Trojan.Downloader.Winfixer.O( WinAntiVirusPro, ErrorSafe, WinAntiVirus, Winantispyware, WinAntiSpy, Systemdoctor )
SYMPTOMS: When you first runt the program a single option message box appears telling you that it will install ErrorSafe anti-virus program as you only have one option it will certainly install the program. TECHNICAL DESCRIPTION:
ErrorSafe has the following strategy: He gets installed either by the user or by some other application like a downloader. Depending on the version installed these files and registry keys will appear in your computer: FOLDER " %DOCUMENTS AND SETTINGS% \Start Menu\Programs\Error Safe Unregistered Version" FILE " %DOCUMENTS AND SETTINGS% \%USER%\Desktop\Error Safe.lnk" FOLDER "%PROGRAM FILES%\Error Safe Free" FILE "%PROGRAM FILES%\Error Safe Free\activate.dat" FILE "%PROGRAM FILES%\Error Safe Free\appupdate.dat" FILE "%PROGRAM FILES%\Error Safe Free\bnlik.dat" FILE "%PROGRAM FILES%\Error Safe Free\DataBase.sav" FILE "%PROGRAM FILES%\Error Safe Free\dcres.sys" FILE "%PROGRAM FILES%\Error Safe Free\emptyERSF.exe" FILE "%PROGRAM FILES%\Error Safe Free\err.log" FILE "%PROGRAM FILES%\Error Safe Free\ERS.exe" FILE "%PROGRAM FILES%\Error Safe Free\ers.url" FILE "%PROGRAM FILES%\Error Safe Free\ESSPChck.dll" FILE "%PROGRAM FILES%\Error Safe Free\flash.ini" FILE "%PROGRAM FILES%\Error Safe Free\FlFxr15.dll" FILE "%PROGRAM FILES%\Error Safe Free\FRec.dll" FILE "%PROGRAM FILES%\Error Safe Free\FWraper.dll" FILE "%PROGRAM FILES%\Error Safe Free\FxCore.dll" FILE "%PROGRAM FILES%\Error Safe Free\InstHelp.exe" FILE "%PROGRAM FILES%\Error Safe Free\lapv.dat" FILE "%PROGRAM FILES%\Error Safe Free\license.rtf" FILE "%PROGRAM FILES%\Error Safe Free\lock.dat" FILE "%PROGRAM FILES%\Error Safe Free\MMFx.dll" FILE "%PROGRAM FILES%\Error Safe Free\Program.sav" FILE "%PROGRAM FILES%\Error Safe Free\pv.dat" FILE "%PROGRAM FILES%\Error Safe Free\sr.log" FILE "%PROGRAM FILES%\Error Safe Free\support.url" FILE "%PROGRAM FILES%\Error Safe Free\trace.log" FILE "%PROGRAM FILES%\Error Safe Free\uerscw.exe" FILE "%PROGRAM FILES%\Error Safe Free\unins000.dat" FILE "%PROGRAM FILES%\Error Safe Free\unins000.exe" FILE "%PROGRAM FILES%\Error Safe Free\up.dat" FILE "%PROGRAM FILES%\Error Safe Free\updater.dat" FILE "%PROGRAM FILES%\Error Safe Free\Updater.exe" FILE "%PROGRAM FILES%\Error Safe Free\wsres.sys" FOLDER "%PROGRAM FILES%\Error Safe Free\Backup" FOLDER "%PROGRAM FILES%\Error Safe Free\Mp3DB" FOLDER "%PROGRAM FILES%\Error Safe Free\MpegDB" FOLDER "%PROGRAM FILES%\Error Safe Free\Repaired" FOLDER "%PROGRAM FILES%\Error Safe Free\Tasks" FOLDER "%PROGRAM FILES%\Error Safe Free\WaveDB" REG_KEY "HKEY_CLASSES_ROOT\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}" REG_KEY "HKEY_CLASSES_ROOT\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}" REG_KEY "HKEY_CLASSES_ROOT\CLSID\{647B8364-79E0-48e2-A4CA-233ABADA0C2D}" REG_KEY "HKEY_CLASSES_ROOT\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}" REG_KEY "HKEY_CLASSES_ROOT\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}" REG_KEY "HKEY_CLASSES_ROOT\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}" REG_KEY "HKEY_CLASSES_ROOT\CLSID\{F63E3B76-F82F-46EB-851C-8C0A221686BB}" REG_KEY "HKEY_CLASSES_ROOT\ESSPChck.ESSPChck.1" REG_KEY "HKEY_CLASSES_ROOT\ESSPChck.ESSPChck" REG_KEY "HKEY_CLASSES_ROOT\FlFxr15.FlFixer15" REG_KEY "HKEY_CLASSES_ROOT\FWraper.FFEnginWraper.1" REG_KEY "HKEY_CLASSES_ROOT\FWraper.FFEnginWraper" REG_KEY "HKEY_CLASSES_ROOT\FxCore.MMFixCore.1" REG_KEY "HKEY_CLASSES_ROOT\FxCore.MMFixCore" REG_KEY "HKEY_CLASSES_ROOT\FxCore.MMFixCore\CurVer" REG_KEY "HKEY_CLASSES_ROOT\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{7F4E63C9-F30C-4424-9BAF-B6896F5F56C4}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040}" REG_KEY "HKEY_CLASSES_ROOT\Interface\{F5AC8B35-5B15-4E8F-8046-43858973B495}" REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine.1" REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine" REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine\CLSID" REG_KEY "HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine\CurVer" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{1B197C22-561F-455F-8511-35B1A45C5C9F}" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{7FA4EC26-6A28-4474-857D-BB05B001C84A}" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{96D58666-8F00-4A9D-9389-C17AAA2407C9}" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{96D58666-8F00-4A9D-9389-C17AAA2407C9}\1.0" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D}" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D}\1.0" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500}" REG_KEY "HKEY_CLASSES_ROOT\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500}\1.0" REG_KEY "HKEY_CURRENT_USER\Software\Error Safe Free" REG_KEY "HKEY_CURRENT_USER\Software\Error Safe Free\Settings" REG_KEY "HKEY_LOCAL_MACHINE\SOFTWARE\Error Safe Free" REG_KEY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1"
Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Mihai Cimpoesu, Virus Researcher |
