FNTCACHE.dat?

FNTCACHE.DAT (FoNT CACHE) comes with a clean install of Microsoft Windows 2000 Professional.   FNTCACHE.DAT is located in "C:\WINNT\system32\".    

believe it or not, despite all the "expert" advice i've been giving people about winfixer over the past few weeks, i've never personally encountered it on any of my machines (hope this isn't gonna be a "jinx" now).   i've been working with (and learning from the likes of) RKinner, as to how to analyze symptoms and respond accordingly.

 

most people complain that, once they get an initial popup requesting them to install winfixer, the program will go ahead and do so, even against the expressed will of the user, who clicks on NO, CANCEL, or X-out-the-program.   on that basis, it's likely that you still have some form of the infection.

 

however, if you've received the popup only once, and it doesn't come back again (in particular, after re-booting your system), maybe you're one of the rare, lucky people.   so, unless/until you get another/more winfixer popups, if you want to sit by and "hope for the best", that's certainly your option.

 

part of the problem with winfixer is that there are at least 6  (??) distinct versions, and each version has a separate "fix"-procedure of its own.   a tool such as HiJackThis will hopefully reveal which particular version you have, and then, we can offer you the appropriate cure.

 

if you absolutely insist on avoiding HJT, and just want to "play the odds" [which are strongly in favor of this particular version], you can try the following, which will handle the most common forms of WinFixer (O2-MSEvents; and/or "blank"-O2 with corresponding O20):

 

Download [but do *NOT* yet run] FixVundo from

http://securityresponse.symantec.com/avcenter/FixVundo.exe

[we'll have you run it later]

Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.

********************

Next, download VirtumundoBeGone from:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated

please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.

just reboot if your system "jams"

*********************

After rebooting, it's now time to run FixVundo (which you had downloaded earlier).

Make sure all other programs, including your Internet Browser, are closed.

Double-click the FixVundo.exe file to start the removal tool.

Click Start to begin the process, and then allow this tool to run.

Important: Do not launch any new applications while the tool is running!

Reboot your computer.

Run the FixVundo removal tool again to ensure that the system is clean.

*********************

It's now time to report back to us:

VirtumundoBeGone

generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/ paste the VirtumundoBeGone log back here.

 

 

"killing" the program mid-process, via task manager, might have made a difference... but i just can't say with any certainty.

 

since there are so many different versions of winfixer, i really can't say what to look for, and where.... things don't necessarily have to be placed in the system32 folder.

 

i've searched around, and see that you've previously generated and posted HJT logs here.  I also see you had significant problems, with "major" fixes suggested,  so i can understand your reluctance to get "overly" involved.   if you want to post a log here, for me to look just for winfixer (no more, no less), i can do that.   and then you can decide whether or not you want to proceed any further with it.

 

if i don't get to it today, i'll be back tomorrow.