Home / malwarePDF  

Trojan.Downloader.Winfixer.O


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Downloader.Winfixer.O is also known as WinAntiVirusPro, ErrorSafe, WinAntiVirus, Winantispyware, WinAntiSpy, Systemdoctor.

Explanation :

ErrorSafe has the following strategy: He gets installed either by the user or by some other application like a downloader.
They start scanning the system as soon as you install them and then report to you a series of system critical errors that need fixing and tell you to buy the application if you want it to fix your errors. Even on a clean windows installation these programs report threats and errors.

Depending on the version installed these files and registry keys will appear in your computer:

FOLDER " %DOCUMENTS AND SETTINGS% Start MenuProgramsError Safe Unregistered Version"

FILE " %DOCUMENTS AND SETTINGS% \%USER%DesktopError Safe.lnk"

FOLDER "%PROGRAM FILES%Error Safe Free"

FILE "%PROGRAM FILES%Error Safe Freeactivate.dat"

FILE "%PROGRAM FILES%Error Safe Freeappupdate.dat"

FILE "%PROGRAM FILES%Error Safe Freenlik.dat"

FILE "%PROGRAM FILES%Error Safe FreeDataBase.sav"

FILE "%PROGRAM FILES%Error Safe Freedcres.sys"

FILE "%PROGRAM FILES%Error Safe FreeemptyERSF.exe"

FILE "%PROGRAM FILES%Error Safe Freeerr.log"

FILE "%PROGRAM FILES%Error Safe FreeERS.exe"

FILE "%PROGRAM FILES%Error Safe Freeers.url"

FILE "%PROGRAM FILES%Error Safe FreeESSPChck.dll"

FILE "%PROGRAM FILES%Error Safe Freeflash.ini"

FILE "%PROGRAM FILES%Error Safe FreeFlFxr15.dll"

FILE "%PROGRAM FILES%Error Safe FreeFRec.dll"

FILE "%PROGRAM FILES%Error Safe FreeFWraper.dll"

FILE "%PROGRAM FILES%Error Safe FreeFxCore.dll"

FILE "%PROGRAM FILES%Error Safe FreeInstHelp.exe"

FILE "%PROGRAM FILES%Error Safe Freelapv.dat"

FILE "%PROGRAM FILES%Error Safe Freelicense.rtf"

FILE "%PROGRAM FILES%Error Safe Freelock.dat"

FILE "%PROGRAM FILES%Error Safe FreeMMFx.dll"

FILE "%PROGRAM FILES%Error Safe FreeProgram.sav"

FILE "%PROGRAM FILES%Error Safe Freepv.dat"

FILE "%PROGRAM FILES%Error Safe Freesr.log"

FILE "%PROGRAM FILES%Error Safe Freesupport.url"

FILE "%PROGRAM FILES%Error Safe Free race.log"

FILE "%PROGRAM FILES%Error Safe Freeuerscw.exe"

FILE "%PROGRAM FILES%Error Safe Freeunins000.dat"

FILE "%PROGRAM FILES%Error Safe Freeunins000.exe"

FILE "%PROGRAM FILES%Error Safe Freeup.dat"

FILE "%PROGRAM FILES%Error Safe Freeupdater.dat"

FILE "%PROGRAM FILES%Error Safe FreeUpdater.exe"

FILE "%PROGRAM FILES%Error Safe Freewsres.sys"

FOLDER "%PROGRAM FILES%Error Safe FreeBackup"

FOLDER "%PROGRAM FILES%Error Safe FreeMp3DB"

FOLDER "%PROGRAM FILES%Error Safe FreeMpegDB"

FOLDER "%PROGRAM FILES%Error Safe FreeRepaired"

FOLDER "%PROGRAM FILES%Error Safe FreeTasks"

FOLDER "%PROGRAM FILES%Error Safe FreeWaveDB"

REG_KEY "HKEY_CLASSES_ROOTCLSID{06170642-FA65-4FB6-AC79-5F235CB99BC2}"

REG_KEY "HKEY_CLASSES_ROOTCLSID{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}"

REG_KEY "HKEY_CLASSES_ROOTCLSID{647B8364-79E0-48e2-A4CA-233ABADA0C2D}"

REG_KEY "HKEY_CLASSES_ROOTCLSID{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}"

REG_KEY "HKEY_CLASSES_ROOTCLSID{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}"

REG_KEY "HKEY_CLASSES_ROOTCLSID{CCAABCDD-7C16-4215-B12E-150BFB994CF0}"

REG_KEY "HKEY_CLASSES_ROOTCLSID{F63E3B76-F82F-46EB-851C-8C0A221686BB}"

REG_KEY "HKEY_CLASSES_ROOTESSPChck.ESSPChck.1"

REG_KEY "HKEY_CLASSES_ROOTESSPChck.ESSPChck"

REG_KEY "HKEY_CLASSES_ROOTFlFxr15.FlFixer15"

REG_KEY "HKEY_CLASSES_ROOTFWraper.FFEnginWraper.1"

REG_KEY "HKEY_CLASSES_ROOTFWraper.FFEnginWraper"

REG_KEY "HKEY_CLASSES_ROOTFxCore.MMFixCore.1"

REG_KEY "HKEY_CLASSES_ROOTFxCore.MMFixCore"

REG_KEY "HKEY_CLASSES_ROOTFxCore.MMFixCoreCurVer"

REG_KEY "HKEY_CLASSES_ROOTInterface{06170642-FA65-4FB6-AC79-5F235CB99BC2}"

REG_KEY "HKEY_CLASSES_ROOTInterface{489B338E-E4AB-489A-91D4-69970A541CF9}"

REG_KEY "HKEY_CLASSES_ROOTInterface{5EED48AA-F20F-4085-B8F8-57724B7C5B08}"

REG_KEY "HKEY_CLASSES_ROOTInterface{7F4E63C9-F30C-4424-9BAF-B6896F5F56C4}"

REG_KEY "HKEY_CLASSES_ROOTInterface{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}"

REG_KEY "HKEY_CLASSES_ROOTInterface{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}"

REG_KEY "HKEY_CLASSES_ROOTInterface{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}"

REG_KEY "HKEY_CLASSES_ROOTInterface{C7EFDCDE-A181-41D0-A551-16F73B398040}"

REG_KEY "HKEY_CLASSES_ROOTInterface{F5AC8B35-5B15-4E8F-8046-43858973B495}"

REG_KEY "HKEY_CLASSES_ROOTMMFxCtrl.CoFixEngine.1"

REG_KEY "HKEY_CLASSES_ROOTMMFxCtrl.CoFixEngine"

REG_KEY "HKEY_CLASSES_ROOTMMFxCtrl.CoFixEngineCLSID"

REG_KEY "HKEY_CLASSES_ROOTMMFxCtrl.CoFixEngineCurVer"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{1B197C22-561F-455F-8511-35B1A45C5C9F}"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{7FA4EC26-6A28-4474-857D-BB05B001C84A}"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{96D58666-8F00-4A9D-9389-C17AAA2407C9}"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{96D58666-8F00-4A9D-9389-C17AAA2407C9}1.0"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D}"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D}1.0"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{F585CB1F-F17D-4007-A573-B663197EF500}"

REG_KEY "HKEY_CLASSES_ROOTTypeLib{F585CB1F-F17D-4007-A573-B663197EF500}1.0"

REG_KEY "HKEY_CURRENT_USERSoftwareError Safe Free"

REG_KEY "HKEY_CURRENT_USERSoftwareError Safe FreeSettings"

REG_KEY "HKEY_LOCAL_MACHINESOFTWAREError Safe Free"

REG_KEY "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallUERS_is1"

Last update 21 November 2011

 

TOP

Malware :