My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Downloader.Winfixer.O

LOW
LOW
89808
( WinAntiVirusPro, ErrorSafe, WinAntiVirus, Winantispyware, WinAntiSpy, Systemdoctor)

Symptoms

When you first runt the program a single option message box appears telling you that it will install ErrorSafe anti-virus program as you only have one option it will certainly install the program.
After that a downloader screen will appear which informs you of the progress downloading the application installer.
Popup messages when you start windows and from time to time after that that say you have serious threats that needs fixing and take you to the registration page if you want to fix them and tell you to buy the application if you want it to fix your errors.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Mihai Cimpoesu, Virus Researcher

Technical Description:

 

ErrorSafe has the following strategy: He gets installed either by the user or by some other application like a downloader.
They start scanning the system as soon as you install them and then report to you a series of system critical errors that need fixing and tell you to buy the application if you want it to fix your errors. Even on a clean windows installation these programs report threats and errors.

Depending on the version installed these files and registry keys will appear in your computer:

FOLDER " %DOCUMENTS AND SETTINGS% \Start Menu\Programs\Error Safe Unregistered Version"

FILE " %DOCUMENTS AND SETTINGS% \%USER%\Desktop\Error Safe.lnk"

FOLDER "%PROGRAM FILES%\Error Safe Free"

FILE "%PROGRAM FILES%\Error Safe Free\activate.dat"

FILE "%PROGRAM FILES%\Error Safe Free\appupdate.dat"

FILE "%PROGRAM FILES%\Error Safe Free\bnlik.dat"

FILE "%PROGRAM FILES%\Error Safe Free\DataBase.sav"

FILE "%PROGRAM FILES%\Error Safe Free\dcres.sys"

FILE "%PROGRAM FILES%\Error Safe Free\emptyERSF.exe"

FILE "%PROGRAM FILES%\Error Safe Free\err.log"

FILE "%PROGRAM FILES%\Error Safe Free\ERS.exe"

FILE "%PROGRAM FILES%\Error Safe Free\ers.url"

FILE "%PROGRAM FILES%\Error Safe Free\ESSPChck.dll"

FILE "%PROGRAM FILES%\Error Safe Free\flash.ini"

FILE "%PROGRAM FILES%\Error Safe Free\FlFxr15.dll"

FILE "%PROGRAM FILES%\Error Safe Free\FRec.dll"

FILE "%PROGRAM FILES%\Error Safe Free\FWraper.dll"

FILE "%PROGRAM FILES%\Error Safe Free\FxCore.dll"

FILE "%PROGRAM FILES%\Error Safe Free\InstHelp.exe"

FILE "%PROGRAM FILES%\Error Safe Free\lapv.dat"

FILE "%PROGRAM FILES%\Error Safe Free\license.rtf"

FILE "%PROGRAM FILES%\Error Safe Free\lock.dat"

FILE "%PROGRAM FILES%\Error Safe Free\MMFx.dll"

FILE "%PROGRAM FILES%\Error Safe Free\Program.sav"

FILE "%PROGRAM FILES%\Error Safe Free\pv.dat"

FILE "%PROGRAM FILES%\Error Safe Free\sr.log"

FILE "%PROGRAM FILES%\Error Safe Free\support.url"

FILE "%PROGRAM FILES%\Error Safe Free\trace.log"

FILE "%PROGRAM FILES%\Error Safe Free\uerscw.exe"

FILE "%PROGRAM FILES%\Error Safe Free\unins000.dat"

FILE "%PROGRAM FILES%\Error Safe Free\unins000.exe"

FILE "%PROGRAM FILES%\Error Safe Free\up.dat"

FILE "%PROGRAM FILES%\Error Safe Free\updater.dat"

FILE "%PROGRAM FILES%\Error Safe Free\Updater.exe"

FILE "%PROGRAM FILES%\Error Safe Free\wsres.sys"

FOLDER "%PROGRAM FILES%\Error Safe Free\Backup"

FOLDER "%PROGRAM FILES%\Error Safe Free\Mp3DB"

FOLDER "%PROGRAM FILES%\Error Safe Free\MpegDB"

FOLDER "%PROGRAM FILES%\Error Safe Free\Repaired"

FOLDER "%PROGRAM FILES%\Error Safe Free\Tasks"

FOLDER "%PROGRAM FILES%\Error Safe Free\WaveDB"

REG_KEY "HKEY_CLASSES_ROOT\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}"

REG_KEY "HKEY_CLASSES_ROOT\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}"

REG_KEY "HKEY_CLASSES_ROOT\CLSID\{647B8364-79E0-48e2-A4CA-233ABADA0C2D}"

REG_KEY "HKEY_CLASSES_ROOT\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}"

REG_KEY "HKEY_CLASSES_ROOT\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}"

REG_KEY "HKEY_CLASSES_ROOT\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}"

REG_KEY "HKEY_CLASSES_ROOT\CLSID\{F63E3B76-F82F-46EB-851C-8C0A221686BB}"

REG_KEY "HKEY_CLASSES_ROOT\ESSPChck.ESSPChck.1"

REG_KEY "HKEY_CLASSES_ROOT\ESSPChck.ESSPChck"

REG_KEY "HKEY_CLASSES_ROOT\FlFxr15.FlFixer15"

REG_KEY "HKEY_CLASSES_ROOT\FWraper.FFEnginWraper.1"

REG_KEY "HKEY_CLASSES_ROOT\FWraper.FFEnginWraper"

REG_KEY "HKEY_CLASSES_ROOT\FxCore.MMFixCore.1"

REG_KEY "HKEY_CLASSES_ROOT\FxCore.MMFixCore"

REG_KEY "HKEY_CLASSES_ROOT\FxCore.MMFixCore\CurVer"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{7F4E63C9-F30C-4424-9BAF-B6896F5F56C4}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040}"

REG_KEY "HKEY_CLASSES_ROOT\Interface\{F5AC8B35-5B15-4E8F-8046-43858973B495}"

REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine.1"

REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine"

REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine\CLSID"

REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine\CurVer"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{1B197C22-561F-455F-8511-35B1A45C5C9F}"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{7FA4EC26-6A28-4474-857D-BB05B001C84A}"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{96D58666-8F00-4A9D-9389-C17AAA2407C9}"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{96D58666-8F00-4A9D-9389-C17AAA2407C9}\1.0"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D}"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D}\1.0"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500}"

REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500}\1.0"

REG_KEY "HKEY_CURRENT_USER\Software\Error Safe Free"

REG_KEY "HKEY_CURRENT_USER\Software\Error Safe Free\Settings"

REG_KEY "HKEY_LOCAL_MACHINE\SOFTWARE\Error Safe Free"

REG_KEY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1"