Where does Winfixer come from?

B

Brett Romero

I keep getting prompts to install Winfixer. Sometimes it's a popup browser
window. Other times it's actually a Windows installation ready to install.
I don't have this program installed. I've ran Spybot several times and it
hasn't listed this program. It only happens when I'm using my browser.

Any ideas how I get rid of it?

Thanks,
Brett
 
J

Jon Kennedy

This is caused by spyware/malware that's gotten installed on
your system. Use Ad-Aware, MSAS and/or Spybot Search & Destroy to remove
it.

Microsoft Anti-Spyware (beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ad-Aware: http://www.lavasoftusa.com/
Spybot: http://www.safer-networking.org/en/index.html
Good sites on how to install and use Spybot -
http://www.safer-networking.org/en/tutorial/index.html
http://tomcoyote.com/SPYBOT/index1.php

Also download a winsock repair tool, to have just in case cleaning up
anything found breaks it -

Winsock repair tools:
LSPFix- all versions of Windows http://www.cexx.org/lspfix.zip
Winsock2 Fix- Win98, ME
http://www.bu.edu/pcsc/internetaccess/winsock2fix.html
LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip

More information here:
http://www.spywareinfo.com/
http://inetexplorer.mvps.org/tshoot.html
http://www.doxdesk.com/parasite/ - runs a little script when loading page to
check for common parasites

If all the above fails, and winfixer is a really fast morpher, and can be
difficult to remove, then the problem could be something new that the
spyware cleaners above don't have in their databases yet. In that case....
HijackThis direct download:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

Or try this program to get some of the most nasty malware:
CWShredder direct download:
http://aumha.org/downloads/cwshredder.zip

An alternate resource for all of this and more:
http://www.aumha.org/secure.htm
 
P

PA Bear

Winfixer (AKA Vundo) is hijackware. You may be (more) vulnerable if you've
not installed the latest version of Sun Java.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**
 
B

Brett Romero

Looks like Ad-Aware fixed it.

Thanks,
Brett

Jon Kennedy said:
This is caused by spyware/malware that's gotten installed on
your system. Use Ad-Aware, MSAS and/or Spybot Search & Destroy to remove
it.

Microsoft Anti-Spyware (beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ad-Aware: http://www.lavasoftusa.com/
Spybot: http://www.safer-networking.org/en/index.html
Good sites on how to install and use Spybot -
http://www.safer-networking.org/en/tutorial/index.html
http://tomcoyote.com/SPYBOT/index1.php

Also download a winsock repair tool, to have just in case cleaning up
anything found breaks it -

Winsock repair tools:
LSPFix- all versions of Windows http://www.cexx.org/lspfix.zip
Winsock2 Fix- Win98, ME
http://www.bu.edu/pcsc/internetaccess/winsock2fix.html
LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip

More information here:
http://www.spywareinfo.com/
http://inetexplorer.mvps.org/tshoot.html
http://www.doxdesk.com/parasite/ - runs a little script when loading page
to
check for common parasites

If all the above fails, and winfixer is a really fast morpher, and can be
difficult to remove, then the problem could be something new that the
spyware cleaners above don't have in their databases yet. In that
case....
HijackThis direct download:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by
the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

Or try this program to get some of the most nasty malware:
CWShredder direct download:
http://aumha.org/downloads/cwshredder.zip

An alternate resource for all of this and more:
http://www.aumha.org/secure.htm


--

Jon R. Kennedy
Charlotte, NC, USA
(e-mail address removed)
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Winfixer passes right through MSAS? 3
winfixer and winantispyware2005 deceptive popups with other side effects? 1
deletegrimacid on toolbar 1
Where does the Manufacturers list come from??? 7
Internet Explorer delay on dialup reconnect 2
Downloaded Program Files Folder 1
IE6 in New Browser - Command Line Switch 11
Why won't Yahoo mail work in IE???? 4

Top