How to remove Trojan.Win32.LinkReplacer, and "System Error!" warnings.

Trojan.Win32.LinkReplacer System Error! popup:

Trojan.Win32.LinkReplacer has a new trick, it's being installed by a warning to update Macromedia Flash Player. Usually after clicking a link to watch a video:


If you click to Continue, it will serve relentless popups advertising for IEDefender.


If you have install IEDefender, you may have notice it doesn't easily go away, and has its own annoying warnings. These instructions should remove that as well. The motive of the infection is to get you to buy IEDefender. It works like this: Infect your system, display fake warning popups, install a rogue antispyware application, and then charge you to buy the program that claims to remove the infection they installed.


Trojan.Win32.LinkReplacer Removal Instructions:
ShadowPuterDude has authored an automated tool for removal of Trojan.Win32.LinkReplacer. You can find the download and instructions here.

NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.


1. Download FixIEDef.exe by ShadowPuterDude to the Desktop.
   Note: FixIEDef now supports Non-English Language Systems
   
   
2. Double-click FixIEDef.exe:
   
   
   
3. That will open the About FixIEDef screen. Click OK to continue:
   
   
   
4. Next, press the Scan! button:
   
   
   
5. FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
   
   
   
6. Wait for the scan to finish. It shouldn't take very long:
   
   
   
7. After the !!! All Finished !!! message is displayed, click Exit:
   
   
   
8. That's it! You're done, and the infection should be removed.
   
   Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlogic.org/consulting/proc...processutil.htm
   
   Mirrors: Alternate official download locations for FixIEDef.exe
   
   http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe
   http://hosts-file.net/download/fixiedef/fixiedef.exe
   http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef
   http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef

If after running this tool the Trojan.Win32.LinkReplacer infection is still present, post a HiJackThis log in the Malware Removal Forum.

=====================================================================
This is a self-help guide. Use at your own risk.

Important Note: If you need assistance, please start a new topic in our Malware Removal Forum. This topic is also open for comments, but not all will receive a reply. Please NO HijackThis logs in this topic.

This post has been edited by Blair: Jan 12 2008, 11:57 AM