winfixer infection

G

Guest

Does MivroSoft have a removal tool for WinFixer?
Iv'e runAdAware,Spybot,Beta,Yahoo.and AVAST, but notheing seems to get rid
of this thing.
robert
 
D

David H. Lipman

From: "Robert" <[email protected]>

|
| Does MivroSoft have a removal tool for WinFixer?
| Iv'e runAdAware,Spybot,Beta,Yahoo.and AVAST, but notheing seems to get rid
| of this thing.
| robert

Two phase answer...

Perform Part 1 the perform part 2

Part 1
------------
Download Adware-Virtumundo Removal Tool v1.5 --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

Part 2
------------
Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.

* * * Please report back your results * * *
 
G

Guest

Dave Lipman,
Thanks for the info.So far, I have run the Mcafee Scan which removed
all kinds of stuff ,but the pop ups continue and seem worse.I'll try the
other websites you listed.
Appreciate your help..
 
D

David H. Lipman

From: "Robert" <[email protected]>

| Dave Lipman,
| Thanks for the info.So far, I have run the Mcafee Scan which removed
| all kinds of stuff ,but the pop ups continue and seem worse.I'll try the
| other websites you listed.
| Appreciate your help..

Don't forget run them in Safe Mode and Normal Mode.

Also...
Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.
 
G

Guest

Dave,
This is the report run in the "Normal" mode.I'll try the 'Safe Mode" next.

Virus Scan Report File
Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4656 created Dec 22 2005
Scanning for 167436 viruses, trojans and variants.

Virus Scan Results


12/22/2005 20:05:39


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML
"C:\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*
C:\Program Files\bbsetupaud.exe ... Found potentially unwanted program
Adware-BonziBuddy.dr.
The file or process has been deleted.
C:\Program Files\MyWay\myBar\2.bin\F3HTMLMU.DLL ... Found potentially
unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE ... Found potentially unwanted
program Adware-MySearch.
The file or process has been deleted.
C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL ... Found potentially unwanted
program Adware-MySearch.
C:\Program Files\MyWay\myBar\2.bin\MYPOPSWT.DLL ... Found potentially
unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe ... Found
potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe ... Found
potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl ... Found
potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll ... Found
potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll ...
Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\414C9864-3BF0-4141-A85D-768059\BA0E720D-C367-4CBF-AA56-6EA436 ... Found potentially unwanted program Medload.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\817D068B-C013-45C1-A1A9-0CAAFE\FE1F3A05-1C01-41AA-87CE-DD021E ... Found potentially unwanted program Adware-PromulGate.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\817D068B-C013-45C1-A1A9-0CAAFE\9DD64252-A903-44AD-ADE7-6B17C1 ... Found potentially unwanted program Medload.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\817D068B-C013-45C1-A1A9-0CAAFE\C0AE4C3B-E2E0-4A54-9672-D86F66 ... Found potentially unwanted program Adware-PromulGate.dll.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\09EEBBA3-04C1-415A-B208-8460F2 ... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\9D424537-F95F-4830-9D72-828A46 ... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\B6BCF48C-14A2-48C5-A3D0-2816C9 ... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\9EE484BF-B569-48A9-AE1E-D3B9F5 ... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\Kirby Alarm\kirbyalarm.exe ... Found virus or variant New
Malware.b !!!
Please send a copy of the file to McAfee
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde47.tmp\BDEINSTALLMAN3.EXE ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde4C.tmp\BDELOAD.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde4E.tmp\BDEPLAYER3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde55.tmp\BDEENGINE3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde5B.tmp\BDEIMAGE.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde5D.tmp\BDEWRAPPER3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde5F.tmp\BDESAC24.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde62.tmp\BDESAC10.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde68.tmp\BDERASTDX3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local Settings\Temp\httppost.exe ... Found
potentially unwanted program Adware-Favman.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local Settings\Temp\gate.exe\gate.exe ...
Found the StartPage-CD trojan !!!
The file or process has been deleted.
C:\Documents and Settings\Robert\Local
Settings\Temp\NI.UWFX5_0001_N57M2811\setup.exe ... Found potentially unwanted
program Winfixer.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP544\A0061821.exe\A0061821.exe ... Found potentially unwanted program Adware-SurfAccuracy.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064597.exe
.... Found potentially unwanted program Adware-BonziBuddy.dr.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064598.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064599.EXE
.... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064600.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064604.exe
.... Found potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064605.exe
.... Found potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064606.cpl
.... Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064607.dll
.... Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064608.dll
.... Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064609.exe
.... Found virus or variant New Malware.b !!!
Please send a copy of the file to McAfee
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064610.exe
.... Found potentially unwanted program Adware-Favman.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064611.exe\A0064611.exe ... Found the StartPage-CD trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060403.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060405.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060406.EXE
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060407.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060408.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on C:\*.*
File(s)
Total files: ........... 160576
Clean: ................. 156403
Possibly Infected: ..... 4
Cleaned: ............... 0
Deleted: ............... 48
Non-critical Error(s): 2
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Scanning D: []
Scanning D:\*.*

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on D:\*.*
File(s)
Total files: ........... 2451
Clean: ................. 2451
Possibly Infected: ..... 0
Cleaned: ............... 0
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:27.07
 
D

David H. Lipman

From: "Robert" <[email protected]>

| Dave,
| This is the report run in the "Normal" mode.I'll try the 'Safe Mode" next.
|
| Virus Scan Report File

< log snipped >

Some found were in the System restore cache.

Others found in the Microsoft AntiSpyware Quarantine folder.

Bonzi-Buddy and MyWay Bar are not associated with WinFixer 2005 so you have a broader
adware/spyware infection.

We can deal with that after you have executed the tools already provided executed in both
Normal Mode and in Safe Mode.
 
G

Guest

--Hi Dave,
Iv'e included the report run in the "Safe" mode.I don't see anything
and pop-ups continre. Even if we don't solve the problem,have a "Merry
Christmas".
(Both Safe and Normal scans hove now been run.)

Virus Scan Report File
Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4656 created Dec 22 2005
Scanning for 167436 viruses, trojans and variants.

Virus Scan Results


12/23/2005 20:13:35


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML
"C:\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP569\A0064626.DLL
.... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 249307
Clean: ................. 245158
Possibly Infected: ..... 0
Cleaned: ............... 0
Deleted: ............... 1
Non-critical Error(s): 2
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Scanning D: []
Scanning D:\*.*

Summary report on D:\*.*
File(s)
Total files: ........... 2453
Clean: ................. 2453
Possibly Infected: ..... 0
Cleaned: ............... 0
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:19.34




robert
 
D

David H. Lipman

From: "Robert" <[email protected]>

|
| --Hi Dave,
| Iv'e included the report run in the "Safe" mode.I don't see anything
| and pop-ups continre. Even if we don't solve the problem,have a "Merry
| Christmas".

IYou previously mentioned Ad-aware and SpyBot but failed to mention their versions. Below
are the latest versions and THEY need to be used by scanning in Safe Mode. I also suggest
BHOdemon.

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d
 
G

Guest

HI Dave,
In accordance wih your instructions, I have downloaded latest
Adaware,Spybot and BHO Demon. I have run Adaware and Spywot in both the
standard mode and "Safe" modes and still have the PoP Ups althourh seenmingly
less.

Any further suggestions?
 
D

David H. Lipman

From: "Robert" <[email protected]>

| HI Dave,
| In accordance wih your instructions, I have downloaded latest
| Adaware,Spybot and BHO Demon. I have run Adaware and Spywot in both the
| standard mode and "Safe" modes and still have the PoP Ups althourh seenmingly
| less.
|
| Any further suggestions?
|

Download HiJack This!
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a log file and post it in one of the below...

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

{ borrowed from the alt.privacy.spyware News Group }
 
N

nskrepetos

Robert said:
HI Dave,
In accordance wih your instructions, I have downloaded latest
Adaware,Spybot and BHO Demon. I have run Adaware and Spywot in both the
standard mode and "Safe" modes and still have the PoP Ups althourh seenmingly
less.

Any further suggestions?
Click to expand...
<snip>

Robert,

I am the author of Super Ad Blocker with SUPERAntiSpyware. It will
detect and remove WinFixer 2005 in one pass:
http://www.superadblocker.com

Super Ad Blocker offers a fully functional 15-day trial. You can scan
and clean your computer and then remove Super Ad Blocker if you do not
wish to keep it.

You may wish to perform your scan in Safe Mode - we have a free tool
called BootSafe to make that process easier.
http://www.superadblocker.com/bootsafe.html

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
 
N

nskrepetos

Robert said:
HI Dave,
In accordance wih your instructions, I have downloaded latest
Adaware,Spybot and BHO Demon. I have run Adaware and Spywot in both the
standard mode and "Safe" modes and still have the PoP Ups althourh seenmingly
less.

Any further suggestions?
Click to expand...
<snip>

Robert,

I am the author of Super Ad Blocker with SUPERAntiSpyware. It will
detect and remove WinFixer 2005 in one pass:
http://www.superadblocker.com

Super Ad Blocker offers a fully functional 15-day trial. You can scan
and clean your computer and then remove Super Ad Blocker if you do not
wish to keep it.

You may wish to perform your scan in Safe Mode - we have a free tool
called BootSafe to make that process easier.
http://www.superadblocker.com/bootsafe.html

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Are WinFixer 2005 popups a sign of infection or just attempts at infection? 9
Winfixer 10
Winfixer 1
Removing a PC from a domain - enabling local accounts. 1
Winfixer spyware 2
I HATE WINFIXER 1
Winfixer passes right through MSAS? 3
WinFixer 2006 10

Top