What is winfixer2006?

[Mian B. Ali]

Hello,

I was surfing the net when popup came about winfixer and saud my registry id
corrupted and wanted to fix it. without thinking I click ok. Then I realized
the mistake and stopped its installation and removed it from add/remove
program.

Ran spybot search and destroy and it found two entries about
winfixer2006--one registry and other folder marked as winfixer2006.

When I run Adaware, it find critical folder then the coputer shuts down.

Have windows xp home sp2.

What is winfixer and how can I remove it?

thanks for your help.
Mian

 

[Carey Frisch [MVP]]

WinFixer is a bogus antispyware and spam blocking application that attempts to market itself by surreptitiously installing adware on
the workstation. This adware aggressively and incessantly displays popup notifications in an attempt to convince the user that
something (other than its own existence) may be amiss with the computer.

The problem is typically initiated via a popup ad displayed during a visit to a distributing web site. Reports suggest that this
initial popup is constructed such that any attempt to dismiss it (including clicking the 'X' in the upper right-hand corner)
actually causes the adware to be installed on the workstation. From this point on, WinFixer popups are launched from the workstation
itself. Because of the intricate way in which the adware insinuates itself into its host (including making dozens of registry
edits), successful removal is a tedious, manual process . When running, it can be found in Windows Task Manager and stopped, but
before long it will start up again.

Install Windows Defender....it's FREE!
http://www.microsoft.com/athome/security/spyware/software/default.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

---------------------------------------------------------------------------­----------------

:

| Hello,
|
| I was surfing the net when popup came about winfixer and saud my registry id
| corrupted and wanted to fix it. without thinking I click ok. Then I realized
| the mistake and stopped its installation and removed it from add/remove
| program.
|
| Ran spybot search and destroy and it found two entries about
| winfixer2006--one registry and other folder marked as winfixer2006.
|
| When I run Adaware, it find critical folder then the coputer shuts down.
|
| Have windows xp home sp2.
|
| What is winfixer and how can I remove it?
|
| thanks for your help.
| Mian
|
|

 

[Guest]

Create C:\utilities

Go to www.merijn.org
Download HijackThis to c:\utilities
Unzip it to C:\utilities\HiJackThis
Run HiJackThis.exe
Save the log to C:\utilities\HiJackThis
Reboot the computer!

Go to www.pandasoftware.com/activescan
save the report to C:\utilities

Go to
http://www.bleepingcomputer.com/tutorials/index.php?act=print&tut=93&client=printer?
Download cleanup4.
Run it

Go to www.ewido.com
Download the scan & install Ewido


Go to
http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

Download the trial. It is a full featured version.

Boot to safe mode.
How to boot to safe mode.
http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

Using Ewido,
Scan your PC
Save the report to C:\utilities

Reboot to safe mode
Using Spy Sweeper,
Scan your PC
Save the report to C:\utilities

Boot to normal mode.
Run HiJackThis again.
Save the log / report.
Post the log here.

WC

 

[S.Sengupta]

'WinFixer is a Security Risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats.'
http://www.symantec.com/avcenter/venc/data/winfixer.html

Plenty of reomoval tools already mentioned by others.Personally I like
Ewido.

regards,
S.Sengupta[MS-MVP]

 

[Leythos]

Boot to normal mode.
Run HiJackThis again.
Save the log / report.
Post the log here.

Do not post Hijack logs here, a simple google search will show you where
to post them properly. Again, don't post HiJack logs here, this is not
the place for them.

 

[dave xnet]

'WinFixer is a Security Risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats.'
http://www.symantec.com/avcenter/venc/data/winfixer.html

Plenty of reomoval tools already mentioned by others.Personally I like
Ewido.

regards,
S.Sengupta[MS-MVP]

Would the experts suggest using system restore here?
If it was my system, I would try it.

System restore puts back a good copy of the
registry and startup environment. In theory,
this means any spyware that was scheduled to
kick in with system startup would not now start.

It means you can clean up any files or folders
at your leisure, since nothing bad is running.

Unless of course, the spyware breaks the
system restore databases and restore is
impossible....
Dave

 

[Guest]

DX:
In the what can it hurt realm, System restore is probably worth an attempt,
but unlikely to resolve the issue. Those malware writers are sneaky.

I like: http://forums.techguy.org

PC World, within the past 4 issues had a set of online sites that received
good reviews.

WC

'WinFixer is a Security Risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats.'
http://www.symantec.com/avcenter/venc/data/winfixer.html

Plenty of reomoval tools already mentioned by others.Personally I like
Ewido.

regards,
S.Sengupta[MS-MVP]

Would the experts suggest using system restore here?
If it was my system, I would try it.

System restore puts back a good copy of the
registry and startup environment. In theory,
this means any spyware that was scheduled to
kick in with system startup would not now start.

It means you can clean up any files or folders
at your leisure, since nothing bad is running.

Unless of course, the spyware breaks the
system restore databases and restore is
impossible....
Dave

 

[Mian B. Ali]

Thanks Gary. I have Microsoft anitspyware Beta installed. I ran it and it
removed 3 winfixer items. I also ran ccleaner and jv16 cleaner. They both
removed registry entries linking to winfixer. Is window defender a new
version of Microsoft antispyware?
Mian

 

[Mian B. Ali]

Thanks dave, sengupta and others for the response. I just used the system
restore and so far I haven't seen any popups and not even cookies. I hope
this fixes the problem. I have surffed many pages. Also ran Microsoft
antispyware and it did not find any file or registry entry.
I will keep an eye on for the next few days and post back.

Thanks again to all.
Mian

DX:
In the what can it hurt realm, System restore is probably worth an
attempt,
but unlikely to resolve the issue. Those malware writers are sneaky.

I like: http://forums.techguy.org

PC World, within the past 4 issues had a set of online sites that received
good reviews.

WC

'WinFixer is a Security Risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported
threats.'
http://www.symantec.com/avcenter/venc/data/winfixer.html

Plenty of reomoval tools already mentioned by others.Personally I like
Ewido.

regards,
S.Sengupta[MS-MVP]

Would the experts suggest using system restore here?
If it was my system, I would try it.

System restore puts back a good copy of the
registry and startup environment. In theory,
this means any spyware that was scheduled to
kick in with system startup would not now start.

It means you can clean up any files or folders
at your leisure, since nothing bad is running.

Unless of course, the spyware breaks the
system restore databases and restore is
impossible....
Dave

 

[Mian B. Ali]

Just a feedback on fixing the winfixer infection. Thanks to all those who
responded. As I mentioned I used system restore as suggested by dave to
resotre to few days earlier system. Then I searched the drive for
winfixer2006 files and floders and found two files in the following folder:
C:\Windows\Perfetch
The files were
winfixer2006freeinstal and winfixer2006setup.exe
Deleted them both and ran Adaware, spybot search and destroy, and Microsoft
Antispyware. All work and report clear. No popups anymore.
Thanks again for the help.
Mian

Thanks dave, sengupta and others for the response. I just used the system
restore and so far I haven't seen any popups and not even cookies. I hope
this fixes the problem. I have surffed many pages. Also ran Microsoft
antispyware and it did not find any file or registry entry.
I will keep an eye on for the next few days and post back.

Thanks again to all.
Mian

DX:
In the what can it hurt realm, System restore is probably worth an
attempt,
but unlikely to resolve the issue. Those malware writers are sneaky.

I like: http://forums.techguy.org

PC World, within the past 4 issues had a set of online sites that
received
good reviews.

WC

On Sat, 11 Mar 2006 09:39:15 +0530, "S.Sengupta"

'WinFixer is a Security Risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase
a
registered version of the software in order to remove the reported
threats.'
http://www.symantec.com/avcenter/venc/data/winfixer.html

Plenty of reomoval tools already mentioned by others.Personally I like
Ewido.

regards,
S.Sengupta[MS-MVP]
Would the experts suggest using system restore here?
If it was my system, I would try it.

System restore puts back a good copy of the
registry and startup environment. In theory,
this means any spyware that was scheduled to
kick in with system startup would not now start.

It means you can clean up any files or folders
at your leisure, since nothing bad is running.

Unless of course, the spyware breaks the
system restore databases and restore is
impossible....
Dave