Attached below is a copy of IEdefender (hxxp://www.iedefender.com/) a new rogue software. I tried running it sandboxed but was unable to get it to run fully. I emailed it to kaspersky and they said it was clean... however I also sent it to Avira (antivir) and they concluded malware.

There is one topic currently in the Hijack this forum where this person is getting constant security popups saying he is infected and to download iedefender:
/t206255-HijackThis_log.html

a quick search on castlecops indicated that iedefender has just been added to the definitions for Ad-Aware SE and Trojan Hunter. virustotal results are clean except for VBA which is flagging it as:
suspected of Backdoor.Delf.180 (paranoid heuristics)

below find the results of Avira's investigation:


Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC000934XX.

A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
2229432 ieDefender-setup.exe 2.46 MB CLEAN
2230594 iedefender.exe 1.31 MB MALWARE


Please find a detailed report concerning each individual sample below:
Filename Result
ieDefender-setup.exe CLEAN

The file 'ieDefender-setup.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

Filename Result
iedefender.exe MALWARE

The file 'iedefender.exe' has been determined to be 'MALWARE'. Our analysts named the threat SPR/Fake.IEDefender. The term "SPR/" ("Security or Privacy Risk") denotes a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy.Detection will be added to our virus definition file (VDF) with one of the next updates.



So with all of this I would conclude that is it malware. Please add it to the listserv.

Kaspersky have confirmed that this is malware, I've added the file to the malware listserv.

/p1015767-MD5_7a974fed8ffba2b4c36291a75f5f00c0_ieDefender_exe.html

@ iedefender

Answer this directly .

If you are legit then why does malware advertise your software ?

And what of this site : http://85.255.121.126/scan/ .

Why do several other rogue scam scan sites look and function exactly like this ? Malware alarm and spy shredder have the exact same animated gif fake scans .

You are a liar and I can prove it . One of the sites on your server is exactly where the fake codec is that installs the trojan that advertises your scam software . Here are the three sites on your server :

Iedefender.com <- rogue software
Youlikehere.com <- installs the trojan that advertises your rogue
Ixworldpay.com <- likely your next scam

It is to damn bad that we have made it harder to scam people . Create legit software and this won't happen .

I never said your program was malware, I said it was a rogue and that part of it was detected as malware ..... lemme give you a helping hand as you obviously missed it;

/p1016957-iedefender.html#1016957

Additionally, PrevX detects your program as;

Heuristic: Suspicious File With Covert Attributes

.. and we already know about Kaspersky detecting it .... but VBA32 detects it as;

suspected of Backdoor.Delf.180 (paranoid heuristics)

.. and WebWasher detects it as;

Riskware.Fake.IEDefender

Might wanna do a little research before you claim otherwise

.... and the screenshots shows your program detecting two legit file's as malware (on a clean machine by the way). The malicious versions of those file's aren't on the machine, nor have they ever been

But worse still .... failing to detect ANY of the malware I've got in a dedicated research folder.

As for it's deleting anything, not gonna happen if you gotta pay for that now is it?