WinFixer 2005

[u8mypaygoo]

Hi there!!


i got a pop-up virus called Win Fixer 2005. I dl search and destroy, and another program that workd with it to get rid of it, but it didnt work. Before i dl the program, I had McAfee, im guessing McAfee didnt do anything. So now, I'm just wondering how I can delete it and possibly find out if there are any other viruses on my computer.. thanx!!!!


-u8mypaygoo

 

[Osiris]

Use Microsoft Antispy. Run it in safemode, disable it from msconfig. Then post a hijack this log

 

[MicroBell]

Win Fixer 2005 is likely part of the Vundo trojan and must be removed manually as no antivirus or antispyware scanner can deal with it. Download HJT and post your log in the hijackthis forum. DO NOT disable anything in the msconfig as we need to see everything thats running or set to run.

 

[Osiris]

MAS will remove Winfixer 2005 because I have removed it myself and why does everyone have a heart on for not disabling everything in msconfig? Msconfig is a lifesaver and is the sub-root of most pc problems. If you disable the item, reboot and scan, its gone. Why?

 

[MicroBell]

MAS will remove Winfixer 2005 because I have removed it myself and why does everyone have a heart on for not disabling everything in msconfig? Msconfig is a lifesaver and is the sub-root of most pc problems. If you disable the item, reboot and scan, its gone. Why?

Warez Monster,

You need to pay more attention to what he posted. While MAS may indeed remove Winfixer...he's getting a WINFIXER popup..which is likely generated by the Vundo trojan which MAS CAN NOT remove.

Unchecking things in msconfig is short term solution to a deeper problem. This also disables the very malware from appearing in the HJT log so we can see and remove it...if it's using a startup command to start itself. Simply unchecking the item and scanning does not address the problem. In this specfic case....Vundo isn't even listed in msconfig....so that move is useless.

Anyway...you would benifit going through one of the forums academy that are teaching trainees how to read hijackthis logs as you would gain an understanding of how malware works and how to defeat it.

 

[Osiris]

I myself have no problems getting rid of spyware. Unchecking items in msconfig does just that, but can still have active entries elsewhere, stops it 95% of the time, but the entry is still there. All the logs I have done here, everyone benefited from it and all spyware was removed. Winfixer 2005, I cant remember off the top of my head but is that the one with a red circle and with a black X in the middle that usually has three instances? Have you ever run into paytime.exe?

 

[MicroBell]

Winfixer comes in a few flavors. One you mentioned. Another is a popup via the Vundo trojan. Sometimes it will be listed in the RUN commands of the HJT log...if the program is installed or it's installer is resideing in the TEMP folder waiting for the command to install.

As for paytime.exe....Yes...but not recently. It's useally install by Trojan StartPa-YR or Paymite-C. Both are browser hijackers.

I guess we agree to disagree as your method of removing spyware by unchecking it in msconfig is unsound and does NOT remove the spyware..... as all your doing is preventing it from running but not addressing it directly. There are 100's of malware programs that won't even be listed in msconfig so that method of attack would be sure to fail.

Anyway..I will not argue the point as this user can review each of our previous posts and decide on his/her own who knows more about spyware/adware and make a judgement on that.

 

[Osiris]

the reason being to disable msconfig startups is so you can remove the spyware (most), because most spyware removers cant remove running items, especially this one. And I recently infected myself with paytime. It installed 3 instances of it's self and pinged my pc so high, it would reboot itself. Once I got back up, I went to msconfig, startup, disabled everything, rebooted it wasnt running anymore, but there was still an entry like you said, in a temp folder so after about 10 minutes or so, it would come back but only as 1 instance, not 3. To remove it, when it came back, I opened task manager, killed it, theen ra MAS, Spybot, and ADaware se, and the 80% of it was gone. I knew there was still somethere becasue paytime.exe was still listed. When you opened IE, it would redirect to a blue screen.htm, so i looked like a bsod. So I went looking, I just happened that I started at the root of c: and saw the .htm file. I deleted it, it came back. So I checked show hidden files and folder, and there were 5 programs running, none could be stopped, so I was looking thru the task manager and noticed 3 items that started with L, so I killed one and the I started to delete them on by one, eventually, I had to rename 2 files to whatever because there were running, reboot and then i could delete them. But there was still one more file, paytime.exe. This time I ran MAS and it found it, stopped it, then ra hijack this, I found 2 entries BHO, deleted them, but 1 came back after a reboot. I ran hijackthis again, and this time it was still a BHO but a file was missing, and I deleted it and that was it. I opened IE, no redirects. Went to the root of c:, no htm file, went to the hidden local settings folder, no files in there. So I do know what I am doing and most members on here hate going thru or cant go thru those instructions. Some do and some dont. We both have helped a lot of people, I never had anyone delete a file that they werent supposed to delete that I told them to delete either. If they dont take my advice, then they dont. they take your so they do. Im here to help just like you are. But everytime I help someone here, you jump all over my shit just because you went to some "Academy", big deal. I can remove spyware just as good as you can, Im' not saying im better but I d know what I am doing. I will start doing logs here again also so you will be seing me soon.