Winfixer 2006 - MS AntiSpyware misses it completely

[Guest]

I've run MS AntiSpyware and it checks pmkhi.dll under c:\windows\system32
and goes completely past it, and that is one of the worst files in the World
right now for causing people havoc, Search Winfixer 2006 anywhere on the net
and about 300,000 occurrences appear, most of these are screwed with the
Trogun.Vundo virus that Winfixer 2006 deliberately puts on your PC.

The latest Norton AntiVirus Auto-Protect enabled sees it, but can't get rid
of it, in fact it screws Norton up until you're forced to turn Norton off.
Has anyone got an easy way to get rid of this Malicious intent from the
company of Winfixer.com, their support line ignores anyone who dosn't buy
their software, even after purchase people still have problems.

 

[Guest]

Hello LoneRanger,

Here are some solutions from this post:
http://castlecops.com/postp616914.html

http://www.bleepingcomputer.com/for...janVundoB-Search42com-MSevents-tx18610-0.html

See this
http://www.atribune.org/forums/index.php?showtopic=589

http://www.bleepingcomputer.com/forums/topic18610.html

http://securityresponse.symantec.com/avcenter/FixVundo.exe

http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html

http://forums.techguy.org/t412315.html

http://forums.techguy.org/t410048.html

I hope this post is helpful, let us know how it works ºut.
Engel

 

[Guest]

Hi LoneRanger

I'm suprised Microsoft's scanner isnt detected the file but Vundo was
updated around the end of November and maybe has been again since then so
maybe Microsoft need to get afew samples of the files so they can be added,

Like you say Winsoftware is clearly a rogue company and not one many people
would recommend giving credit card information to but I do not know if they
are connected to the Trojans, if they are not they should be doing alot more
to stop their affiliates as they sponsors an affiliate program with
softwareprofit.com where website owners are payed based on the amount of
sales and this is possibly one of the reason's Vundo is causing so many
problems due to malicious affiliates.

Winsoftware's contact details are also abit vague, They have a hosting
provider in Calgary and then a P.O. Box address in Kiev. They also own
(WinAntivirus, WinAntispy, WinAdblocker, WinPopupguard, WinDrivecleaner,
WinFixer, WinFirewall & WinContentFilter) Its abit ironic them trying to sell
a popup guard

To fix the problem download Atribune's Vundofix

http://www.atribune.org/ccount/click.php?id=4

Save it to your desktop, Double-click VundoFix.exe to run it. Click the
Scan for Vundo button. Once it's done scanning, click the Remove Vundo
button.

You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on. It will create a text file in c:\drive called
'vundofix.txt' which can be post back if needed..

Then, please run this online virus scan:

http://www.pandasoftware.com/products/activescan.htm

Once its finished scanning choose 'See Report' then save the scan log to
your desktop incase you need it again.

All The Best

Andy

 

[Guest]

I've run MS AntiSpyware and it checks pmkhi.dll under c:\windows\system32
and goes completely past it, and that is one of the worst files in the World
right now for causing people havoc, Search Winfixer 2006 anywhere on the net
and about 300,000 occurrences appear, most of these are screwed with the
Trogun.Vundo virus that Winfixer 2006 deliberately puts on your PC.

The latest Norton AntiVirus Auto-Protect enabled sees it, but can't get rid
of it, in fact it screws Norton up until you're forced to turn Norton off.
Has anyone got an easy way to get rid of this Malicious intent from the
company of Winfixer.com, their support line ignores anyone who dosn't buy
their software, even after purchase people still have problems.

 

[Guest]

The best forum I've found to address this issue is cyber tech. It uses a
combination of vundo, bitdefender and hijackthis to pinpoint and correct
winfixer--it seems to have emanated from aol messenger in a lot of cases.
Hope this info helps--it has a number of other folks.

 

[Guest]

Hey all you guys are great, thanks, Winfixer 2006 gone in 1/2 hour, two
things I noticed, trial run of xoftSpy could find the registry entries that
Norton missed, but wouldn't find pmkhi.dll (went straight past) whereas
Norton found pmkhi.dll but couldn't delete it, Norton scan goes past it also,
but catches it on it's Auto Protect enabled mode as pmkhi.dll starts up to do
damage. So looking up Winfixer on Symantec.com web site viruses told me to
run Norton in Windows safe mode to enable to delete files, in safe mode with
Norton I manually drilled down in Norton manual scan and picked that file
out, and Norton deleted it. So solution is Norton is better at catching
terminate resident programs with it's Auto Protect Enabled, whereas XoftSpy
is a scanner, so I purchased XoftSpy for $39.95 and it gets rid of the
registry entries better and scans the whole system at startup pretty fast (I
have 80 gig) in a few minutes, Norton is slow at scanning my 80gig, (1 hour)
but you also need Norton to catch on the fly stuff while you're working,
together those two did the trick, and 1/2 hour later, Winfixer has never been
back. Moral today is, to protect yourself from everything around, you may
need to invest in two good programs, whereas years ago, most all you needed
was one. I can recommend XoftSpy for speed scanning and Adware, and Norton
for Viruses, scanning email, and files whilst connecting. XoftSpy also
catches on a scan all cookies which are no good, pop up and minor annoyances
and never touches your login or good site cookies, and I have a thousand good
ones on my favourites.

 

[Anonymous Bob]

... So solution is Norton is better at catching
terminate resident programs with it's Auto Protect Enabled, whereas XoftSpy
is a scanner, so I purchased XoftSpy for $39.95...

<snip>

I'm afraid that Xoftspy and the parent company, Paretologic, don't have the
best of reputations in security newsgroups. Personally, though they have
made soon changes, I don't trust them.
http://www.spywarewarrior.com/rogue_anti-spyware.htm#xos_note

Bob Vanderveen

 

[Guest]

I've run MS AntiSpyware and it checks pmkhi.dll under c:\windows\system32
and goes completely past it, and that is one of the worst files in the World
right now for causing people havoc, Search Winfixer 2006 anywhere on the net
and about 300,000 occurrences appear, most of these are screwed with the
Trogun.Vundo virus that Winfixer 2006 deliberately puts on your PC.

The latest Norton AntiVirus Auto-Protect enabled sees it, but can't get rid
of it, in fact it screws Norton up until you're forced to turn Norton off.
Has anyone got an easy way to get rid of this Malicious intent from the
company of Winfixer.com, their support line ignores anyone who dosn't buy
their software, even after purchase people still have problems.

 

[Guest]

I've run MS AntiSpyware and it checks pmkhi.dll under c:\windows\system32
and goes completely past it, and that is one of the worst files in the World
right now for causing people havoc, Search Winfixer 2006 anywhere on the net
and about 300,000 occurrences appear, most of these are screwed with the
Trogun.Vundo virus that Winfixer 2006 deliberately puts on your PC.

The latest Norton AntiVirus Auto-Protect enabled sees it, but can't get rid
of it, in fact it screws Norton up until you're forced to turn Norton off.
Has anyone got an easy way to get rid of this Malicious intent from the
company of Winfixer.com, their support line ignores anyone who dosn't buy
their software, even after purchase people still have problems.

I had lots of problems with this Winfixer scourge as well (mine was
awtqq.dll) causing stand by and battery problems too. Microsoft and Symantect
missed the boat here big time but the little guy (who works for donations)
atribune.org did the trick with their vundo removal exe. Kudos to them. Shame
to the big guns. Very disappointed that ms beta did not remove all the
variants eventhough it gave impression that it did. Glad Bill is the biggest
billionaire.....