WinFixer 2005

Discussion in 'Virus Information' started by Sherri, Nov 12, 2005.

  1. From: "Darlene" <>

    | I just wanted to say thank you to David. I used your tool and my computer
    | seems to be all better again. I had the same problem as everyone else on
    | here. Even though David's tool took a long time, it was well worth it because
    | it worked.
    |
    | Thank you.
    |

    I am glad you have resolution Darlene.

    The reason it takes longer is that it runs a complete and aggressive anti virus scan. Was
    there anything noted in the HTML log file ?
    C:\mcafee\ScanReport.HTML
     
    David H. Lipman, Dec 7, 2005
    1. Advertisements

  2. I ran the tool also and it thankfully got rid of that pesky WinFix. Thanks a
    bunch!
     
    =?Utf-8?B?THVjeQ==?=, Dec 10, 2005
    1. Advertisements

  3. From: "Lucy" <>

    | I ran the tool also and it thankfully got rid of that pesky WinFix. Thanks a
    | bunch!

    YW !
     
    David H. Lipman, Dec 10, 2005
  4. In
    All this proves is you know how to change your email alias.

    --
    Michael Stevens MS-MVP XP

    http://www.michaelstevenstech.com
    For a better newsgroup experience. Setup a newsreader.
    http://www.michaelstevenstech.com/outlookexpressnewreader.htm

     
    Michael Stevens, Dec 13, 2005
  5. Hello Sherri,



    Thank you for contacting Microsoft Online Customer Service.



    From your e-mail, I understand that you wish to have information about Win
    Fixer pop ups. I realize the importance of your issue and look forward to
    assisting you today.



    As a Customer Service Representative, I can assist you with the support
    options available with the Microsoft product. However, I have taken the time
    to look through general web site and found the following information:



    Please be informed that Winfixer is not a Microsoft product. WinFixer is
    sold as "useful utility to scan and fix any system, registry and hard drive
    errors. It ensures system stability and performance." etc. It is also listed
    as adware in the eTrust Spyware Encyclopedia, and a Web search shows there
    are many users desperate to get rid of it. Maybe there is more than one bit
    of software called WinFixer, but all this creates enough suspicion to suggest
    it is best avoided. However, if your computer system is affected by Winfixer
    2005 you may experience the following symptoms:



    - Browser performance can be slow

    - Possible pop-up ads display, search redirects

    - "Windows" errors can be caused

    - System crashes and restarts can occur.



    To remove it from your computer system please follow the below mentioned
    steps:



    Suggestion 1:



    For more information about how to remove them, please refer to the following
    links:



    Article Title: WinFixer - fix and remove the WinFixer popup attack

    http://www.softwarepatch.com/tips/winfixer-remove-popup.html



    To remove Winfixer, please refer to the link:

    http://www.spyware-removal-guideline.com/winfixer-removal



    Suggestion 2:



    After following the instructions listed on the above link, if the issue
    persists, please try once more by following the instruction given here:



    Article Title: Spyware Remover and Virus Help

    http://www.virusspy.com/spyware/removewinfixer.html



    Suggestion 3:



    A. Scan for Spyware:



    You can use the Ad-aware 6 program to permanently remove the Spyware
    programs from the computer. You may download this program from the link
    below:

    http://download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button



    Please note that Microsoft provides third-party contact information to help
    you find technical support. This contact information may change without
    notice. Microsoft does not guarantee the accuracy of this third-party contact
    information.



    After the installation of Ad-aware 6, please perform the following steps:



    1. Run Ad-aware 6, in the main window, use the webupdate component
    implemented in Ad-aware to install the latest update.

    2. After updating the software, click Scan Now, and click Next.

    3. Ad-aware 6 will find the Spy ware programs, and ask if you want to delete
    them.

    4. Delete them.



    B. Perform a Clean Boot



    1. Click Start, click Run, type "MSCONFIG" (without the quotation marks) in
    the

    open box and click OK.



    2. Under the Service tab, check "Hide All Microsoft Services", and then
    uncheck all

    the services listed.



    3. Under the General tab, put a check next to "Selective Startup", please
    click to

    uncheck "Load Startup Items" and click OK.



    4. Please choose Yes to restart the computer.



    5. Please check whether the issue persists, or not.



    However, all virus-related product support is now available at no-charge to
    all customers through Microsoft’s new Microsoft Strategic Technology
    Protection Program (STPP). To access this service, you may call the STPP
    toll-free number at PC SAFETY (866-727-2338).



    For more information about STPP, please visit:

    http://www.microsoft.com/security



    I hope you have found the above information useful.


    Prasun

    Microsoft Online Customer Service Representative
     
    =?Utf-8?B?UHJhc3Vu?=, Dec 14, 2005
  6. From: "Prasun" <>

    < snip >

    |
    | A. Scan for Spyware:
    |
    | You can use the Ad-aware 6 program to permanently remove the Spyware
    | programs from the computer. You may download this program from the link
    | below:
    |
    | http://download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
    |
    | Please note that Microsoft provides third-party contact information to help
    | you find technical support. This contact information may change without
    | notice. Microsoft does not guarantee the accuracy of this third-party contact
    | information.
    |
    | After the installation of Ad-aware 6, please perform the following steps:
    |
    | 1. Run Ad-aware 6, in the main window, use the webupdate component
    | implemented in Ad-aware to install the latest update.
    |
    | 2. After updating the software, click Scan Now, and click Next.
    |
    | 3. Ad-aware 6 will find the Spy ware programs, and ask if you want to delete
    | them.
    |

    < snip >

    Anyoneelse see what's wrong with the above ? :)
     
    David H. Lipman, Dec 14, 2005
  7. Sherri

    Fitz Guest

    Ad-Aware 6?

    ***
     
    Fitz, Dec 14, 2005
  8. From: "Fitz" <>

    | Ad-Aware 6?
    |
    | ***


    Yepper !

    The URL takes 'ya to Ad-aware SE but leave it to Microsoft to call it Ad-aware 6 !

    Look for Ad-aware SE v1.06 to be replaced by Ad-Aware 2006 in the near future.
     
    David H. Lipman, Dec 14, 2005
  9. Darlene, Sherri, and David. Have you found the solution to getting rid of
    the Winfixer 2005 problem that keeps hijacking the browser to the winfixer
    site to download? Please post again, or send instructions to
    , but remove the Xs.

    Thanks
     
    =?Utf-8?B?VHJlbnQ=?=, Dec 15, 2005
  10. From: "Trent" <>

    | Darlene, Sherri, and David. Have you found the solution to getting rid of
    | the Winfixer 2005 problem that keeps hijacking the browser to the winfixer
    | site to download? Please post again, or send instructions to
    | , but remove the Xs.
    |
    | Thanks

    Two phase answer...

    Perform Part 1 the perform part 2

    Part 1
    ------------
    Download Adware-Virtumundo Removal Tool v1.5 --
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Information on the Adware-Virtumundo Removal Tool:
    http://forums.mcafeehelp.com/viewtopic.php?t=57049

    Part 2
    ------------
    Download WinFixerFix.exe from the URL --
    http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

    Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
    Choose; Unzip
    Choose; Close

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to enable WGET.EXE to download the needed McAfee related files.

    Execute; c:\mcafee\clean.bat
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.

    * * * Please report back your results * * *
     
    David H. Lipman, Dec 15, 2005
  11. I'll try it tomorrow evening. I will post my results. Will you be on-line?
     
    =?Utf-8?B?VHJlbnQ=?=, Dec 15, 2005
  12. From: "Trent" <>

    | I'll try it tomorrow evening. I will post my results. Will you be on-line?
    |

    I'll check in from time to time, yes.
     
    David H. Lipman, Dec 15, 2005
  13. i found your posts thank goodness...just tried the mcafee you suggested, got
    lots of adware and winfixer deleted...hope it (and the casino/porno following
    it!!!)stays gone!
    thanks so mUCH!

    Frankie
     
    =?Utf-8?B?ZnJhbmtpZQ==?=, Dec 15, 2005
  14. From: "frankie" <>

    | i found your posts thank goodness...just tried the mcafee you suggested, got
    | lots of adware and winfixer deleted...hope it (and the casino/porno following
    | it!!!)stays gone!
    | thanks so mUCH!
    |
    | Frankie

    YW -- I am very glad it worked for you !
     
    David H. Lipman, Dec 15, 2005
  15. David,
    I read a thread in this news forum last night (but can't find it now) that
    said I should not click on the "cancel" or the "x" in the top right hand
    corner of the first Winfixer pop-up that occurs. It said I should stop it in
    the task manager, which is control-alt-delete. But am I supposed to find the
    winfixer program in the "applications tab" or in the "processes tab". And
    what would the process file be that I would want to delete, or "end process"?

    Thanks in advance.

    And by the way, are you in any way affiliated with Winfixer, winsoftware,
    winsoft, or any developer of these winfixer/winantispyware/winantivirus
    products?
     
    =?Utf-8?B?VHJlbnQ=?=, Dec 15, 2005
  16. From: "Trent" <>

    | David,
    | I read a thread in this news forum last night (but can't find it now) that
    | said I should not click on the "cancel" or the "x" in the top right hand
    | corner of the first Winfixer pop-up that occurs. It said I should stop it in
    | the task manager, which is control-alt-delete. But am I supposed to find the
    | winfixer program in the "applications tab" or in the "processes tab". And
    | what would the process file be that I would want to delete, or "end process"?
    |
    | Thanks in advance.
    |
    | And by the way, are you in any way affiliated with Winfixer, winsoftware,
    | winsoft, or any developer of these winfixer/winantispyware/winantivirus
    | products?
    |

    Click on the 'x' in the Top Right corner or hitting Ctrl-Alt-Del and killing IEXPLORE.EXE
    and of the following seen running...

    uwfx5.exe
    wfx5.exe
    UWFX5NetInstaller.exe
    8355.exe
    196_150_NI.EXE
    install.exe
    logfont.exe
    sr.exe
    riak.exe
    unins000.exe
    updater.exe
    minst[1].exe
    riqzcju.exe
    sspggd.exe
    eqwxzb.exe
    wayftxi.exe
    xau.exe
    hqyikxs.exe
    iasnhl.exe
    odensc.exe
    ipvp2res.exe
    vmtemp.exe
    dfe1.exe
    str.exe
    syssg32.exe
    adduk.exe
    crdh.exe
    ktcar.exe
    netbh.exe


    Then...

    Perform Part 1 the perform part 2

    Part 1
    ------------
    Download Adware-Virtumundo Removal Tool v1.5 --
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Information on the Adware-Virtumundo Removal Tool:
    http://forums.mcafeehelp.com/viewtopic.php?t=57049

    Part 2
    ------------
    Download WinFixerFix.exe from the URL --
    http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

    Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
    Choose; Unzip
    Choose; Close

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to enable WGET.EXE to download the needed McAfee related files.

    Execute; c:\mcafee\clean.bat
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.

    * * Please report back your results * *
     
    David H. Lipman, Dec 15, 2005
  17. Sherri

    Max Wachtel Guest

    AKA Trent on 12/15/2005 in

    I think pcbutts is the affiliated one.
    max
    --
    Virus Removal Instructions: http://home.neo.rr.com/manna4u/
    Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
    Windows Help: http://home.neo.rr.com/manna4u/tools.html
    Specific Fixes: http://home.neo.rr.com/manna4u/fixes.html
    Forums for HiJackThis Logs:
    http://home.neo.rr.com/manna4u/forums_for_hijackthis_logs.html
    To reply by e-mail change nomail.afraid.org to gmail.com
    nomail.afraid.org is setup specifically for use in USENET
    feel free to use it yourself. Registered Linux User #393236
     
    Max Wachtel, Dec 16, 2005
  18. David,
    I finally got around to following your steps 1 and 2. I downloaded those 3
    files, but only double clicked on the one that you told me to. Not sure what
    the other 2 were needed for. It took awhile for the blue screen to show up
    and run the scan. During the scan, there were a number of files in the
    detail that I saw indicating "password protected" Not sure if that was
    normal.

    Here are the results.....

    12/16/2005 22:27:11


    Options:
    /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
    /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML
    "C:\MCAFEE\SCANREPORT.HTML"

    Scanning C: []
    Scanning C:\*.*
    C:\Documents and Settings\Trey\Local
    Settings\Temp\ICD1.tmp\UWFX5_0001_N57M2811NetInstaller.exe ... Found
    potentially unwanted program Winfixer.
    The file or process has been deleted.
    C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll ... Found potentially
    unwanted program Adware-MySearch.
    C:\WINDOWS\SYSTEM32\pmkhf.dll ... Found potentially unwanted program
    Adware-Virtumundo.
    C:\WINDOWS\SYSTEM32\vtstu.dll ... Found potentially unwanted program
    Adware-Virtumundo.
    The file or process has been deleted.

    A file(s) requires a reboot to complete the repair.
    You are recommended to reboot the computer.

    Summary report on C:\*.*
    File(s)
    Total files: ........... 106662
    Clean: ................. 106488
    Possibly Infected: ..... 0
    Cleaned: ............... 0
    Deleted: ............... 2
    Non-critical Error(s): 2
    Master Boot Record(s): ......... 1
    Possibly Infected: ..... 0
    Boot Sector(s): ................ 1
    Possibly Infected: ..... 0


    Time: 00:32.50

    When I rebooted this morning, I got this message:
    "Winlogon.exe encountered a problem and needed to close. We have created an
    error report. Send error report to Microsoft?"

    Is this bad?

     
    =?Utf-8?B?VHJlbnQ=?=, Dec 17, 2005
  19. From: "Trent" <>

    | David,
    | I finally got around to following your steps 1 and 2. I downloaded those 3
    | files, but only double clicked on the one that you told me to. Not sure what
    | the other 2 were needed for. It took awhile for the blue screen to show up
    | and run the scan. During the scan, there were a number of files in the
    | detail that I saw indicating "password protected" Not sure if that was
    | normal.
    |
    | Here are the results.....
    |
    | 12/16/2005 22:27:11
    |
    | Options:
    | /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
    | /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML
    | "C:\MCAFEE\SCANREPORT.HTML"
    |
    | Scanning C: []
    | Scanning C:\*.*
    | C:\Documents and Settings\Trey\Local
    | Settings\Temp\ICD1.tmp\UWFX5_0001_N57M2811NetInstaller.exe ... Found
    | potentially unwanted program Winfixer.
    | The file or process has been deleted.
    | C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll ... Found potentially
    | unwanted program Adware-MySearch.
    | C:\WINDOWS\SYSTEM32\pmkhf.dll ... Found potentially unwanted program
    | Adware-Virtumundo.
    | C:\WINDOWS\SYSTEM32\vtstu.dll ... Found potentially unwanted program
    | Adware-Virtumundo.
    | The file or process has been deleted.
    |
    | A file(s) requires a reboot to complete the repair.
    | You are recommended to reboot the computer.
    |
    | Summary report on C:\*.*
    | File(s)
    | Total files: ........... 106662
    | Clean: ................. 106488
    | Possibly Infected: ..... 0
    | Cleaned: ............... 0
    | Deleted: ............... 2
    | Non-critical Error(s): 2
    | Master Boot Record(s): ......... 1
    | Possibly Infected: ..... 0
    | Boot Sector(s): ................ 1
    | Possibly Infected: ..... 0
    |
    | Time: 00:32.50
    |
    | When I rebooted this morning, I got this message:
    | "Winlogon.exe encountered a problem and needed to close. We have created an
    | error report. Send error report to Microsoft?"
    |
    | Is this bad?

    Hi Trent:

    Execute NOTEPAD.EXE

    Copy and Paste the text between the dashes (-------------) below into notepad.
    Save the the file to the DeskTop as FixReg.reg .

    Double-Click on the file FixReg.reg and allow the contents to be merged into the Registry
    then reboot.

    -------------

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhf]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtstu]
     
    David H. Lipman, Dec 17, 2005
  20. The bue screen error and winlogon.exe crash are a part of VirtumundoBeGone.
    The program will crash a system service in order to remove the virus process
    from memory so it can be cleaned.

     
    Matt Thompson, Dec 17, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.