Winfix

[Keith]

A program called Winfix or Winfix2005 has installed itself on my computer.
Symantec identify it as a dialler which dials out on expensive lines to a
variety of sites, some pornographic. But Norton cannot remove it. I have
tried editing the registry to delete all refernces to it, my AdAware Watch
spots it and gives this report
"16/12/2005 08:41:38 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:NI.UWFX5_0001_N57M2811
Data:"C:\WINDOWS\Downloaded Program
Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
New Data:"C:\WINDOWS\Downloaded Program
Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
These registry entries I delete they reappear after rebooting.
The "C:|widows\downloaded program files\UWFX5_01 ..."
I check but it is not there!!
HELP!...?

 

[Malke]

A program called Winfix or Winfix2005 has installed itself on my
computer. Symantec identify it as a dialler which dials out on
expensive lines to a variety of sites, some pornographic. But Norton
cannot remove it. I have tried editing the registry to delete all
refernces to it, my AdAware Watch spots it and gives this report
"16/12/2005 08:41:38 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:NI.UWFX5_0001_N57M2811
Data:"C:\WINDOWS\Downloaded Program
Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
New Data:"C:\WINDOWS\Downloaded Program
Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
These registry entries I delete they reappear after rebooting.
The "C:|widows\downloaded program files\UWFX5_01 ..."
I check but it is not there!!
HELP!...?

There are various removal methods. Here are some notes with things for
you to try:

1 - Feedback from users reports that the Removal Tool works:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

2 - Symantec has a new Vundo remover:
http://securityresponse.symantec.com/avcenter/FixVundo.exe
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/adware.virtumonde.html#removalinstructions

3 - Courtesy of Dave Lipman:

"Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in
c:\mcafee }

4 - McAfee has a combined automated/manual removal procedure here:
http://vil.nai.com/vil/content/v_127690.htm

5 - Then, courtesy of MVP Suzi Turner and Mosaic1:

"Atribune, a guy in the forums, has a Vundo fix tool as well:

'Please download VundoFix.exe to your desktop. Here's a link:

http://www.atribune.org/downloads/VundoFix.exe

Double-click VundoFix.exe to extract the files. This will create a
VundoFix folder on your desktop. After the files are extracted, please
restart your computer into Safe Mode. Once in safe mode open the
VundoFix folder and double-click on KillVundo.bat

6 - Grinler, (Lawrence Abrams, a Security MVP), has another removal
method that can be used if the recommended method fails :
http://www.bleepingcomputer.com/forums/topic18610.html

Malke

 

[David H. Lipman]

From: "Keith" <[email protected]>

| A program called Winfix or Winfix2005 has installed itself on my computer.
| Symantec identify it as a dialler which dials out on expensive lines to a
| variety of sites, some pornographic. But Norton cannot remove it. I have
| tried editing the registry to delete all refernces to it, my AdAware Watch
| spots it and gives this report
| "16/12/2005 08:41:38 - Registry modification detected
| Root:HKEY_LOCAL_MACHINE
| Key:Software\Microsoft\Windows\CurrentVersion\Run
| Value:NI.UWFX5_0001_N57M2811
| Data:"C:\WINDOWS\Downloaded Program
| Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
| New Data:"C:\WINDOWS\Downloaded Program
| Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
| These registry entries I delete they reappear after rebooting.
| The "C:|widows\downloaded program files\UWFX5_01 ..."
| I check but it is not there!!
| HELP!...?
|

wo phase answer...

Perform Part 1 the perform part 2

Part 1
------------
Download Adware-Virtumundo Removal Tool v1.5 --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

Part 2
------------
Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.

* * * Please report back your results * * *

 

[Plato]

A program called Winfix or Winfix2005 has installed itself on my computer.

Next time do not install it.