WinFixer 2005

Discussion in 'Virus Information' started by Sherri, Nov 12, 2005.

  1. Sherri

    Sherri Guest

    Can anyone tell me how to get rid of this piece of crap? Every time I try
    to navigate to a web site it pops up wanting me to scan and download. My
    home page comes up OK, it is just when I try to google something or go to
    another site that it comes up. I am running Windows XP SP2 with all
    updates. I have firewall and anti-virus software. I have already ran
    Adware, Spybot, CWShredder, but still there. I turned off System Restore
    before I did the scans. Spybot found several things and fixed them all but
    one, the one that it couldn't fix was Sumom.A, it said it was in use.
    Thanks in advance for any help offered.
     
    Sherri, Nov 12, 2005
    #1
    1. Advertisements


  2. What specific kind of pop-ups are you seeing? There are at least
    three varieties of pop-ups, and the solutions vary accordingly.

    1) Does the title bar of these pop-ups read "Messenger Service?"

    This type of spam has become quite common over the couple of
    years, and unintentionally serves as a valid security "alert." It
    demonstrates that you haven't been taking sufficient precautions while
    connected to the Internet. Your data probably hasn't been compromised
    by these specific advertisements, but if you're open to this exploit,
    you may well be open to other threats, such as the Blaster Worm that
    swept across the Internet last year and the currently active Sasser
    Worm. Install and use a decent, properly configured firewall.
    (Merely disabling the messenger service, as some people recommend,
    only hides the symptom, and does little or nothing to truly secure
    your machine.) And ignoring or just "putting up with" the security
    gap represented by these messages is particularly foolish.

    Messenger Service of Windows
    http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

    Messenger Service Window That Contains an Internet Advertisement
    Appears
    http://support.microsoft.com/?id=330904

    Stopping Advertisements with Messenger Service Titles
    http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

    Blocking Ads, Parasites, and Hijackers with a Hosts File
    http://www.mvps.org/winhelp2002/hosts.htm

    Oh, and be especially wary of people who advise you to do nothing
    more than disable the messenger service. Disabling the messenger
    service, by itself, is a "head in the sand" approach to computer
    security. The real problem is not the messenger service pop-ups;
    they're actually providing a useful, if annoying, service by acting as
    a security alert. The true problem is the unsecured computer, and
    you've been advised to merely turn off the warnings. How is this
    helpful?

    2) For regular Internet pop-ups, you might try the free 12Ghosts
    Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
    from http://www.panicware.com/, or the Google Toolbar from
    http://toolbar.google.com/. Alternatively, you can upgrade your WinXP
    to SP2, to install IE's pop-up blocker. Another alternative would be
    to use another browser, such as Mozilla or Firefox, which has pop-up
    blocking capabilities. (But I'd avoid Netscape; it carries too much
    extraneous AOL garbage.)

    3) To deal with pop-ups caused by any sort of "adware" and/or
    "spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
    KaZaA, and their remnants, that you've deliberately (but without
    understanding the consequences) installed, two products that are
    quite effective (at finding and removing this type of scumware) are
    Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
    www.safer-networking.org/. Both have free versions. It's even
    possible to use SpyBot Search & Destroy to "immunize" your system
    against most future intrusions. I use both and generally perform
    manual scans every week or so to clean out cookies, etc.

    Additionally, manual removal instructions for the most common
    varieties of scumware are available here:

    PC Hell Spyware and Adware Removal Help
    http://www.pchell.com/support/spyware.shtml

    More information and assistance is available at these sites:

    Blocking Ads, Parasites, and Hijackers with a Hosts File
    http://www.mvps.org/winhelp2002/hosts.htm

    The Parasite Fight
    http://www.aumha.org/a/parasite.htm

    Neither adware nor spyware, collectively known as scumware,
    magically install themselves on anyone's computer. They are almost
    always deliberately installed by the computer's user, as part of some
    allegedly "free" service or product.

    While there are some unscrupulous malware distributors out there,
    who do attempt to install and exploit malware without consent, the
    majority of them simply rely upon the intellectual laziness and
    gullibility of the average consumer, counting on them to quickly click
    past the EULA in his/her haste to get the latest in "free" cutesy
    cursors, screensavers, "utilities," and/or wallpapers.

    If you were to read the EULAs that accompany, and to which the
    computer user must agree before the download/installation of the
    "screensaver" continues, most adware and spyware, you'll find that
    they _do_ have the consumer's permission to do exactly what they're
    doing. In the overwhelming majority of cases, computer users have no
    one to blame but themselves.

    There are several essential components to computer security: a
    knowledgeable and pro-active user, a properly configured firewall,
    reliable and up-to-date antivirus software, and the prompt repair (via
    patches, hotfixes, or service packs) of any known vulnerabilities.

    The weakest link in this "equation" is, of course, the computer
    user. No software manufacturer can -- nor should they be expected
    to -- protect the computer user from him/herself. All too many people
    have bought into the various PC/software manufacturers marketing
    claims of easy computing. They believe that their computer should be
    no harder to use than a toaster oven; they have neither the
    inclination or desire to learn how to safely use their computer. All
    too few people keep their antivirus software current, install patches
    in a timely manner, or stop to really think about that cutesy link
    they're about to click.

    Firewalls and anti-virus applications, which should always be used
    and should always be running, are important components of "safe hex,"
    but they cannot, and should not be expected to, protect the computer
    user from him/herself. Ultimately, it is incumbent upon each and
    every computer user to learn how to secure his/her own computer.


    To learn more about practicing "safe hex," start with these links:

    Protect Your PC
    http://www.microsoft.com/security/protect/default.asp

    Home Computer Security
    http://www.cert.org/homeusers/HomeComputerSecurity/

    List of Antivirus Software Vendors
    http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

    Home PC Firewall Guide
    http://www.firewallguide.com/

    Scumware.com
    http://www.scumware.com/


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
     
    Bruce Chambers, Nov 12, 2005
    #2
    1. Advertisements

  3. From: "Sherri" <>

    | Can anyone tell me how to get rid of this piece of crap? Every time I try
    | to navigate to a web site it pops up wanting me to scan and download. My
    | home page comes up OK, it is just when I try to google something or go to
    | another site that it comes up. I am running Windows XP SP2 with all
    | updates. I have firewall and anti-virus software. I have already ran
    | Adware, Spybot, CWShredder, but still there. I turned off System Restore
    | before I did the scans. Spybot found several things and fixed them all but
    | one, the one that it couldn't fix was Sumom.A, it said it was in use.
    | Thanks in advance for any help offered.
    |

    Download WinFixerFix.exe from the URL --
    http://www.ik-cs.com/programs/virtools/WinFixerFix.exe


    Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
    Choose; Unzip
    Choose; Close

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to enable WGET.EXE to download the needed McAfee related files.

    Execute; c:\mcafee\clean.bat
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.
     
    David H. Lipman, Nov 12, 2005
    #3
  4. Please,download that file ,written by me:

    http://free.hit.bg/fightmalware/MRI.rtf

    Then perform the general malware removal instrctions and you should have
    your computer clean.
    I have written how to use an antivirus + antispyware command line scanners -
    McAfee + SpyBot Search&Destroy command line scanners.

    In command line you can scan when nothing has loaded-no malware loaded.
    The regular scan cannot clean you because the malware is loaded and Windows
    doesn't allow anything to touch process which is on.

    If you'd like to learn how to protect your computer ,get that file,written
    by me:
    http://free.hit.bg/fightmalware/Set%20up%20a%20PC.rtf

    You can report back what happened.If you have any questions ,do not hesitate
    to conact the community again !


    Panda_man
    " Let's beat malware black and blue "
    " No new epidemics of all kind of malware -> Panda TruPrevent "

    All you need here :
    http://www.microsoft.com/athome/security
    http://www.pandasoftware.com
     
    =?Utf-8?B?UGFuZGFfbWFu?=, Nov 12, 2005
    #4
  5. Sherri

    Sherri Guest

    The popup is a box with Microsoft Internet Explorer at the top with the body
    of the message saying:

    Notice: If your computer has errors in the registry database or file syste,
    it could cause unpredictable or erractic behavior, freezes or crashes.
    Fixing these errors can increase your computer's performance and prevent
    data loss.

    Would you like to install WinFixer 2005 to check your computer for free?
    (recommended)
    then it has boxes to choose OK or Cancel. No matter what you choose or even
    if you just close the window, it then pops up with the download site for
    Winfixer 2005.
     
    Sherri, Nov 12, 2005
    #5
  6. Sherri

    Sherri Guest

    When I double click on Clean Link or clean.bat either one the computer goes
    into computer shutdown countdown and then shuts down. Tried it three times
    already. Can't seem to get it to work.
     
    Sherri, Nov 12, 2005
    #6
  7. From: "Sherri" <>

    | When I double click on Clean Link or clean.bat either one the computer goes
    | into computer shutdown countdown and then shuts down. Tried it three times
    | already. Can't seem to get it to work.

    That could mean that the signature files were not downloaded. Is WinFixer 2005 gone ?
     
    David H. Lipman, Nov 12, 2005
    #7
  8. Sherri

    Sherri Guest

    No, it just popped up when I tried to navigate from one website to another.
     
    Sherri, Nov 12, 2005
    #8
  9. From: "Sherri" <>

    | No, it just popped up when I tried to navigate from one website to another.


    I'm sorry the utility didn't work :-(

    It would be helpful to read the following information…
    “How to perform a clean boot in Windows XP”
    http://support.microsoft.com/kb/310353

    The following is a re-post of Nick Skrepetos (SuperAdBlocker.com) <>
    He allows the use of his software for a fully functional 15-day free trial period.

    "Hello,

    You may also wish to try Super Ad Blocker with SUPERAntiSpyware,we use a
    system level driver to delete the files, so they should not come back:
    http://www.superadblocker.com

    If that does not find and/or remove the spware/adware on your machine, you
    can submit a
    diagnositc and I will diagnose your machine for free and post the results
    back to the group and update our rules with anything found:
    http://www.superadblocker.com/diagnostic.html?id=nicks

    You may also wish to try the free scan/view of what's running on your PC
    here:
    http://www.fileresearchcenter.com

    Nick Skrepetos
    SuperAdBlocker.com - SUPERAntiSpyware
    http://www.superadblocker.com
    http://blogs.superadblocker.com
    http://forums.superadblocker.com "
     
    David H. Lipman, Nov 12, 2005
    #9
  10. Sherri

    Aquafina Guest

    I have a fix for you that works. Send me an email at
    , remove the XXX from the address to send it. I
    will send you instructions and files to clean that pest off your system. I
    cannot posts the files here because there are too many leeches here.
     
    Aquafina, Nov 13, 2005
    #10
  11. Sherri

    Sherri Guest

    I sent you an e-mail from my hotmail account. Thanks for your help.
     
    Sherri, Nov 13, 2005
    #11
  12. Sherri

    Sherri Guest

    I am accessing the newsgroup using my daughter's computer hense the
    difference in the names. I assure you I am the same person who sent you the
    e-mail using the hotmail account. Thanks
     
    Sherri, Nov 13, 2005
    #12
  13. From: "Sherri" <>

    | I am accessing the newsgroup using my daughter's computer hense the
    | difference in the names. I assure you I am the same person who sent you the
    | e-mail using the hotmail account. Thanks

    Sherri:

    Here's the situation. This is a poster who really goes by the name PCBUTTS1. He can't use
    his real regular PCBUTTS1 name becuase he is summarily filtered out by the News Server
    administrator John Eddy. He is filtered out because he his rights to use the News Server
    and the people that post to it.

    Additionally, PCBUTTS1 runs a server called http://www.pcbutts1.com [ 216.122.228.48 ] and
    he has improperly posted anti malware applications from various authors/vendors on that web
    site. He has been asked to remove them but refused to. He was also found to have
    plagiarized code to remove the SmitFraud Trojan that was created by noahdfear
    http://noahdfear.geekstogo.com/ . He actually had the gall to replace the name of noahdfear
    in the code with PCBUTTS1. However, he failed to COMPLETELY replace all the strings of
    'noahdfear' with 'pcbutts1' and was caught. Now he has password protected his web site so
    those in the anti malware community who have been angered by his theft of the code can check
    his web site. That's why he wrote "I will send you instructions and files to clean that
    pest off your system" instead of posting instructions here or referring you to a web site.
    He stated "I cannot posts the files here because there are too many leeches here." The
    truth is if he posts his web site, he might get filtered out, if he posts a set of
    instructions chances are he stole them from someone else and he doesn't want to get caught
    again.

    The fact is, he is the leech, he is a liar, a thief, a plagiariser and a News Group Troll.

    Apparently he refused your email in fear that it might be one of the many angered by his
    software theft and plagiarism.

    He will no doubt refute what I have stated in a later post. However, my statemants can will
    will be backed by other "regulars" of this News Group, other Microsoft News Groups and
    various UseNet News Groups.

    http://groups.google.com/group/24hoursupport.helpdesk/browse_frm/thread/9dfcfd655ed7b349/fa0c9c21a7f4eb6e?lnk=st&q=PCBUTTS1+noahdfear&rnum=1&hl=en#fa0c9c21a7f4eb6e
     
    David H. Lipman, Nov 13, 2005
    #13
  14. From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

    That should have been...

    "He is filtered out because he has abused his rights to use the News Server and has abused
    the people that post to it."
     
    David H. Lipman, Nov 13, 2005
    #14
  15. Sherri

    pcbutts1 Guest

    Lies all lies. This post should prove that. You are just pissed because you
    could not fix her problem.
     
    pcbutts1, Nov 13, 2005
    #15
  16. Sherri

    Sherri Guest

    If he in fact sends me files to clean the computer, will they be safe to use
    or do I need to fear viruses. Thanks for the info. I have tried everything
    posted here to no avail. I am still battling this nasty thing. I have
    cleaned several computers and have never had this much trouble getting rid
    of something.
     
    Sherri, Nov 13, 2005
    #16
  17. Sherri

    Aquafina Guest

    Scan the files I have already sent you. You may even use davids multi crap
    scanner, the files are clean. David does not like me and has been trying to
    shut me down for 7 months now be sending emails to my business partners, my
    ISP, and my hosting company. He has failed because I have done nothing
    wrong. He can't accept that.
     
    Aquafina, Nov 13, 2005
    #17
  18. From: "Sherri" <>

    | If he in fact sends me files to clean the computer, will they be safe to use
    | or do I need to fear viruses. Thanks for the info. I have tried everything
    | posted here to no avail. I am still battling this nasty thing. I have
    | cleaned several computers and have never had this much trouble getting rid
    | of something.

    You tried SuperAdBlocker ?

    I doubt that that downloads form PCBUTTS1 (aka; Aquafina) will be malicious, I don't think
    he would stoop that low. He actually wants to help those infected, but he just has no
    ethics in doing so.

    Download HiJack This. -- http://www.merijn.org/files/hijackthis.zip

    Creat a HJT Log and post a log in one of the following forums.


    Forums where you can get expert advice for HiJack This! (HJT) logs.
    NOTE: Registration is REQUIRED before posting a log
    NOTE: Web sites NOT listed in any particular order

    http://aumha.net/viewforum.php?f=30
    http://www.bleepingcomputer.com/forums/forum22.html
    http://www.dslreports.com/forum/security
    http://castlecops.com/forum67.html
    http://www.wilderssecurity.com/forumdisplay.php?f=24
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://forum.iamnotageek.com/f-130.html
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://boards.cexx.org/viewforum.php?f=1
    http://www.malwarebytes.biz/forums/index.php?showforum=5

    { borrowed from the alt.privacy.spyware News Group }
     
    David H. Lipman, Nov 13, 2005
    #18
  19. From: "Sherri" <>

    | If he in fact sends me files to clean the computer, will they be safe to use
    | or do I need to fear viruses. Thanks for the info. I have tried everything
    | posted here to no avail. I am still battling this nasty thing. I have
    | cleaned several computers and have never had this much trouble getting rid
    | of something.

    Sherri:

    I re-examined my code and based upon your feedback, I reordered the WinFixer 2005 specific
    code to earlier in the script execution.

    Please go back and download an updated copy of the utility. Make sure you run it in Normal
    Mode first and the message below about the FireWall issue.

    After you run it, please report back your results.

    Clear your IE cache (so you get a new version and not a copy that may be in your cache)...
    Start --> settings --> control panel --> Internet options --> delete files

    Download WinFixerFix.exe from the URL --
    http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

    Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
    Choose; Unzip
    Choose; Close

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to enable WGET.EXE to download the needed McAfee related files.

    Execute; c:\mcafee\clean.bat
    { or Double-click on 'Clean Link' in c:\mcafee }
     
    David H. Lipman, Nov 13, 2005
    #19
  20. Sherri

    Peter Foldes Guest

    PCBUTTS1

    Not lies but the truth. You are the one that all this should be said of. I have always butted heads with you in another group and you just seem to aggravate people that are bonified helpers and not like you that steal anything and everything from other to get you ego up.

    You are a sorry excuse for a person. Get a life.

    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.

     
    Peter Foldes, Nov 13, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.