Filefix Professional 2009

Ever heard of Filefix professional?

Loads an icon in the system tray temporarily which looks like the windows security alerts, goes away and keeps appearing every 2/3 minutes

Asks you to click to fix corrupted files.

Seems to corrupt header files in pdf’s, jpegs, .doc etc when you click on the relevant preview or link.

The system tray icon links to a website which has recently been set up in Moldova (whois). Asks you to pay about 79 dollars to fix the problems. Website looks very professional.

Any Ideas??

Thanks

Welcome to Dev Shed.

I've never heard of it, and frankly can't really find anything relevant about it... I would run through the Sticky from the Antivirus forum and see if you have any infections... possibly see if you get rid of it from one of the steps from the sticky.

Thanks hiker.

Tried everything suggested in the sticky, and no joy. I'm going to keep trying various other scanners to see if anything else crops up, meanwhile I'll sort the logs out and post to see if there's anything you can spot.

Thanks.

Hi guys

These 2 for now, others to follow. Any thoughts?




Malwarebytes' Anti-Malware 1.34
Database version: 1825
Windows 5.1.2600 Service Pack 3

07/03/2009 15:45:59
mbam-log-2009-03-07 (15-45-59).txt

Scan type: Quick Scan
Objects scanned: 67814
Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of HijackThis v1.99.1
Scan saved at 15:19:08, on 07/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
C:\Program Files\Bonjour\mDNSResponder.exe
N:\Diskeeper pro\DkService.exe
C:\WINDOWS\system32\mrfshl.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\mfsyncsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\IoctlSvc.exe
N:\Proshow producer\ScsiAccess.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Internet Explorer\iexplore.exe
N:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Roger\Desktop\dap\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start R1 - HKLM\Software\Microsoft\Internet R1 - HKLM\Software\Microsoft\Internet R1 - R0 - R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [MirrorFolderShell] C:\WINDOWS\system32\mrfshl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "N:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System Updater Machine ] syx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Clean Traces - N:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - N:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - N:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://N:\Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - N:\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} (M6 - VA Launcher) -
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll C:\WINDOWS\system32\fpfstb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - N:\Diskeeper pro\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MirrorFolder Auto-synchronization Service (mfsyncsv) - Techsoft Pvt. Ltd. - C:\WINDOWS\system32\mfsyncsv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - N:\Proshow producer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)

I have the exact same issue. A pop box appears in my system tray telling me that my Office and Picture files are corrupted and that I should downloand and pay $80 to get them fixed. I have ran every spyware program I know and I can't get rid of it, I have done AdAware, Spybot, Malware Bytes, Super AntiSpyware, CC Cleaner, etc. I no longer have a hijacked browser. My problem is that my files really are corrupted and I can not even open office or jpeg e-mail attachments. Anyone have any clue on this. I have searched the web and this is the only site where I have found another user with this issue. Please help!!

Hello All,
I'm new to this forum and unfortunately I found you while searching for a cure to this Filefix virus. I've got it too. I'm running Windows XP and the first thing it did was wipe out my Restore points and disabled the Restore feature entirely. It's also messing with the McAfee antivirus program by disabling all the images associated with it. I've got WinPatrol installed and I think that is stopping this virus from spreading but nothing I've tried will get rid of it. WinPatrol is constantly alerting me to new start ups, but when I disable them, they start right back up. Any suggestions, please????
Thanks,
Doug

It's now crashing my computer every 10 minutes and the pop ups are becoming more frequent....

I have also joined this great looking forum after doing a search for this problem. Description is exactly as described above and I have tried the same types of remedy but it is not working. Hoping someone can shed some light soon. Thanks

Please! All my school work is corrupted!!
I don't know where this virus came from but I can't access a very important graduation repot! It also crashes my computer and brings me to the blue screen of death.
I've never had a virus this bad

Ive got the same virus, its bringing up the blue screen of death and is trying to get me to install a filefix.exe. Please someone help this is not looking good.

I used a fleet of antivirus and couldn't get rid of it. Didn't see it in the processes either. Thread maker said Russian. Yikes. Had to reformat my drive. Was bogging my ish down like mcafee used too. It was also popping up in safe mode. Must be some new threat. This is the only post I could find about it. It wouldn't let me view thumbnails, i don't think it's actually is corrupting files, so back them up.

Touche' to the bored evil prick that made it.

I don't have a fix. I've done the same thing. Ran through the usual round of updating antivirus, spyware, antimalware. All my word docs are jacked and still have the message popping up on the taskbar. I hope someone finds a fix. None of the major antivirus sites have any postings about this one.... My main concern at this point is recovering my DOCS. I can reload the software. But my wifes 4 year old Baby Journal is going to get me shot if I can't recover it.

I have the same issue.

My guess is that this virus encrypts
files in your My Documents folder.
The software will probably decrypt them.

So they screw up your files and then try to milk you for $80.
This the only forum that's talking about this.

Lets try to spread the word...

The main file that comes up is: "cp8thyxlhr.exe". It's self propagating and no matter what I use to kill the file, it reappears immediately. Even the "Delete On Reboot" option has no effect. There are also 2 other files that pop up, but WinPatrol does not have a name or any other information on them. If you get it don't click on any picture or document files. I think it only affects the files in "My Documents" initially but then seems to spread further only if you click on additional files.
This thing SUCKS. It disabled "Windows Restore", won't let me update "McAfee" and crashes my computer every time I try to run a scan. Has anyone found out anything on this, PLEASE???????

I am SO glad I found this forum. This seems to be the only place I can find any info on this virus/malware/whatever it is.

I caught the 'bug' last night with the same symptoms. Blue screens, popup that brings me to 'filefix professional 2009,' corrupted data in My Documents.

I brought my computer to a friend who has been in the computer security business for 15 years....he ran Malwarebytes and it couldn't find anything. After looking through my registry, he said this was one of the most sophisticated malware programs he's seen in a while.

If anyone finds out ANYTHING post it here. I'll do the same. But we gotta figure out a way to beat this (or at least recover our documents).

Good luck.

I agree. This one is bad. Not only for how it corrupts your office docs, but the way it can get through all antivirus and malware programs undetected.