WinFixer 2005 Problem

Discussion in 'Computer Security' started by =?Utf-8?B?bXVtYWs=?=, Sep 8, 2005.

  1. I am on a Win2000 Pro platform on a government LAN network. I can't seem to
    get ride of this thing, Spyware/Virus? It pops up as a download installer
    and then sits in my task bar as an active program after I cancel it. I
    tracked it to two different locations within the C:\WINNT\System32\Downloaded
    Progams file folder. However, I can only see one of two ways:
    Control Panel\Admin Tools\Computer Mgt\System Info\Software Enviroment were
    it is seen in the RUNNING TASKS folder AND IN STARTUP PROGRAMS folder as
    "uwfx51p_0001_0803netinstaller.exe. Deleting the file is not an option in
    either folder however.
    When I try to find it using the system scan fuction, or try to see it using
    the Window Explorer Tree, it is hidden.
    I can also see it in when I "List Tasks", and view processes.
    I can end the process but it returns upon reboot.
    Our Network administrator instructed me to download the bata1 anti-spyware
    and see if it will fix it. No Dice. Our Norton Anti virus is not seeing it
    either.
    Any solutions?
     
    =?Utf-8?B?bXVtYWs=?=, Sep 8, 2005
    #1
    1. Advertisements

  2. =?Utf-8?B?bXVtYWs=?=

    Malke Guest

    Removing this is possible, but quite complicated and requires a lot of
    back-and-forthing. I'd suggest you run HijackThis and ask for help at
    one of these forums:

    http://aumha.net/viewforum.php?f=30
    http://castlecops.com/forum67.html
    http://www.wilderssecurity.com/
    http://forums.tomcoyote.org/
    http://www.bleepingcomputer.com

    Malke
     
    Malke, Sep 8, 2005
    #2
    1. Advertisements

  3. =?Utf-8?B?bXVtYWs=?=

    Noel Paton Guest

    If you're on a .gov network...

    1 - notify your IT/IS personnel
    2) DO NOT USE the machine until it's been flattened and rebuilt!!


    --
    Noel Paton (MS-MVP 2002-2005, Windows)

    Nil Carborundum Illegitemi
    http://www.btinternet.com/~winnoel/millsrpch.htm

    http://tinyurl.com/6oztj

    Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
     
    Noel Paton, Sep 8, 2005
    #3
  4. =?Utf-8?B?bXVtYWs=?=

    PA Bear Guest

    You may have a newer variant (i.e., winantispyware). This isn't something
    you or some fix utility can handle alone. Some cutting edge
    work on this constantly mutating threat is being done here:
    http://www.geekstogo.com/forum/Malware-Removal-HiJackThis-Logs-Go-Here-f37.html

    Checking for/Help with Hijackware
    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://aumha.net/viewtopic.php?t=5878
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/data/prevention.htm
    http://inetexplorer.mvps.org/archive/tshoot.html
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/

    When all else fails, HijackThis v1.99.1
    (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
    It will help you to both identify and remove any hijackware/spyware. **Post
    your log to http://forums.spywareinfo.com/,
    http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
    for expert analysis, not here.**
     
    PA Bear, Sep 8, 2005
    #4
  5. =?Utf-8?B?bXVtYWs=?=

    PA Bear Guest

    This Bad Guy's popping up everywhere today. <sigh>
     
    PA Bear, Sep 8, 2005
    #5
  6. =?Utf-8?B?bXVtYWs=?=

    siljaline Guest

    The next CWS, I wonder, what with the new variant(s).

    Silj

    --
    siljaline

    MS - MVP Windows (IE/OE) & Security, AH-VSOP
    _________________________________________
    Security Tools Updates
    http://aumha.net/viewforum.php?f=31

    (Reply to group, as return address
    is invalid - that we may all benefit)
     
    siljaline, Sep 9, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.