winfixer popup

E

ethr

I have been invaded by an ad program that keeps asking me
if I want to install 'winfixer'. Its also putting up ads
for various travel offers. Its a huge PITA and so far
none of the 'cleaning' programs (adaware, MS or
otherwise) are finding it. Has anyone else seen this?
 
A

Andre Da Costa

It's a utility program designed to scan and fix any
system, registry and hard drive errors.

Before jumping to conlussions about what an application
is, simply go online and pefrorm a search, as I did. I
used Google, and found a lot of information about the
application. You can go to
http://shareup.com/WinFixer_2005-download-33043.html, as
well as, winfixer.com. If Trend Micro's scanner said it
isn't spyware, then it probably isn't.

As for getting rid of the popups, you can try
http://paretologic.com/?id=purchase9&p=2&g=28, and
download the trial version of XoftSpy to try to remove
the popup.

If you used the Add or Remove feature of XP to uninstall
the application this could be the root cause of the
problem, as this feature doesn't always remove all parts
of the application. The uninstaller for many
applications is a simplified version of the one used to
install the application, and might not remove all parts
form the system. It's this uninstaller that Add or
Remove Programs uses when uninstalling the application.

I'm wondering if it was a trial version that you
installed while installing another application, which is
possible. What you might want to do is explore any
CDs/DVDs of software that you installed on the system to
see if they contain WinFixer 2005. If you find one, you
can try installing the application from the installer,
reboot the system, and then run the installer again to
remove it. This way the application mihgt be completely
removed.

Alan
--
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
 
A

AndyManchesta

This isnt genuine its a scam and comes as a result of
malware, There is alot of malware infections going around
that include winfixer as part of the bundle.
SurfSideKick,Trojan Vundo, Aurora, PacerDMedia, Exact and
more.If you install it use the add/remove and remove it
if you havent installed it Id say you have malware on
your system.


Andre

Sorry Ive not visited the link you gave but this is
scumware and full of false detections to fool people into
paying them money,

I sent many examples of this to Eric L. Howes showing it
was detecting Ewido & Adaware entries also the wav sounds
from the pinball game and alot more and showing them
as "Damaged File on C" & "Critical" ?

Its the same company as WinAntispy2005 and
WinAntivirus2005 and although I havent checked I'm sure
these will have a place on the Rogue lists. In your
search of google Im sure you have viewed some posts that
explain this is a scam and anyone who gives this company
credit card information is taking a big risk in my view.

Ad-Aware released a beta definition file a couple of days
ago which includes Winfixer so maybe worth checking that
to see if its now a public release.

I also do not trust Paretologic because of thier business
methods when they started out by registering through
Domains By Proxy plus using Adaware & Spybots names in
search engines to fool users into using thier scanner
thinking it was connected to the above genuine removers.

The free scanner was always giving the same detections
saying the system was infected with a dialer and
coolwebsearch to trick people into purchasing the product
to remove the malware that didnt exist, Also the
affiliates they used at that time are now pushing all the
other rogue antispy products we see today.

I know they have cleaned the company up and are now doing
alot better but I wouldnt recommend them because of the
way they acted in the past. I appreciate this is a matter
of opinion and users of Xoftspy today are probably happy
with the service but I have a problem with the tactics
they used to get into that position.

There's many free Antispy products around and If Xoftspy
is the same as it used to be they will not remove malware
unless you pay them so there is no need to do that when
there is Ad-Aware SE, Spybot, MS Antispy, Ewido etc.. to
remove all these problems for free , If users wish to use
Xoftspy thats thier choice but the free alternatives
should be the first step.

I'd say if the user is getting pop ups for winfixer they
are infected with malware so try Ewido Security Suite &
Adaware SE then use Ccleaner to remove any unused or Temp
files from your system and then let us know if this
continues

All the best

Andy
 
E

ethr

I haven't installed Winfixer. What Im getting are popups
telling me that I *need* to install it. They hijack the
browser page and then shut IE down when I don't install
Winfixer. Im also getting various Travel site webpage
popups as well. So there is something tied into IE
installed somewhere. I have scanned the obvious places in
the registry but haven't found anything.
 
A

AndyManchesta

First try Ewido and see if that can detect the problem
and then try some online Virus scanners and see whats
revealed, This may be connected to Trojan Vundo but you
will need to use some scanners first to get a name for
whatever is causing you problems:

Here's a few incase you have problems with any of them:

Trend Micro

http://housecall.antivirus.com/

Panda

http://www.pandasoftware.com/activescan/

Bitdefender

http://www.bitdefender.com/scan8/ie.html

Trojan Scanner

http://www.windowsecurity.com/trojanscan/trojanscan.asp

Kaspersky

http://www.kaspersky.com/virusscanner

Spyware Scanner

http://www.trendmicro.com/spyware-scan/

Let us know whats found and we will try to help more on
this.

All the best

Andy
 
D

Dave Abbott

I have been bugged with this for over 2 weeks now.
CWSHredder finds VX2.Look2me but does not fix it. I think
it is a new variant.
BHODemon will disable the file "byxyv.dll" and pop up
activity dissapears. BHODemon says it is "VundoB" it
isn't. Symantec VundoB removal tool says system is clean!
(not infected)
Ewido finds the file "byxyv.dll" but does not remove it.
(says it has but alas, no) Ewido says it is "Virtumonde".
It isn't. Symantec Virtumonde removal tool says I am
clean!(not infected)
MSAntispyware allows removal of the offending BHO but it
simply rewrites itself.
I have tried all available trial versions and scanners,
nothing fixes it, even in Safe Mode.
I believe it has hijacked legitimate files that run even
in safe mode, thus protecting itself and rewriting any
removals.
If I delete the registry entry for byxyv.dll, it simply
returns.
Reading forums I am sure it is VX2.Look2me (new variant),
read this one:-
http://www.computing.net/security/wwwboard/forum/14257.htm
l
Only solution I can see at the moment is to format the
hard drive and reinstall everything.
 
A

AndyManchesta

Sorry for the delay and I hope you havent formatted your
pc yet :)

Download Hijack This and email me the log it produces and
I'm sure we can get rid of this, Both Vundo and Look2me
use the Winlogon/Notify key to call the file plus has
alot of hidden files, Removing the file but not removing
the Winlogon entry that is calling the file can cause
conflict and there is a very real chance the system may
refuse to reboot if the Winlogon/Notify points to a
invalid entry so this may be why Ewido isnt removing this
file,

Download Hijack This

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Save it to desktop or C:drive. Extract and run and
choose "System scan and save logfile" when its finished
scanning it will open the results in notepad, send this
to me and I will get a fix together after Ive checked the
log, NOTE* most of what Hijack This finds will be
harmless or even essential, you can post it at
spywareinfo,tomcoyote or other Hiajck This forums to
receive help in removing this infection or send it to my
email and I will get a reply to you as soon a possible
but if you send it to me first try Trend or Panda and
also include the scan log from Ewido(When its completed
the scan it will give options at the bottom, choose save
report and save it to your desktop and send this with a
Hijack This log)

Regards Andy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Winfixer passes right through MSAS? 3
Finding popup loader 2
Online Advertising .. 0
Is Microsoft ever going to expose ADS to the end user? 31
Windows Vista Definative protection in Vista (possible sticky) 4
Outlook connector prompting to upgrade 9
Learn html, css, xhtml, javascript, etc - OT Link 1
Service Pack 2 crashes programs 7

Top