WinFixer

Discussion in 'Spyware Discussion' started by Guest, Oct 29, 2005.

  1. Guest

    Guest Guest

    I haven't been getting any pop-ups but every time i run a spyware scan it
    detects it and when i delete it, it keeps comming back.
    what should i do?

    any help would be greatly appreciated
     
    Guest, Oct 29, 2005
    #1
    1. Advertisements

  2. Guest

    Guest Guest

    Hello Tanman;

    Try Microsoft Antispyware by doing a full, deep scan, in safe mode.
    Scanning with your updated antivirus at the same time is also a good idea.

    Download CCleaner.
    www.ccleaner.com
    and remove all temporarily junk.
    Also clean registry with "Issues".

    Download/Install Lavasofts Adawªre
    http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022-10399602.html?tag=list

    After install upgrade Adaware definitions with "Check for updªtes".

    See this for winfixer
    http://www.atribune.org/forums/index.php?showtopic=589


    From: "Andre Da Costa"
    Here are some solutions from this post:
    http://castlecops.com/postp616914.html

    Some solutions here from Andy Manchestª:
    First try Ewido and see if that can detect the problem and then try some
    online Virus scanners and see whats revealed, This may be connected to Trojan
    Vundo but you will need to use some scanners first to get a name for whatever
    is causing you prºblems:

    Here's a few incase you have problems with any ºf them:

    Trend Micrº

    http://housecall.antivirus.com/

    Pandª

    http://www.pandasoftware.com/activescan/

    Bitdefender

    http://www.bitdefender.com/scan8/ie.html

    Trojan Scªnner

    http://www.windowsecurity.com/trojanscan/trojanscan.asp

    Kªspersky

    http://www.kaspersky.com/virusscanner

    Spyware Scªnner

    http://www.trendmicro.com/spyware-scan/

    Let us know whats found and we will try to help more ºn this.

    Good luck

    Engel
     
    Guest, Oct 29, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    How do i get into safe mode?

    "Engel" wrote:

    > Hello Tanman;
    >
    > Try Microsoft Antispyware by doing a full, deep scan, in safe mode.
    > Scanning with your updated antivirus at the same time is also a good idea.
    >
    > Download CCleaner.
    > www.ccleaner.com
    > and remove all temporarily junk.
    > Also clean registry with "Issues".
    >
    > Download/Install Lavasofts Adawªre
    > http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022-10399602.html?tag=list
    >
    > After install upgrade Adaware definitions with "Check for updªtes".
    >
    > See this for winfixer
    > http://www.atribune.org/forums/index.php?showtopic=589
    >
    >
    > From: "Andre Da Costa"
    > Here are some solutions from this post:
    > http://castlecops.com/postp616914.html
    >
    > Some solutions here from Andy Manchestª:
    > First try Ewido and see if that can detect the problem and then try some
    > online Virus scanners and see whats revealed, This may be connected to Trojan
    > Vundo but you will need to use some scanners first to get a name for whatever
    > is causing you prºblems:
    >
    > Here's a few incase you have problems with any ºf them:
    >
    > Trend Micrº
    >
    > http://housecall.antivirus.com/
    >
    > Pandª
    >
    > http://www.pandasoftware.com/activescan/
    >
    > Bitdefender
    >
    > http://www.bitdefender.com/scan8/ie.html
    >
    > Trojan Scªnner
    >
    > http://www.windowsecurity.com/trojanscan/trojanscan.asp
    >
    > Kªspersky
    >
    > http://www.kaspersky.com/virusscanner
    >
    > Spyware Scªnner
    >
    > http://www.trendmicro.com/spyware-scan/
    >
    > Let us know whats found and we will try to help more ºn this.
    >
    > Good luck
    >
    > Engel
    >
    >
     
    Guest, Oct 30, 2005
    #3
  4. Guest

    Guest Guest

  5. Guest

    Jim Byrd Guest

    Hi Tanman - Four approaches to removing Winfixer (Vundo)

    1 - Symantec has a new Vundo remover:
    http://securityresponse.symantec.com/avcenter/FixVundo.exe
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html


    2 - It's been reported that the McAfee Removal Tool here is worthwhile:
    http://forums.mcafeehelp.com/viewtopic.php?t=57049


    3 - Then, courtesy of MVP Suzi Turner and Mosaic1:

    "Atribune, a guy in the forums, has a Vundo fix tool as well:

    Instructions for use by user as posted in the SpywareWarrior forum:

    'Please download VundoFix.exe to your desktop. Here's a link:

    http://www.atribune.org/downloads/VundoFix.exe

    Double-click VundoFix.exe to extract the files
    This will create a VundoFix folder on your desktop.
    After the files are extracted, please restart your computer into Safe Mode.

    Once in safe mode open the VundoFix folder and double-click on KillVundo.bat

    A command window will open and it should look like this:

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk

    At this point press enter one time.

    Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, to continue with the fix.


    At this point please type the following file path (make sure to enter it
    exactly as below!):
    C:\WINDOWS\system32\geeby.dll

    Press Enter.

    Next you will see:

    Please type in the second filepath as instructed by the forum staff

    At this point please type the following file path (make sure to enter it
    exactly as below!):
    C:\WINDOWS\system32\ybeeg.*

    Press Enter to continue.

    The fix will run then HijackThis will open.
    In HijackThis, please place a check next to the following items and click
    FIX CHECKED:


    O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} -
    C:\WINDOWS\system32\geeby.dll
    O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll

    After you have fixed these items, close Hijackthis.

    The fix will tell you to shutdown using the Power button. Hold in your power
    button until the computer shuts down. Wait about 15 seconds and then restart
    the computer into regular windows.

    Chkdsk will run. This is normal. It will take a few minutes and is checking
    your file system because of the Bad Shutdown we caused.

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.pandasoftware.com/activescan/

    Allow them to clean

    Panda will have the option to create a log after the scan has finished.
    Click
    the See Report button. Then click the save Report button. It will be saved
    under the name activescan.txt Do that and post that log into your next reply
    here.

    Run hijackthis and post the new log and the vundofix.txt file from the
    vundofix folder into as well.'
    ----------------------------------------------------------------------------
    --

    The forum helpers have reported this fix from Atribune works. I don't know
    about the Symantec tool.

    If you'd like to join Spyware Warrior, you could see the thread where the
    helpers are discussing this.

    Suzi"


    4 - Finally, you can try the fix and tool outlined here:
    http://forums.mcafeehelp.com/viewtopic.php?t=57049 It has been reported to
    be successful in several cases.

    _____________________________________________________

    Here's the HijackThis info you may need:

    Download HijackThis, free, here:
    http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
    fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
    You may also get it here if that link is blocked:
    http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

    There's a good "How-to-Use" tutorial here:
    http://computercops.biz/HijackThis.html

    In Windows Explorer, click on Tools|Folder Options|View and check "Show
    hidden files and folders" and uncheck "Hide protected operating system
    files". (You may want to restore these when you're all finished with
    HijackThis.)

    Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
    at the root level such as C:\HijackThis (NOT in a Temp folder or on your
    Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog
    when it's finished which will create hijackthis.log. Now click the Config
    button, then Misc Tools and click on Generate StartupList.log which will
    create Startuplist.txt


    Then go to one of the following forums:

    Spyware and Hijackware Removal Support, here:
    http://forums.spywareinfo.com/
    or Jim Eshelman's site here: http://forum.aumha.org/
    or Bleepingcomputer here: http://www.bleepingcomputer.com/
    or Computer Cops here: http://www.computercops.biz/forums.html
    or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx
    or Net-Integration here:
    http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

    Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
    of the particular site's HiJackThis forum, then copy and paste both files
    into a message asking for assistance, Someone will answer with detailed
    instructions for the removal of your parasite(s). Be sure you include at
    the beginning of your post a description of "What specific
    problem(s)/symptoms you're trying to solve" and "What steps you've already
    taken."




    *******
    ONLY IF you've successfully eliminated the malware, you can now make a new,
    clean Restore Point and delete any previously saved (possibly infected)
    ones. The following suggested approach is courtesy of Gary Woodruff: For XP
    you can run a Disk Cleanup cycle and then look in the More Options tab. The
    System Restore option removes all but the latest Restore Point. If there
    hasn't been one made since the system was cleaned you should manually create
    one before dumping the old possibly infected ones.
    *******


    When you get things cleaned up, take a look at my Blog, Defending Your
    Machine, addy in my Signature below, for some additional curative and
    preventive measures you might want to implement to help prevent this type of
    thing in the future.

    --
    Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
    My Blog, Defending Your Machine, here:
    http://defendingyourmachine.blogspot.com/

    "Tanman" <> wrote in message
    news:
    > I haven't been getting any pop-ups but every time i run a spyware scan it
    > detects it and when i delete it, it keeps comming back.
    > what should i do?
    >
    > any help would be greatly appreciated
     
    Jim Byrd, Oct 31, 2005
    #5
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tina

    Winfixer 2005

    Tina, Jul 12, 2005, in forum: Spyware Discussion
    Replies:
    3
    Views:
    295
    Black Diamond
    Jul 19, 2005
  2. Chris Delsman

    WinFixer

    Chris Delsman, Jul 20, 2005, in forum: Spyware Discussion
    Replies:
    1
    Views:
    165
    Andre Da Costa
    Jul 20, 2005
  3. Anonymous Coward

    WinFixer

    Anonymous Coward, Jul 19, 2005, in forum: Spyware Discussion
    Replies:
    1
    Views:
    206
    Anonymous Coward
    Jul 20, 2005
  4. John

    Winfixer and adserver

    John, Aug 14, 2005, in forum: Spyware Discussion
    Replies:
    2
    Views:
    2,000
    Guest
    Aug 15, 2005
  5. ethr

    winfixer popup

    ethr, Sep 10, 2005, in forum: Spyware Discussion
    Replies:
    8
    Views:
    1,373
    AndyManchesta
    Sep 13, 2005
Loading...

Share This Page