime i go to something different on IE… oh my… please help…
man and this is a new computer too…
please help… how do i get rid of this?
i just scanned my computer with windows defender (came on my computer) my computer is an windows vista… i need help… how do i keep this from popping up???
but when i scanned my computer on windows defender it says i have no unwanted or harmful software… so how do i rid this ie defender thingy??
PLEASE PLEASE HELP!!!!
-tequayla
Hello,
Removall guide here:
http://forum.securitycadets.com/index.php?showtopic=4749
Forum to seek help by our helpers here:
http://forum.securitycadets.com/index.php?showforum=2
Regards, Andy
okay sorry to bother you again… but now i have another issue.
i’ve seem to put my computer on SAFE MODE its a windows vista… and now i cant figure out how to take it off!!!
please help.
-tequayla
YEEEEESSSS!!!!!!
Thanks guys,(or gals) I’ve been fighting IE.DEFENDER for days. Thought I had run out of places to get info. You are tops!!!!!!!!!!!!
(it’s gone, thanks to you)