Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

jasonme1

3 Posts

2040

September 28th, 2005 15:00

Winfixer2005 uninstaller (only for winfixer2005)

      i had this same exact problem a month ago with winfixer2005 installing. i tried all that adaware and spybot stuff. i didn't bother with the hijackthis thing or that l2m-whatever fixer or the V2X thing (it doesn't work with winfixer2005 anyway, it'll keep re-installing). i bet you had the 'Winfixer2005' scanner pop-up constantly coming up, right? and with that annoying multiple 'iexplore.exe' process coming up, right? well here's your solution!
 
     go to this link http://www.mypctuneup.com/. this link goes to the company's website uninstaller, made by the same company. kinda the last place you'd expect, isn't it? :D
 
     just follow the instructions to uninstall it. you're gonna have to reboot afterwards. no, it won't install other programs; that's what i thought at the time and i was really desperate. it takes out winfixer2005 completely. for other adware programs, you'll have to use other methods like Adaware and Spybot.
i haven't had winfixer2005 or that 'iexplore' process coming up again since then.
 
if that uninstaller in that link doesn't work, try this one. http://www.mypctuneup.com/evaluate.php?b=aurora

EDIT: if you find this works, i URGE you to spread this message to other boards that need help with Winfixer2005. i'm trying to spread the word because i see that it's a growing problem, but i'm only one person and i don't have the time to do this all day!

also, mention that it only uninstalls Winfixer2005. you'll have to use other programs to uninstall the other spyware.

Message Edited by jasonme1 on 09-28-2005 11:51 AM

jasonme1

3 Posts

September 28th, 2005 15:00

i had no other problems with winfixer2005 after i used the uninstaller. nothing showed up in my processes, my computer didn't slow down, my spyware and virus checkers didn't find any problems.
 
like i said, winfixer2005 may not be the only spyware that's still on your computer; you'll have to search for those. the fix i put up only pertains to winfixer2005.
 
EDIT: i know the uninstaller is made by the same company that made Winfixer2005 in the first place, but the thing is is that it works. that Xupiter spyware thing had an uninstaller at the company's website and that worked too. i'm just trying to help others that need help with Winfixer2005.

Message Edited by jasonme1 on 09-28-2005 11:53 AM

ky331

3 Apprentice

 • 

15.2K Posts

September 28th, 2005 15:00

jason,
 
the site you so strongly recommend has been examined here previously... only then, the question was whether or not it should be used to remove nail/aurora.   this is the first time i've seen it suggested as an alleged  "cure" for winfixer.
 
I will quote now from ChrisRLG, founder of the Malware Removal University:
 
"That link is to the uninstall program that is provided by the makers of this malware.
 
When we find new malware, we (collectively the anti-malware forums) find or make a 'cure' for it. Some times a 'cure' is found that is provided by the makers of the malware, when that happens we (collectively) test it (using testbeds with sniffers etc).
 
Some experts have tested it (Not myself) and it was found to be unsatisfactory either in its completeness or in its privacy (it itself phoning home) and so is not recommended by most anti-malware experts."
 
 
in addition, be advised that there are MANY "variations" of winfixer, so there's a question as to how "universal" this might be... does it work on ALL cases of winfixer, or only certain "variations" of it.  but more fundamentally, are there any "hidden" problems lurking after this alleged fix?   please understand, i'm NOT asserting this necessarily HAS to be bad.... i personally don't know one way or the other... but I do think that prudence and skepticism are in order, before we proclaim this as an amazing cure-all.  (give some of the EXPERTS here a chance to check things out, and offer you a confirmation or rebuttal, as the case may be.)
 
 

Message Edited by ky331 on 09-28-2005 01:51 PM

jasonme1

3 Posts

September 28th, 2005 16:00

eh? did you actually try the uninstaller? it may look like it's not for it, but it is.
 
the one i tried was in the "EDIT" link i posted.

ky331

3 Apprentice

 • 

15.2K Posts

September 28th, 2005 16:00

jason,
 
i was willing to gamble to access the [first] link you gave, and indicated what i saw there.   .
 
NO, i did NOT actually download their "uninstaller"...  a fortiori, I didn't run it.
(and since my PC here is not infected by Winfixer, there would be no point for me to have run it).
 
you wrote, " it may look like it's not for it, but it is".... may i therefore inquire as to who/what suggested this "fix" to you in the first place, given that "it may [even] look like it's not for [winfixer]"? 

Message Edited by ky331 on 09-28-2005 03:43 PM

ky331

3 Apprentice

 • 

15.2K Posts

September 28th, 2005 16:00

jason
 
out of curiosity (and perhaps being foolhardy), i risked accessing the first link you indicated.   it immediately informed me that MyPCTuneUP .com is now BestOffersNetworks , and then automatically re-directed my browser over to the BestOffers "Uninstaller" site.  
 
but there was absolutely no indication there as the WHAT this uninstaller was intended for !!   
it didn't mention WinFixer...
it didn't mention NAIL/Aurora/epolvy...
it didn't mention ANYTHING! 
 
I went one step further, and clicked on their "free software" link, to see what products they advertised... there were a few... but no winfixer, and no NAIL.

Message Edited by ky331 on 09-28-2005 03:41 PM

ky331

3 Apprentice

 • 

15.2K Posts

September 28th, 2005 17:00

jason,
 
i'm asking around, and have gotten a partial response so far [from RKinner]:
 
in terms of the previous claim, that this site would remove nail/aurora, Robert Clemenzi has researched the matter and concluded that:
 
"while it does appear to remove  most [but not all] of the Aurora virus [i.e., it does not remove the epolvy component], it also removes 3 [legitimate] Microsoft executable [files:
        C:\WINDOWS\TASKMAN.exe
        C:\WINDOWS\Q330994.exe
        C:\WINDOWS\ieuninst.exe  ]
without explaining why.... and it is [entirely] possible that this [removal of these legitimate files was intentional, in order] to make your system more vulnerable to future attacks."
 

Message Edited by ky331 on 09-28-2005 03:10 PM

dalem29

1 Rookie

 • 

2.2K Posts

September 28th, 2005 19:00

Jason's first post came across to me as a bit too breathless and positive. It just didn't pass my personal smell test. Usually the so called cures are discovered by the people who are working every day to solve these problems and are then used and mentioned by legitimate responders on the trusted forums. Just my personal opinion....

Message Edited by dalem29 on 09-28-2005 02:20 PM

Midnight Star

4.8K Posts

October 1st, 2005 23:00

Jason,

I'm sure you probably meant well, but it's not commonly acceptable among forums abroad (including this one), for a new member to use the forum to "spam-vertise" another forum they may be a member of, or have a vested interest in, to provide help for a specific problem posted by another user - this implies that it is the sole belief of the advertised forum, that the users here at Dell are not capable of providing reasonable assistance for the original poster, and seek to offer what they "deem" to be correct or a more timely response.

There are many exceptionally smart and gifted people here in these forums, that are more than capable of handling most problems; even those few "problems" that are posted intentionally by those seeking to "test" the forums out for "member" profiling statistics (you know, knowledge, strengths, weaknesses, who's the man - that kinda stuff).

Another thing to note...there's been quite a few "new" members that are spam-vertising in various threads back to the very website you mention. I would venture a guess that some are members of said website, and are posting here under different or "assumed" names, attempting to drive "traffic" towards the linked site. Now if that's the case, what would Dell as a company need to do, in conjunction with the linked site, to prevent their intellectual properties (the forums) from being used as an unwitting "trafficing" tool. So, can you now see the potential problem?

Most experts here, working at Dell, are comfortable with using a specific set of cleanup tools, just like the forum you mention have their own preferred set, and are not likely to change if they work as expected. I also doubt that members here, as dedicated as they are, would sign up at other forums, including the one you provide a link to, to "advertise" that the cleanup methods listed there are ok, but for best help, they should come to the Dell forums; with full links provided.

This post isnt meant to attack or inflame, since your a new member, but please keep in mind, that many helpers here have spent hundreds, and hundreds of hours helping other posters in these forums, and dont really "approve" nor appreciate a new poster who may be just signing up, not to contribute on a regular basis with the current team, but simply "spam-vertise" a forum they may, or may not have a vested interest in.

=====

Mike.

rmcsticks

1 Message

October 16th, 2005 22:00

:smileywink:     I think its time to make DELL acountable for this bug (dont you ) I just put my new computer on line and it has the winfixer bug from day 1 and it is shouting down page after page and their seams to be no way to get rid of it so I think it time to let every one know that dell is selling their computers knowingly with the bug in the program and they are not the first company to do this goggle just got busted for the same thing and did nothing for all of us after they f***** up our computers, I just brought this computer for the same reason (to get rid of all the c**p and start out fresh) WHAT A JOKE    THANKS DELL.   I will start to tell everyone today by e-mail and let it go from their , That is if winfixer2005 will let me   (not all that funny) winfixer now shuts down my comcast page when I try to click out of winfixer!!!!!!!!!!!!!!!!!!!!!!!!               R.McLaughlin rmcsticks@comcast.net

ky331

3 Apprentice

 • 

15.2K Posts

October 16th, 2005 22:00

RMC,
 
winfixer is "hitting" people everywhere, not just here at dell.   as I mentioned previously in this thread, there are several different "variations" of WinFixer in circulation, and each variation has a separate "fix procedure" of its own.
 
that being said, by far the most "common" form of WinFixer is the O2-BHO:MSEvents sub-case.  Fortunately, Symantec has just released an updated FixVundo tool which can "conquer" this particular variation.   If you (or anyone else reading this thread) still have the problem, I suggest you try downloading and running this tool....
 
if you have the MSEvents "variation", it should clean it up ;
and moreover, there's no downside to trying it, because while it probably won't clean the other/different  forms of WinFixer, it won't do any damage either --- it will simply report that it didn't find trojan.Vundo on your system.
 
info about how to proceed is given here:

psm9958

3 Posts

November 10th, 2005 01:00

i tried following the link and downloaded,  it did not seem to work.  I rebooted and winfixer came back.. any suggestions>

ky331

3 Apprentice

 • 

15.2K Posts

November 10th, 2005 12:00

psm:
 
i believe you were referring to the Symantec FixVundo tool....  bottom line there is:  it works for some people, but not for others.... and there's no rhyme/reason [that we can distinguish]  as to when it works and when it doesn't.
 
first thing you need to do is determine which TYPE of winfixer you have.  
1) there are installer versions, for which the only approach is to run HiJackThis, as it's necessary to find out WHICH particular installer program(s) you have.  
2) there's also Vundo/Virtumundo trojan versions, which again, can be pin-pointed via HiJackThis, and generally fixed by running VirtumundoBeGone.
 
Download the latest version of HJT(hijackthis) (version 1.99.1) from

http://majorgeeks.com/download3155.html

you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.

The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer.   If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )

After Unzipping, double click on HiJackThis.EXE

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.
 
 
Supplemental note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people.   Nevertheless, it seems that many individuals try to be "creative", and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process. 
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)  BAD:  using an older/outdated version of HiJackThis...
The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b) BADusing a TEMP directory or your DESKTOP for HJT....
Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative.
c) BAD:  posting your log in the wrong forum...
if you post your log back here, in the Virus/SpyWare forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.

View More

View All

No Events found!

Top