IE Defender

IE Defender Description

ScreenshotIE Defender is classified as a rogue anti-spyware application because of its misleading and aggressive advertising practices. IE Defender creators and their marketing affiliates propagate and install IE Defender's rogue anti-spyware application through a download that is bundled with a Trojan generated by a Browser Helper object (BHO). Most of these Trojan bundled downloads circulate in web sites that offer a "video codec" to view free adult entertainment videos.

Once your computer gets infected with the Trojan, it will start showing up an annoying pop-up message: "NOTICE: Your system is infected and your computer performance is not at the highest level. Full system optimization will greatly increase your computer's performance and prevent data loss". Do NOT click on this fake error message because it will redirect your IE to IE Defender's website where you will be forced to download IE Defender's anti-spyware application.

Moreover, the Trojan, which has come bundled from either IE Defender and/or their affiliates, hijacks your search engines (such as Google, Yahoo and MSN) and displays a fake warning message within your search results claiming that your computer is in serious danger because of hazardous parasites in your system. This is the manner how they attempt to trick the users into purchasing IE Defender full commercial version. Again, do NOT click on this fake error message because it will direct you IE Defender's homepage where you will be offered to purchase IE Defender's application.

Aliases: Rootkit.Podnuha.CL, TROJ_AGENT.AJH [TrendMicro], Trojan/Podnuha.bhw, Trojan Horse [Symantec], Rootkit.Win32.Podnuha.bhw [Sunbelt], Mal/BHO-Fam [Sophos], AdWare.Win32.Agent.cmo, Medium Risk Malware [Prevx1], Rootkit.Podnuha!sd6, Trj/Downloader.MDW [Panda], Trojan/W32.Rootkit.94720, W32/Rootkit.TPH, Win32/Rootkit.Podnuha.BHW [NOD32], Trojan:Win32/Boaxxe.H [Microsoft] and Trojan.BHO.Gen [McAfee-GW-Edition].

Technical Information

Screenshots & Other Imagery

IE Defender Image 1 IE Defender Image 2

File System Details

IE Defender creates the following file(s):
# File Name Size MD5 Detection Count
1 ASKPBAR.DLL 241,664 a483d19ac62c92525d73542d14e36d04 10
2 ssqro.dll 328,288 42921295d6480d1406bbb905e727e0b5 0
3 ldqzxhsj.dll 165,472 7d82a04bf997449864057f278ef329ef 0
4 vtutt.dll 331,776 f8977192b6998354b97cb04aa03ffe72 0
5 nsz379.dll 76,800 41727d3eeec276217333ef6737d6bb9b 0
6 rqrqomn.dll 37,376 cf60c8f84b40bbae06cb9fa0f4a51912 0
7 crypt32d.dll 84,992 b9c228372922f8901791e9c11274d5c7 0
8 byvsr.dll 328,288 b9631b35cc20e7c501f9592e9a75d40b 0
9 pdswin.dll 224,256 cf66c22c4a4992094a5e1be3d7cbc0fb 0
10 nsaA7.dll 139,264 dedd376c1f4d3876609c3ad02c7d9ba9 0
11 ddccy.dll 316,512 ca4f88b58b55e7189676fcd14b377362 0
12 wiecjprp.dll 80,448 ea02823961226a2bbfbf883dad98e1fe 0
13 pdnmcqhd.dll 80,448 d663c72bfee4337e597ebd4da1aa84ef 0
14 isfmdl.dll 13,312 e45a9594fbe3b5402c9151e4117f9d34 0
15 adspipe.dll 188,416 064b3b95808c2270d149126402edd78e 0
16 vturp.dll 324,608 48af4b706721b7bfc3f251c547e0ab15 0
17 cbxwwvu.dll 38,912 c269e79dd1ef978b39e98b096128e060 0
18 wvurqpp.dll 40,448 1b4e81943d0c8b6a87b9db81cfd8bb3d 0
19 version69ie7fix.dll 1,667,237 856af0f795d6ec7b3ec91d52250e4bdb 0
20 ttvbonvgl.dll 286,720 7e555db5abc10ada062ab6d2aa1db783 0
21 fkxlgaeu.dll 80,448 869afbf77259a551f12d7e7b374bf562 0
22 websrc32.dll 240,128 ced44819f4c99a21c4a64a80aee4ad4a 0
23 IntelVideo.dll 245,760 327e40b3ed4d28b6ee765fae9c6622af 0
24 mwgvsu.dll 60,928 396955766b2e512bc3545a24bc485dbe 0
25 a3gpcodec.dll 247,296 d02194a30b6316498631a1350280f1ce 0
26 XunLeiBHO_Now.dll 248,320 29c3bffe619b600215def6631cd7f25c 0
27 dx50codec.dll 248,832 1ee34dfe18c9e6a572ea35b908c89e64 0
28 ieDefender-setup[2].exe 2,743,590 ce7b1332dc2bfb7c24bfadf9c55faf74 0
29 ieDefender[1].exe 2,582,694 7a974fed8ffba2b4c36291a75f5f00c0 0
More files

Registry Details

IE Defender creates the following registry entry or registry entries:
File name without path
ASKPBAR.DLL
IntelVideo.dll
CLSID
{F4D76F01-7896-458a-890F-E1F05C46069F}

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.