Advisories
Vulnerability Database
PoC
Viruses
Research Lab

FixTool

18 april, 2009

FixTool


Updated: April 17, 2009 4:09:45 PM
Type: Misleading Application
Name: Fix-Tool
Version: 4.0.10.18
Publisher: www.fix-tool.com
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

SUMMARY

Behavior

FixTool is a misleading application that may give exaggerated reports of errors on the computer.

Protection

  • Initial Rapid Release version April 17, 2009 revision 023
  • Latest Rapid Release version April 17, 2009 revision 023
  • Initial Daily Certified version April 17, 2009 revision 025
  • Latest Daily Certified version April 17, 2009 revision 025
  • Initial Weekly Certified release date April 22, 2009

TECHNICAL DETAILS

Behavior
The program must be manually installed.





The program reports false or exaggerated errors on the computer.




The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following folders:
  • %UserProfile%\Desktop\FixTool
  • %ProgramFiles%\Fix Tool\Backup\Application
  • %ProgramFiles%\Fix Tool\Backup\Registry\FullBackup
  • %ProgramFiles%\Fix Tool\Backup\Service
  • %ProgramFiles%\Fix Tool\Data
  • %ProgramFiles%\Fix Tool\Update


It also creates the following files:
  • %UserProfile%\Desktop\Fix Tool.lnk
  • %UserProfile%\Desktop\Fix-Tool.exe
  • %UserProfile%\Start Menu\Programs\Fix Tool\Fix Tool.lnk
  • %UserProfile%\Start Menu\Programs\Fix Tool\Uninstall.lnk
  • %UserProfile%\Start Menu\Programs\Fix Tool\Website.lnk
  • %ProgramFiles%\Fix Tool\ActiveX.dat
  • %ProgramFiles%\Fix Tool\Apps.dat
  • %ProgramFiles%\Fix Tool\Backup\Registry\FirstBackup\20090417134619.Reg
  • %ProgramFiles%\Fix Tool\Components.dat
  • %ProgramFiles%\Fix Tool\Fix Tool.url
  • %ProgramFiles%\Fix Tool\Fix-Tool.exe
  • %ProgramFiles%\Fix Tool\MFC42D.DLL
  • %ProgramFiles%\Fix Tool\MFCO42D.DLL
  • %ProgramFiles%\Fix Tool\MSVCRTD.DLL
  • %ProgramFiles%\Fix Tool\Res\Alert.png
  • %ProgramFiles%\Fix Tool\Res\Bad.png
  • %ProgramFiles%\Fix Tool\Res\Bad_24x24.png
  • %ProgramFiles%\Fix Tool\Res\Bad_32x32.png
  • %ProgramFiles%\Fix Tool\Res\Check.png
  • %ProgramFiles%\Fix Tool\Res\Data.png
  • %ProgramFiles%\Fix Tool\Res\Disk.png
  • %ProgramFiles%\Fix Tool\Res\DotLine.png
  • %ProgramFiles%\Fix Tool\Res\Error.png
  • %ProgramFiles%\Fix Tool\Res\Frame.png
  • %ProgramFiles%\Fix Tool\Res\Good_24x24.png
  • %ProgramFiles%\Fix Tool\Res\Good_32x32.png
  • %ProgramFiles%\Fix Tool\Res\Home\green.png
  • %ProgramFiles%\Fix Tool\Res\Home\orange.png
  • %ProgramFiles%\Fix Tool\Res\Home\Red.png
  • %ProgramFiles%\Fix Tool\Res\Home\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Home\yellow.png
  • %ProgramFiles%\Fix Tool\Res\Icon\block_activeX.png
  • %ProgramFiles%\Fix Tool\Res\Icon\evidence_clean.png
  • %ProgramFiles%\Fix Tool\Res\Icon\junk_file_clean.png
  • %ProgramFiles%\Fix Tool\Res\Icon\registry_clean.png
  • %ProgramFiles%\Fix Tool\Res\Icon\startup_optimize.png
  • %ProgramFiles%\Fix Tool\Res\Icon\system_optimize.png
  • %ProgramFiles%\Fix Tool\Res\Icon\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Info.png
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_EC_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_FSR_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_FSS_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_FST_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_Home_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_MO_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSO_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSO_Image_Info.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSR_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RSS_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_RST_Image_BG.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\SEM_Top.jpg
  • %ProgramFiles%\Fix Tool\Res\Jpg\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_BackGround.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_BackGround.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Backup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Backup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Backup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Clean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Clean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Clean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_DriveBackup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_DriveBackup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_DriveBackup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_EvidenceClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_EvidenceClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_EvidenceClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_FavoritesBackup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_FavoritesBackup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_FavoritesBackup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Home_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Home_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Home_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_IERepair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_IERepair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_IERepair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_JunkFileClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_JunkFileClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_JunkFileClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_MomeryOptimizer_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_MomeryOptimizer_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_MomeryOptimizer_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_OneClick_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_OneClick_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_OneClick_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Optimize_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Optimize_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Optimize_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Options_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Options_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Options_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegistryClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegistryClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegistryClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegsitryBackup_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegsitryBackup_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_RegsitryBackup_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Repair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Repair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Repair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Results_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Results_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Results_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_Small_BackGround.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SpyClean_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SpyClean_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SpyClean_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_StartupManager_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_StartupManager_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_StartupManager_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemOptimizer_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemOptimizer_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemOptimizer_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRepair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRepair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRepair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRestore_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRestore_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_SystemRestore_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_UninstallManager_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_UninstallManager_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_UninstallManager_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_WindowsRepair_Down.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_WindowsRepair_Normal.png
  • %ProgramFiles%\Fix Tool\Res\Menu\SEM_Button_WindowsRepair_Over.png
  • %ProgramFiles%\Fix Tool\Res\Menu\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Progrss.bmp
  • %ProgramFiles%\Fix Tool\Res\Safe.png
  • %ProgramFiles%\Fix Tool\Res\Sys.png
  • %ProgramFiles%\Fix Tool\Res\Thumbs.db
  • %ProgramFiles%\Fix Tool\Res\Uncheck.png
  • %ProgramFiles%\Fix Tool\SEClean.dll
  • %ProgramFiles%\Fix Tool\SERepair.dll
  • %ProgramFiles%\Fix Tool\SEStyle.dll
  • %ProgramFiles%\Fix Tool\Temp\__clean_disk.bat
  • %ProgramFiles%\Fix Tool\Temp\__repair_components.bat
  • %ProgramFiles%\Fix Tool\Temp\__repair_errors.bat
  • %ProgramFiles%\Fix Tool\Temp\__start_schedule.bat
  • %ProgramFiles%\Fix Tool\uninst.exe
  • %ProgramFiles%\Fix Tool\Update.exe
  • %WindГ¬r%\Tasks\Fix_Tool_OneClick.job


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Fix Tool" = "C:\Program Files\Fix Tool\Fix-Tool.exe"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\.pox
  • HKEY_CLASSES_ROOT\pofile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Fix-Tool.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fix Tool
  • HKEY_LOCAL_MACHINE\SOFTWARE\Miracle

Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities

Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to ...

27 october, 2011

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 24 ...

27 october, 2011

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive ...

27 october, 2011

MS12-007: Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site ...

10 january, 2012

MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0.

10 january, 2012

MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)

This security update resolves a privately reported vulnerability in Microsoft Windows.

10 january, 2012

CVE-2012-1029

SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter.  NOTE: some of these details are obtained from third party information.

National Vulnerability Database 07 february, 2012

CVE-2012-1028

Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter.

National Vulnerability Database 07 february, 2012

CVE-2012-1027

Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed.

National Vulnerability Database 07 february, 2012

CVE-2012-1026

Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

National Vulnerability Database 07 february, 2012

CVE-2012-1025

Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.

National Vulnerability Database 07 february, 2012

CVE-2012-1024

Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

National Vulnerability Database 07 february, 2012

CVE-2012-1023

Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

National Vulnerability Database 07 february, 2012

CVE-2012-1022

SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.

National Vulnerability Database 07 february, 2012

CVE-2012-1021

Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.

National Vulnerability Database 07 february, 2012

CVE-2012-1020

Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter.

National Vulnerability Database 07 february, 2012

CVE-2012-1019

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback.  NOTE: some of these details are obtained from third party information.

National Vulnerability Database 07 february, 2012

CVE-2012-1018

Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.

National Vulnerability Database 07 february, 2012

CVE-2012-1017

Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.

National Vulnerability Database 07 february, 2012

CVE-2012-1011

actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

National Vulnerability Database 07 february, 2012

CVE-2012-1010

Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.

National Vulnerability Database 07 february, 2012
Search
Sun Microsystems

This Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product

This Sun Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product.

14 april, 2010

This Alert Covers CVE-2010-0893 for the Mail Component of the Sun Convergence Product

This Alert covers CVE-2010-0893 for the mail component of the Sun Convergence product.

14 april, 2010

SunOS 5.10_x86: ucode driver patch

6905530 processor microcode code can panic when retrieving microcode revision.

02 february, 2010

Red Hat

[RHSA-2010:1003-01] Moderate: git security update

Red Hat Security Advisory - Moderate: git security update

21 december, 2010

[RHSA-2010:1002-01] Moderate: mod_auth_mysql security update

Red Hat Security Advisory - Moderate: mod_auth_mysql security update

21 december, 2010

[RHSA-2010:1000-01] Important: bind security update

Red Hat Security Advisory - Important: bind security update

20 december, 2010

РоС

MS12-004 midiOutPlayNextPolyEvent Heap Overflow Exploit

Target: Microsoft Windows Media
Impact: Code execution

ActFax Server FTP RETR Remote Buffer Overflow Exploit

Target: ActFax Server 4.27 Build 0223 and previous versions
Impact: Arbitrary commands execution

ActFax Server (LPD/LPR) Remote Buffer Overflow Exploit

Target: ActFax Server 4.27 Build 0223 and previous versions
Impact: Arbitrary commands execution

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap