Tuesday, February 5, 2008

IECodec - new fake malware installer. IECodec removal tool and instructions

IECodec (BHO.IECodec) is a new fake codec that will try to install rogue anti-spyware programs, such as AntiVirusPro. It generates false positives and security warnings to trick users into downloading (and then buying) fake remedies. We recomend to remove IECodec using Spyware Doctor antispyware with free scan.

BHO.IE Codec screenshots:

Fake spyware detection report
Fake spyware detection warning / wallpaper hijack
Fake codec error
Internet Explorer hijacked by IECodec
Screenshots from http://siri-urz.blogspot.com/

IECodec automatical removal instructions:

IECodec manual removal guide:
Remove IECodec files:
vscodecsetup.exe iecodec.dll uninst.exe %program_files%\iecodec\iecodec.dll %program_files%\iecodec\uninst.exe %program_files%\iecodec\iecodec.dll vscodecsetup.exe %program_files%\iecodec\uninst.exe

Remove IECodec registry entires:

HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6} HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\proxystubclsid HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\proxystubclsid32 HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\typelib HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\typelib version HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17} HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\0 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\flags HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\helpdir HKEY_CURRENT_USER\software\classes\appid\{9f264a67-6126-451a-8d14-d6ee64364cd0} HKEY_CURRENT_USER\software\classes\appid\iecodec.dll HKEY_CURRENT_USER\software\classes\appid\iecodec.dll appid HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3} HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\inprocserver32 HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\inprocserver32 threadingmodel HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\progid HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\programmable HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\typelib HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\versionindependentprogid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho.1 HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho.1\clsid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho\clsid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho\curver HKEY_LOCAL_MACHINE\software\iecodec HKEY_LOCAL_MACHINE\software\iecodec\iecodec HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4507c219-24aa-4813-9561-a2003f9920c3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4507c219-24aa-4813-9561-a2003f9920c3} noexplorer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec displayname HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec uninstallstring
at 10:54 AM Posted by Roman
Tags: , , ,

No comments:

Post a Comment