ErrorSafe

Description:	Adware
Risk Level:	High
Date of First Occurence:	Tuesday, May 13, 2008
Software Developer:	(unknown)
Brief Info:	ErrorSafe is an adware that issue fake warnings on your computer that it is infected with spyware and will convinced the user to purchased the full version.
Removal:	This threat can be removed using "Spyware Terminator"

ENTFERNEN SPYWARE »

Geographical Distribution of Threat "ErrorSafe"

Threat Info

View All

Detected Items

Detected Files: %SYSDIR%\drivers\erssdd.sys MD5: 9C676ECC4D4B6CD31A605378D0E4A621 Size:5120 MD5: 0EACDB03515B1672E4653BFED8FB0EFF Size:5120 MD5: 9C676ECC4D4B6CD31A605378D0E4A621 %SYSDIR%\df_kme.exe MD5: B6D5A68FF1C793DD472D57CEB0A9B8FA Size:30208 MD5: 890EB6DFD524EA68DDB62C8FC74E98E2 Size:30208 MD5: 674680A912613379452D2C86DDE9D44C Size:30208 %SYSDIR%\drivers\ersd.sys MD5: 367B61C6124C795A65DCA63B6ADD95E0 Size:5120 MD5: 79D7B06BF6302264C61A0B50ABC7176F Size:6144 %PROGRAMFILES%\ErrorSafe\ffCom.dll MD5: 816997F45512C450B92A180627898B84 Size:528896 %PROGRAMFILES%\ErrorSafe\compcln.dll MD5: 2F0D279A781FA62607355737F5A92FBE Size:303104 MD5: F30ACC985C717AE72E22BA82A1C5638E Size:278528 MD5: 1EF0ACB9CB294F9DD9C3191BDD9EF2C6 Size:303104 %PROGRAMFILES%\ErrorSafe\StrRes.dll MD5: C0355D1C3BEE537DF7EC7B930E707B58 Size:18432 MD5: C8EB4D595B1F57637D009464E4A4E20A Size:14848 MD5: C177DC9E2FEF0F0A3BB3093811E7E186 Size:14848 MD5: 9F1D0B2C10DE6766C72DA1116BEF32A1 Size:17920 %PROGRAMFILES%\ErrorSafe\MMFix.dll MD5: 9DB6438090145E6B210F9706BA14974D Size:114688 MD5: 4B5E850AFFD7309DBD61B53093DBFD8B Size:114688 MD5: 2327CF18E257F33CC7B5361ECB19172D Size:114688 %PROGRAMFILES%\ErrorSafe\FTRec.dll MD5: 46E5BE63423B4EF54CB215EC1FF9FD6A Size:49152 MD5: 93C6A935964A3E582076029F3D407107 Size:49152 MD5: AE3CD76D14EB7F6EF7ABA327F32E6DC5 Size:49152 %PROGRAMFILES%\ErrorSafe\FixCore.dll MD5: 4A750F6208B584EA370106274D6B92E1 Size:55296 MD5: B05FBD7DD55CA0F045C2EA960922FDA1 Size:55296 MD5: 045AE04A4E46CA90B620F5FB4D37B133 Size:55296 MD5: BC66A93DC675FE55085B0274E39AE92F Size:55296 %PROGRAMFILES%\ErrorSafe\FFWraper.dll MD5: C38F4644B2EB708BAD60869E04B83722 Size:102400 MD5: BEB2B216F8FF2890A8020E623ACDEA4A Size:102400 MD5: BC2C792F7C44432CB6AB8D9E62CC831A Size:102400 MD5: F39B69B52664B3557AA65AA13C574CAE Size:102400 %PROGRAMFILES%\ErrorSafe\df_proxy.dll MD5: 0F075BB9BBCCF9E6FEE6334E9FCEFC1D Size:53248 MD5: 39642791471D527C6D415CF317559F56 Size:53248 MD5: 04652639ADB12DA032B74545492426BE Size:40960 %PROGRAMFILES%\ErrorSafe\df_fixer.dll MD5: F7037C51978548314A31CD24C91A4A99 Size:106496 MD5: A592D7E67323E63DE4833D74D1BF4F94 Size:102400 MD5: B0F2C327186CA78F62040940C465D93A Size:90112 MD5: 7E7E116CF869C108C920A66FF352D5E4 Size:106496 %PROGRAMFILES%\ErrorSafe\unins000.exe MD5: 1B09CDD00B04CC6262355D476AC5863F Size:676743 MD5: B915CA9BC03D5904840A2316BF17B310 Size:77321 MD5: BF15CE70E055955FAFD81A18EC1C0771 Size:77257 MD5: D5089F6648E50B1B6BC99B1FDC543C16 Size:675204 %PROGRAMFILES%\ErrorSafe\sr.exe MD5: 3A72943DA6385089A9B92AA93251009C Size:45056 MD5: E4C595CB206E62B4552D9A5FB5CB4A58 Size:45056 MD5: 771D6051272953CAC70B7B397724B411 Size:45056 %PROGRAMFILES%\ErrorSafe\Install.exe MD5: A001DA819C55613905BA15BA6C1D1C81 Size:40960 MD5: 6AD8F51C374FD083185BC68F174C178B Size:40960 MD5: BA12C05FC8CDECF91FBAF1D51D56F294 Size:40960 %PROGRAMFILES%\ErrorSafe\ERS.EXE MD5: 0C3A80613BF9B0FD360221385CFDD24E Size:1417216 %PROGRAMFILES%\ErrorSafe\FlFxr5.dll MD5: 9BB80291A5929D98FDF7DF22EB6EE2AF Size:529408 %PROGRAMFILES%\ErrorSafe\ESSPCheck.dll MD5: E5F5CE819D2E9CAC506A14362D257119 Size:33792 %PROGRAMFILES%\ErrorSafe\ecc.dll MD5: 9CB4EA4A295D93785C75FFD032BF5FD0 Size:303104 %PROGRAMFILES%\ErrorSafe\ERS.exe MD5: BB7B0D0333D547B683682571F664A53D Size:1376256 %PROGRAMFILES%\ErrorSafe\df_kmd.sys MD5: 68E92A6A4130F313D326F25D94532A5F Size:6144 %PROGRAMFILES%\ERRORSAFE\ERS.EXE MD5: 4C79A266C8193AB9B96D5519D4F0E736 Size:1376256
Detected Files with variable Filenames:

Detecting items list:

Files by Name %DESKTOP%\ErrorSafe.lnk %START_PROGRAMSALL%\ErrorSafe\Contact customer support.lnk %START_PROGRAMSALL%\ErrorSafe\Uninstall ErrorSafe.lnk %START_PROGRAMSALL%\ErrorSafe\ErrorSafe.lnk %START_PROGRAMSALL%\ErrorSafe\ErrorSafe on the Web.lnk %ProgramFiles%\ErrorSafe\ERS.EXE %ProgramFiles%\ErrorSafe\Install.exe %ProgramFiles%\ErrorSafe\sr.exe %ProgramFiles%\ErrorSafe\unins000.exe %ProgramFiles%\ErrorSafe\sr.exe %ProgramFiles%\ErrorSafe\df_fixer.dll %ProgramFiles%\ErrorSafe\df_proxy.dll %ProgramFiles%\ErrorSafe\ecc.dll %ProgramFiles%\ErrorSafe\esSPCheck.dll %ProgramFiles%\ErrorSafe\FFWraper.dll %ProgramFiles%\ErrorSafe\FixCore.dll %ProgramFiles%\ErrorSafe\FiFxr5.dll %ProgramFiles%\ErrorSafe\FTRec.dll %ProgramFiles%\ErrorSafe\MMFix.dll %ProgramFiles%\ErrorSafe\StrRes.dll %ProgramFiles%\ErrorSafe\flash.ini %ProgramFiles%\ErrorSafe\Activate.dat %ProgramFiles%\ErrorSafe\bnlink.dat %ProgramFiles%\ErrorSafe\lapv.dat %ProgramFiles%\ErrorSafe\lock.dat %ProgramFiles%\ErrorSafe\pv.dat %ProgramFiles%\ErrorSafe\unins000.dat %ProgramFiles%\ErrorSafe\Template.dbx %ProgramFiles%\ErrorSafe\ers.url %ProgramFiles%\ErrorSafe\support.rul %ProgramFiles%\ErrorSafe\DataBase.sav %ProgramFiles%\ErrorSafe\Program.sav %ProgramFiles%\ErrorSafe\ersd.sys %ProgramFiles%\ErrorSafe\erssdd.sys %sysdir%\drivers\ersd.sys %sysdir%\drivers\erssdd.sys %sysdir%\df_kme.exe
Files by Directories %ProgramFiles%\ErrorSafe %START_PROGRAMSALL%\ErrorSafe
Files by CLSID or Name CLSID=06170642-fa65-4fb6-ac79-5f235cb99bc2 CLSID=489b338e-e4ab-489a-91d4-69970a541cf9 CLSID=b0f4bc0f-eaea-43b5-8ce6-dad3cc9b29a2 CLSID=5eed48aa-f20f-4085-b8f8-57724b7c5b08 CLSID=ae4026cc-b7ba-48e8-8fb3-2c35099670a1 CLSID=c7efdcde-a181-41d0-a551-16f73b398040 CLSID=0BA379C6-0EFD-4a28-932C-D20469052FD9 CLSID=0BC09FC7-473D-4f9c-B49B-F4E3E244B47A CLSID=196C80CB-20A7-4cf9-9C98-9322FB1E35FB CLSID=356AF2E9-8874-4c60-A3D8-0CB516C9E747 CLSID=5284AC2A-EF00-4750-9B82-B5B907D26536 CLSID=E73E3959-FB15-44d7-ACB9-3A75377006FC
Registry Keys HKLM\SOFTWARE\Classes\ESCompCleanCore.ESAppCleaner HKLM\SOFTWARE\Classes\ESCompCleanCore.ESAppCleaner.1 HKLM\SOFTWARE\Classes\ESCompCleanCore.ESCCQuickScan HKLM\SOFTWARE\Classes\ESCompCleanCore.ESCCQuickScan.1 HKLM\SOFTWARE\Classes\ESCompCleanCore.ESFileCleaner HKLM\SOFTWARE\Classes\ESCompCleanCore.ESFileCleaner.1 HKLM\SOFTWARE\Classes\ESCompCleanCore.ESInetCleaner HKLM\SOFTWARE\Classes\ESCompCleanCore.ESInetCleaner.1 HKLM\SOFTWARE\Classes\ESCompCleanCore.ESRegCleaner HKLM\SOFTWARE\Classes\ESCompCleanCore.ESRegCleaner.1 HKLM\SOFTWARE\Classes\ESCompCleanCore.ESSystemCleaner HKLM\SOFTWARE\Classes\ESCompCleanCore.ESSystemCleaner.1 HKLM\SOFTWARE\Classes\ESdf_fixer.ESFixer HKLM\SOFTWARE\Classes\ESdf_fixer.ESFixer.1 HKLM\SOFTWARE\Classes\ESdf_proxy.ESDriverManipulate HKLM\SOFTWARE\Classes\ESdf_proxy.ESDriverManipulate.1 HKLM\SOFTWARE\Classes\ESFFWraper.ESFFEnginWraper HKLM\SOFTWARE\Classes\ESFFWraper.ESFFEnginWraper.1 HKLM\SOFTWARE\Classes\ESFixCore.ESMMFixCore HKLM\SOFTWARE\Classes\ESFixCore.ESMMFixCore.1 HKLM\SOFTWARE\Classes\ESMMFixCtrl.ESCoFixEngine HKLM\SOFTWARE\Classes\ESMMFixCtrl.ESCoFixEngine.1 HKLM\SOFTWARE\Classes\ESSPCheck.ESSPCheck HKLM\SOFTWARE\Classes\ESSPCheck.ESSPCheck.1 HKLM\SOFTWARE\Classes\FlFxr5.FlFixer5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1 HKLM\SOFTWARE\ErrorSafe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\erssdd.sys HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\erssdd.sys HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD HKLM\SYSTEM\CurrentControlSet\Services\ersd HKLM\SYSTEM\CurrentControlSet\Services\erssdd HKCU\Software\ErrorSafe
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=ErrorSafe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ValueName=%ProgramFiles%\ErrorSafe\esPCheck.dll

« Go to Software Database

Suchen Sie unsere Software Datenbank

Surfen Sie die Software Datenbank

Neueste Malware Nachrichten

23. September 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Ältere Malware Nachrichten »