Advisories
Vulnerability Database
PoC
Viruses
Research Lab

FixTool

18 april, 2009

FixTool


Updated: April 17, 2009 4:09:45 PM
Type: Misleading Application
Name: Fix-Tool
Version: 4.0.10.18
Publisher: www.fix-tool.com
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

SUMMARY

Behavior

FixTool is a misleading application that may give exaggerated reports of errors on the computer.

Protection

  • Initial Rapid Release version April 17, 2009 revision 023
  • Latest Rapid Release version April 17, 2009 revision 023
  • Initial Daily Certified version April 17, 2009 revision 025
  • Latest Daily Certified version April 17, 2009 revision 025
  • Initial Weekly Certified release date April 22, 2009

TECHNICAL DETAILS

Behavior
The program must be manually installed.





The program reports false or exaggerated errors on the computer.




The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following folders:
  • %UserProfile%\Desktop\FixTool
  • %ProgramFiles%\Fix Tool\Backup\Application
  • %ProgramFiles%\Fix Tool\Backup\Registry\FullBackup
  • %ProgramFiles%\Fix Tool\Backup\Service
  • %ProgramFiles%\Fix Tool\Data
  • %ProgramFiles%\Fix Tool\Update


It also creates the following files:
  • %UserProfile%\Desktop\Fix Tool.lnk
  • %UserProfile%\Desktop\Fix-Tool.exe
  • %UserProfile%\Start Menu\Programs\Fix Tool\Fix Tool.lnk
  • %UserProfile%\Start Menu\Programs\Fix Tool\Uninstall.lnk
  • %UserProfile%\Start Menu\Programs\Fix Tool\Website.lnk
  • %ProgramFiles%\Fix Tool\ActiveX.dat
  • %ProgramFiles%\Fix Tool\Apps.dat
  • %ProgramFiles%\Fix Tool\Backup\Registry\FirstBackup\20090417134619.Reg
  • %ProgramFiles%\Fix Tool\Components.dat
  • %ProgramFiles%\Fix Tool\Fix Tool.url
  • %ProgramFiles%\Fix Tool\Fix-Tool.exe
  • %ProgramFiles%\Fix Tool\MFC42D.DLL
  • %ProgramFiles%\Fix Tool\MFCO42D.DLL
  • %ProgramFiles%\Fix Tool\MSVCRTD.DLL
  • %ProgramFiles%\Fix Tool\Res\Alert.png
  • %ProgramFiles%\Fix Tool\Res\Bad.png
  • %ProgramFiles%\Fix Tool\Res\Bad_24x24.png
  • %ProgramFiles%\Fix Tool\Res\Bad_32x32.png
  • %ProgramFiles%\Fix Tool\Res\Check.png
  • %ProgramFiles%\Fix Tool\Res\Data.png
  • %ProgramFiles%\Fix Tool\Res\Disk.png
  • %ProgramFiles%\Fix Tool\Res\DotLine.png
  • %ProgramFiles%\Fix Tool\Res\Error.png
  • %ProgramFiles%\Fix Tool\Res\Frame.png
  • %ProgramFiles%\Fix Tool\Res\Good_24x24.png
  • %ProgramFiles%\Fix Tool\Res\Good_32x32.png
  • %ProgramFiles%\Fix Tool\Res\Home\green.png
  • %ProgramFiles%\Fix Tool\Res\Home\orange.png
  • %ProgramFiles%\Fix Tool\Res\Home\Red.png
  • %ProgramFiles%\Fix Tool\Res\Home\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Home\yellow.png
  • %ProgramFiles%\Fix Tool\Res\Icon\block_activeX.png
  • %ProgramFiles%\Fix Tool\Res\Icon\evidence_clean.png
  • %ProgramFiles%\Fix Tool\Res\Icon\junk_file_clean.png
  • %ProgramFiles%\Fix Tool\Res\Icon\registry_clean.png
  • %ProgramFiles%\Fix Tool\Res\Icon\startup_optimize.png
  • %ProgramFiles%\Fix Tool\Res\Icon\system_optimize.png
  • %ProgramFiles%\Fix Tool\Res\Icon\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Info.png
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_EC_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_FSR_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_FSS_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_FST_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_Home_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_MO_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSO_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSO_Image_Info.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSR_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSS_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RST_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_Top.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_BackGround.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_BackGround.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Backup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Backup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Backup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Clean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Clean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Clean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_DriveBackup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_DriveBackup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_DriveBackup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_EvidenceClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_EvidenceClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_EvidenceClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_FavoritesBackup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_FavoritesBackup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_FavoritesBackup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Home_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Home_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Home_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_IERepair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_IERepair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_IERepair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_JunkFileClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_JunkFileClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_JunkFileClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_MomeryOptimizer_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_MomeryOptimizer_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_MomeryOptimizer_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_OneClick_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_OneClick_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_OneClick_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Optimize_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Optimize_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Optimize_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Options_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Options_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Options_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegistryClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegistryClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegistryClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegsitryBackup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegsitryBackup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegsitryBackup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Repair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Repair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Repair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Results_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Results_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Results_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Small_BackGround.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SpyClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SpyClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SpyClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_StartupManager_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_StartupManager_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_StartupManager_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemOptimizer_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemOptimizer_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemOptimizer_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRepair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRepair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRepair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRestore_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRestore_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRestore_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_UninstallManager_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_UninstallManager_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_UninstallManager_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_WindowsRepair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_WindowsRepair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_WindowsRepair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Progrss.bmp
  • %ProgramFiles%\Fix Tool\Res\Safe.png
  • %ProgramFiles%\Fix Tool\Res\Sys.png
  • %ProgramFiles%\Fix Tool\Res\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Uncheck.png
  • %ProgramFiles%\Fix Tool\SEClean.dll
  • %ProgramFiles%\Fix Tool\SERepair.dll
  • %ProgramFiles%\Fix Tool\SEStyle.dll
  • %ProgramFiles%\Fix Tool\Temp\__clean_disk.bat
  • %ProgramFiles%\Fix Tool\Temp\__repair_components.bat
  • %ProgramFiles%\Fix Tool\Temp\__repair_errors.bat
  • %ProgramFiles%\Fix Tool\Temp\__start_schedule.bat
  • %ProgramFiles%\Fix Tool\uninst.exe
  • %ProgramFiles%\Fix Tool\Update.exe
  • %WindГ¬r%\Tasks\Fix_Tool_OneClick.job


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Fix Tool" = "C:\Program Files\Fix Tool\Fix-Tool.exe"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\.pox
  • HKEY_CLASSES_ROOT\pofile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Fix-Tool.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fix Tool
  • HKEY_LOCAL_MACHINE\SOFTWARE\Miracle

Cisco Security Advisory: CDS Internet Streamer: Web Server Directory Traversal Vulnerability

The Cisco Internet Streamer application contains a directory traversal vulnerability on its web serv ...

26 july, 2010

Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability

Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases ...

09 july, 2010

Cisco Security Advisory: Multiple vulnerabilitiesin Cisco PGW Softswitch

Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products.

13 may, 2010

MS10-045: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

The vulnerability could allow remote code execution if a user opened an attachment in a specially c ...

13 july, 2010

MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

This security update resolves two privately reported vulnerabilities in Microsoft Office Access Acti ...

13 july, 2010

MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)

This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver  ...

13 july, 2010

CVE-2010-2912

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.

National Vulnerability Database 28 july, 2010

CVE-2010-2911

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

National Vulnerability Database 28 july, 2010

CVE-2010-2910

SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2909

SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2908

SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2907

SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.

National Vulnerability Database 28 july, 2010

CVE-2010-2906

SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.

National Vulnerability Database 28 july, 2010

CVE-2010-2905

SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

National Vulnerability Database 28 july, 2010

CVE-2010-2904

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

National Vulnerability Database 28 july, 2010

CVE-2010-2903

Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2902

The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2901

The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2900

Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2899

Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.

National Vulnerability Database 28 july, 2010

CVE-2010-2898

Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.

National Vulnerability Database 28 july, 2010
Search
Sun Microsystems

This Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product

This Sun Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product.

14 april, 2010

This Alert Covers CVE-2010-0893 for the Mail Component of the Sun Convergence Product

This Alert covers CVE-2010-0893 for the mail component of the Sun Convergence product.

14 april, 2010

SunOS 5.10_x86: ucode driver patch

6905530 processor microcode code can panic when retrieving microcode revision.

02 february, 2010

Red Hat

[RHSA-2010:0567-01] Moderate: lvm2-cluster security update

Red Hat Security Advisory - Moderate: lvm2-cluster security update

28 july, 2010

[RHSA-2010:0565-01] Moderate: w3m security update

Red Hat Security Advisory - Moderate: w3m security update

27 july, 2010

[RHSA-2010:0558-01] Critical: firefox security update

Red Hat Security Advisory - Critical: firefox security update

24 july, 2010

РоС

Apache Tomcat < 6.0.18 UTF8 Directory Traversal PoC

Target: Apache Tomcat версии до 6.0.18
Impact: Information disclosure

Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 Local Privilege Escalation PoC

Target: Zemana AntiLogger AntiLog32.sys 1.5.2.755 and previous versions
Impact: Priviledge escalation

Mediacoder v0.7.3.4682 (.m3u) File Universal Buffer Overflow Exploit

Target: Mediacoder 0.7.3.4682
Impact: Code execution

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap