if the WinFixer popups have stopped (and you're not getting warning messages from your anti-virus program about trojan vundo/virtumundo), you can ignore the VBG message that it couldn't rename the awvtr.dll file [as well as its "advice" that the user should try to delete this file on his/her own...]
assuming you had VBG version 1.
5 , it "sufficiently isolates and completely deactivates" the bad file, even if it doesn't actually delete it.
if you're not happy with this explanation, you can generate and post a HiJackThis log... which, in all likelihood, will no longer contain any references to the bad file.
Norton keeps on refering to the virus (No innoculator??) but when I acknowldge the dialogue window 3 times it disappears. Previously it stubornly prefailed.
Thanks for your help but I disagree. I have bought PCtools SpyWareDoctor and it might prevent your brower from accessing the Winfixer website but it does NOT eliminate the browser from calling the popup or delete the Winfixer files.
They were sporty enough to back up their 30 day money back guarantee. I kept Registry Mechanic which seems to be doing a good job.
please be advised that there are several different variations of WinFixer.... including vundo/virtumundo trojans, SurfAccuracy, installers, stealth/hidden/rookit versions, and cookies. And each version requires a separate fix of its own.
vundo/virtumundo trojans are by far the most common source [well over 90%] of all WinFixer problems. And in this case, the use of VirtumundoBeGone 1.5, or the
automated Atribune VundoFix version 4.x , are extremely effective.
the remaining cases can be properly diagnosed and fixed using HiJackThis analysis [in conjunction with tools like RegSeeker, RootKit Revealer, and Apropos Fix, depending on the particular WinFixer variation involved].
Running the "wrong" automated tool won't help matters: for example, if you have the SurfAccuracy version, tools such as VirtumundoBeGone, or VundoFix, won't find/fix it. [It won't damage your system to try these... they just won't be effective in the SurfAccuracy case.] And "manual" fixes, which tend to contain extremely long lists of registry entries and files to be deleted, are completely overwhelming to the average PC user. Because there are so many different versions of WinFixer --- which are continually "morphing" over time to make it harder to find and fix ---- the manual lists are often out-of-date by the time they are compiled and made available. And moreover, the manual fix generally applies to only one type of WinFixer problem (usually the "installers") that the author is taking under consideration.
In JohnPro's case, he's indicating he
had (
past tense) a WinFixer popup problem, which
stopped after he ran VirtumundoBeGone 1.5 . His concern, rather, was that VBG reported it couldn't "rename" nor "delete" an associated file which it had "deactivated". VBG reports this occasionally, and in almost all cases, it's nothing to be concerned about.
John: I'm taking for granted you've had no more WinFixer popups since running VBG. But if you would still like to pursue this, I can give you directions for the Atribune VundoFix, and/or HiJackThis, to hopefully bring this thread to a close....
EDIT:
Here's the info for the Atribune VundoFix. While I believe you have no
active vundo infection after running VBG, this tool may still find some "passive" infections... and
perhaps also remove the "isolated" file which has been your concern:
Be sure to include a detailed description of any problems/errors/warnings you are encountering.
Hopefully, one of the HJT experts will get to it as quickly as possible.
WARNING: HiJack This is a VERY POWERFUL tool. While it's completely safe for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!! Improper use of this tool can severely damage your system.
the most common form of winfixer is indeed virus-related, being based on a Vundo-trojan. But other variations of WinFixer have other "sources", which may or may not "technically" be the result of a "virus". But regardless of such technicality, Winfixer is "malware" (bad stuff), which needs to be removed.
i still stand by the advice recommended in my last post above:
try vundoFix first. the last i checked, the current version is 4.2.34
if that fixes your WinFixer problem, you could probably stop. But if it doesn't find a vundo-infected file, or if you still have further WinFixer problems after running VundoFix, then you should follow my instructions to generate and post a HiJackThis log, in the HJT forum.
Limewire is one of the many p2p networking style file downloaders the kids like to use to share music files and such. I doubt that limewire by itself is evil but I don't think it really cares what files it sends you or that you decide to download so prefer not to use it myself. Someone told me once, "Think of it a a giant hole in your firewall."
There may also be a possibility of getting one of those letters in the mail from the music folk saying you are stealing copyrighted music and must pay $x,000 or get sued.
Anyway, if you must download it get it from the source:
EDIT: after I prepared this response, I discovered that you've already posted your HJT log in that forum, and are currently being helped by zbestwun2001....
since you were "free" of Winfixer for about two days, odds are you've somehow gotten another/separate infection.
I don't know that anyone has yet figured just exactly where it comes from :-(
since you ran VundoFix again, can we assume the popups stopped (again) afterwards???
in terms of "prevention" ---- there is much speculation that a "hole" in Sun's JAVA, [in particular, version 1.4.2._03], is somehow being exploited by WinFixer. so it would be prudent to be sure you have the latest JAVA version,
1.5.0_06 .
in fact,
when you ran VundoFix, it should have advised you as to the version of Java you have installed. If it indicated anything older that
1.5.0.6, you should download the current version (for free) from
http://www.java.com/en/download/manual.jsp
my personal preference is to download the MANUAL (OFFline) installation version (16 MB). but if you prefer the online installation, that choice is yours.
AFTER you successfully install the new java, go to your control panel, ADD/REMOVE programs, and
UNinstall all older versions of Java (if any) that still show up there.... especially the 1.4.2_03.
*************************************
As For HiJackThis:
Download a
self-extracting copy of the latest version of HJT (HiJackThis) (version 1.99.1) from
Be sure to include a detailed description of any problems/errors/warnings you are encountering.
Hopefully, one of the HJT experts will get to it as quickly as possible.
WARNING: HiJack This is a VERY POWERFUL tool. While it's completely safe for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!! Improper use of this tool can severely damage your system.
Yes, I was rid of winfixer for 2 days and then the popups started today.
Even though Java had been uninstalled and it is not listed in Control Panel 'add/remove programs' VundoFix.txt listed a Java version, 1.4.2.3. As of yet I still haven't installed the lastest Java...I'm afraid to.
LimeWire is gone, so, I can't really figure out what's causing the problem. The computer is new, only a week old, and the only web site my son navigates is "myspace.com". I know he talks with a lot of friends on myspace...maybe he's downloading somthing...he says he's not.
The only other program he runs is Dell JukeBox by MusicMatch. I'm wondering...do mp3 music files carry virus'? He still has mp3 files he had downloaded from LimeWire and is now playing in JukeBox.
Thanks for all your time and help. You are all great.
ky331
3 Apprentice
•
15.6K Posts
0
February 9th, 2006 23:00
pchelpme
5 Posts
0
February 9th, 2006 23:00
JohPro
5 Posts
0
February 9th, 2006 23:00
It was version 1.5.
Norton keeps on refering to the virus (No innoculator??) but when I acknowldge the dialogue window 3 times it disappears. Previously it stubornly prefailed.
Thank you for the rapid response.
Regards,
zeroacid
44 Posts
0
February 10th, 2006 19:00
JohPro
5 Posts
0
February 11th, 2006 08:00
Thanks for your help but I disagree. I have bought PCtools SpyWareDoctor and it might prevent your brower from accessing the Winfixer website but it does NOT eliminate the browser from calling the popup or delete the Winfixer files.
They were sporty enough to back up their 30 day money back guarantee. I kept Registry Mechanic which seems to be doing a good job.
zeroacid
44 Posts
0
February 11th, 2006 09:00
hi Johpro,
I meant manual removal, not automatic. Additionally I informed spyware Doctor research center to look into this problem.
ky331
3 Apprentice
•
15.6K Posts
0
February 11th, 2006 11:00
Download VundoFix.exe from http://www.atribune.org/public-beta/VundoFix.exe and save it to your desktop. Make sure it's version 4.2.21 [or later].
Click on Do a System Scan and Save a LogFile
This will automatically open NotePad
Copy the entire file from NotePad: EDIT/SelectAll, EDIT/Copy
Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and PASTE the results there:
http://forums.us.dell.com/supportforums/board?board.id=si_hijack
Be sure to include a detailed description of any problems/errors/warnings you are encountering.
Hopefully, one of the HJT experts will get to it as quickly as possible.
Message Edited by ky331 on 02-11-2006 09:10 AM
patdenn
14 Posts
0
March 17th, 2006 06:00
I keep getting popups for Winfixer. Does this mean I have the virus? My virus scan doesn't report any viruses.
I'm trying to follow the messages on this forum about winfixer, but am totally confused as to what needs to be done.
Thanks for any help.
Pat
ky331
3 Apprentice
•
15.6K Posts
0
March 17th, 2006 10:00
the most common form of winfixer is indeed virus-related, being based on a Vundo-trojan. But other variations of WinFixer have other "sources", which may or may not "technically" be the result of a "virus". But regardless of such technicality, Winfixer is "malware" (bad stuff), which needs to be removed.
i still stand by the advice recommended in my last post above:
try vundoFix first. the last i checked, the current version is 4.2.34
if that fixes your WinFixer problem, you could probably stop. But if it doesn't find a vundo-infected file, or if you still have further WinFixer problems after running VundoFix, then you should follow my instructions to generate and post a HiJackThis log, in the HJT forum.
Message Edited by ky331 on 03-17-2006 07:07 AM
ky331
3 Apprentice
•
15.6K Posts
0
March 17th, 2006 14:00
patdenn
14 Posts
0
March 17th, 2006 14:00
Well...I ran VundoFix. For the moment I'm not getting the winfixer popups.
I believe this problem was caused by my son downloading LimeWire. Are you aware of this happening?
If Limewire is the problem, then I assume continued use of the program will just infect my computer again?
Thank you so much.
RKinner
2 Intern
•
5.9K Posts
0
March 17th, 2006 15:00
Limewire is one of the many p2p networking style file downloaders the kids like to use to share music files and such. I doubt that limewire by itself is evil but I don't think it really cares what files it sends you or that you decide to download so prefer not to use it myself. Someone told me once, "Think of it a a giant hole in your firewall."
There may also be a possibility of getting one of those letters in the mail from the music folk saying you are stealing copyrighted music and must pay $x,000 or get sued.
Anyway, if you must download it get it from the source:
http://www.limewire.com/english/content/home.shtml
Copies on other sites may be preinfected or bundled with malware.
patdenn
14 Posts
0
March 19th, 2006 15:00
ky331
3 Apprentice
•
15.6K Posts
0
March 19th, 2006 21:00
Click on Do a System Scan and Save a LogFile
This will automatically open NotePad
Copy the entire file from NotePad: EDIT/SelectAll, EDIT/Copy
Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and PASTE the results there:
http://forums.us.dell.com/supportforums/board?board.id=si_hijack
Be sure to include a detailed description of any problems/errors/warnings you are encountering.
Hopefully, one of the HJT experts will get to it as quickly as possible.
Message Edited by ky331 on 03-19-2006 06:29 PM
Message Edited by ky331 on 03-19-2006 06:36 PM
patdenn
14 Posts
0
March 20th, 2006 01:00
Hi,
Yes, I was rid of winfixer for 2 days and then the popups started today.
Even though Java had been uninstalled and it is not listed in Control Panel 'add/remove programs' VundoFix.txt listed a Java version, 1.4.2.3. As of yet I still haven't installed the lastest Java...I'm afraid to.
LimeWire is gone, so, I can't really figure out what's causing the problem. The computer is new, only a week old, and the only web site my son navigates is "myspace.com". I know he talks with a lot of friends on myspace...maybe he's downloading somthing...he says he's not.