Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

SamiSueXP

1 Message

7235

November 30th, 2005 00:00

Getting rid of WinFixer 2005

I can't get rid of WinFixer 2005. I just recently got McAfee Security Center 10.0. It doesn't detect any viruses. But this WinFixer 2005 has been driving me insane for 2 weeks now.
 
Please HELP!

byker49

569 Posts

November 30th, 2005 01:00

Try using Spy Sweeper (webroot trialware)

scottlarockman

68 Posts

November 30th, 2005 02:00

Go to here Winfixer 2005 Removal Click the link for Winfixer Removal, and there are steps to remove it there. It isn't too bad to remove actually.

dxernnj

183 Posts

November 30th, 2005 10:00

In a previous post (10-31-2005) I have noticed that ky331 has given this site to check for WinFixer 2005. You might want to consider checking this.

http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=16923#M16923

ky331

3 Apprentice

 • 

15.2K Posts

November 30th, 2005 14:00

SamiSueXP (and all other participants here):
 
there are at least 6 different/distinct variations of WinFixer infections:  
1) MSEvents-type vundo/virtumundo trojan  (generally, a 5-letter randomly named .dll file)
2) ALTDistrib-type vundo/virtumundo trojan (generally, a 5-letter randomly named .dll file)
3) CATLEvents-type (.dat file)
4) SurfAccuracy, and the "simple" installers
5) "resistant" installers
6) "stealth"/hidden/rootkit versions
7) and perhaps other versions  [yet unclassified]
 
each distinct version requires a different approach to fix it.   So the first thing that needs to be done is to determine precisely which version the person has.   And about the only way to do this, is to generate and post a HiJackThis log, in the HJT forum.   [I will give detailed directions to do so, later in this post].
 
************
 
WebRoot Spysweeper is indeed a first-rate, excellent program.  it is highly effective in "killing" the vundo/virtumundo trojan versions of WinFixer.   [Presumably, it can handle some, and perhaps even all, of the other versions as well... but i'm just not sure].   the only downside to this product is that the free download is only for a 14-day trial period.   meaning that, if a person gets another infection (or re-infection) after the 14 day period has passed, they will then first need to find another/alternative fix for the problem... or else, buy the full/paid version of SpySweeper (which, considering its effectiveness, might indeed be a very wise move).   but i am trying to avoid getting involved with a paid situation. 
 
****************
 
having specialized in removing WinFIxer infections over the past several weeks, I can confidently assert that the WinFixer 2005 Removal webpage/link suggested by ScottLaRockMan:
 
a) applies essentially to the first type of WinFixer (MSEvents, plus an "un-named"/blank-BHO version of the  vundo/virtumundo trojan)... and to a lesser extent, to the second type (ALTDistrib can be attacked via the "step 9" - Atribune VundoFix)... but *NOT* to any of the other versions of WinFixer.
 
b) does not adequately explain even this one "sub-case" of WinFixer:  it simply cites two specific examples, without any elaboration as to what people should be looking for in general.
 
c) advocates a 10-step procedure... in which most of the steps are in fact non-essential (steps 1-6, 8, and 10)... and moreover, the only critical/rquired  steps (specifically, step 7 ; and, if necessary, step 9) have the "warning"  to "Use these programs and instructions at your own risk!"  and "for advanced users only"
 
because of all these pitfalls, i strongly advocate people NOT follow this link's recommendations.
 
***********************
 
the link suggested by dxernnj has indeed helped many people solve their winFixer problem [as of this writing, this link has been viewed over 46 thousand times!  (not sure how many times i've gone there myself :smileywink: )  however, the fix cited there, which applies in the MSEvents vundo/virtumundo trojan case --- and which i advocated at the time it was written --- is somewhat complicated, and we now have a newer/simpler fix that i'm recommending instead.
 
******************
 
so the bottom line, again, is first get a diagnosis, via HiJackThis, and then, get the appropriate fix for your version.
 
Download the latest version of HJT(hijackthis) (version 1.99.1) from

http://majorgeeks.com/download3155.html

you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.

The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer.   If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )

After Unzipping, double click on HiJackThis.EXE

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.
 
 
Supplemental note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people.   Nevertheless, it seems that many individuals try to be "creative", and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process. 
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)  BAD:  using an older/outdated version of HiJackThis...
The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b) BADusing a TEMP directory or your DESKTOP for HJT....
Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative.
c) BAD:  posting your log in the wrong forum...
if you post your log back here, in the Virus/SpyWare forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.
 

POST SCRIPT:   It has come to my attention that many people are unfamiliar with how to create the recommended sub-directory/folder   C:\HJT   

while others are able to create this directory, but are unsure how to move HJT into it (from wherever it happened to get downloaded into, "by default")...  
If you have either of these "problems", then you should d ownload a self-extracting copy of HijackThis from
Save it to your Desktop.
Double-click on the file    hijackthis_sfx.exe    file, and it will self-extract into its own folder,
C:\Program Files\HijackThis

 

Message Edited by ky331 on 11-30-2005 04:34 PM

View More

View All

No Events found!

Top