TrustFighter and SafeFighter

13 October 2009 0 Comment

TrustFighter is another malicious security program that was developed by company who also created SafeFighter and other similar fake applications. TrustFighter may infect users if they come into contact with a Trojan that will redirect Internet browser to a malicious website “TrustFighter – Online Protection” where this malware is hosted. Fake alerts and security messages will be displayed that will invite visitors to download TrustFighter and remove these threats.

Once TrustFighter or SafeFighter is installed on computer, it will literally modify Windows system files particularly Internet browser that may block users Internet access and instead be redirected to “Insecure Internet Activity” page. It will also run its own virus scanner and alert users on loads of infected file. This was a trick used to convince users into purchasing the program. Instead of getting this useless application, we recommend downloading a legit and recognized anti-malware program. You can use it as TrustFighter removal tool that will eliminate it and other related parasites found on compromised computer.

Screen Shot Images:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

[expand title="View More" swaptitle="Hide This"]

Malware Behavior
TrustFighter and SafeFighter never stops issuing fake alert messages. It constantly reminds victims for a huge number of threats detected on the system. One sample alert contains the following message:

709 SPYWARE Found
Attention: Danger!
TrustFighter has detected 709 Critical Spyware Objects while scanning the system. Following object will shortly interrupt system running by:
- Annoying advertisements wasting your traffic.
- Slow page downloading speed. Web browser is not working properly.
- Cyber thieves get access to credit card.
- Criminals will steal your personal data and photos.
- Hackers will get access to email box, personals, hosting and Internet services. They will use your computer and IP address for illegal purposes.
Register TrustFighter to block or remove threatening objects. Click “Clean” to registere the version to render revealed threats.

Added Registry Entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrustFighter"
HKEY_CURRENT_USER\Software\TrustFighter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustFighter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\TrustFighter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "lil6.tmp.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe "GlobalFlag" "0x02000100"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe "VerifierDlls" = "d3d550c.dll" 

Associated Files and Folders:

C:\Documents and Settings\All Users\Start Menu\Programs\TrustFighter
C:\Documents and Settings\All Users\Start Menu\Programs\TrustFighter\1 TrustFighter.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\TrustFighter\2 Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\TrustFighter\3 Uninstall.lnk
C:\Program Files\TrustFighter Software
C:\Program Files\TrustFighter Software\TrustFighter
C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe
C:\Program Files\TrustFighter Software\TrustFighter\uninstall.exe
C:\Documents and Settings\All Users\Desktop\TrustFighter.lnk
C:\WINDOWS\system32\dgf785c.dll
C:\WINDOWS\x4125spy741.dll
C:\WINDOWS\x9ethreat4412.bin
C:\WINDOWS\za32d7dcload5r243.exe
C:\WINDOWS\system32\e56thi5f4512z.ocx
C:\WINDOWS\system32\d34a9dware264z.exe
C:\WINDOWS\system32\lil6.tmp.exe
C:\WINDOWS\system32\w012hackto5l145.cpl
 %Temp%\lil6.tmp.exe 

How to Remove TrustFighter and SafeFighter

1. Kill any running process that belongs to TrustFighter.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
TrustFighter.exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrustFighter"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by TrustFighter.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'

Automatic Removal of TrustFighter

In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.