WinIFixer
WinIFixer carries the slogan “Viruses and Spyware Remover.” Nevertheless, the truth is, WinIFixer is a misleading security application that may get inside your computer without an intervention. Using a Trojan, this will sneak into the system unexpectedly when visiting malicious web sites or following links sent though instant messaging applications.
The primary objective of WinIFixer is to entice computer users that this application is legitimate and essential in getting rid of spyware and viruses. This potentially unwanted application aims to convince user that computer is infected with a variety of threats and insinuate that removal can be performed only when WinIFixer is upgraded to a full version.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
Characteristics (Analysis)
While WinIFixer is running on victim’s computer, it repeatedly exhibits a number of identified threats. These fake security findings are part of its unfair marketing strategy to persuade victims on purchasing the registered version of WinIFixer.
Moreover, the rogue program alters Internet Explorer settings and redirects the default home page to WinIFixer web site.
Added Registry Entries:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinIFixer HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.comAssociated Files and Folders:
%ProgramFiles%\WinIFixer\WinIFixer.exe C:\Windows\xpupdate.exe C:\WINDOWS\system32\printer.exe
precisesecurity
Mar 06, 2008 @ 09:38:30
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Uninstall WinIFixer
a) Click Start > Settings > Control Panel or Start > Control Panel (this varies with the operating system).
b) In the Control Panel window, double-click Add/Remove Programs.
c) Click WinIFixer to remove.
d) Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.
4. Restart the computer in Safe Mode. [how to]
5. Run a full system scan and clean/delete all infected file(s)
6. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\”WinIFixer” = “%ProgramFiles%\WinIFixer\WinIFixer.exe”
Navigate to and delete the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinIFixer
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com
7. Exit registry editor and restart Windows.
8. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
dean
May 07, 2008 @ 05:34:32
I’ve done all the things to do, but whenever I turned on my laptop or restarted it, there’s this background display picture that keeps showing up. Although I have changed it, the display picture says “Warning! spyware detected…” with a blue screen background. Plus, the screen saver about ‘the beetles eating up my screen’ thing. Please help, I don’t know what to do and I feel very irritated.
Jerry
May 08, 2008 @ 19:24:44
Download and run ‘spybot search and destroy’ and immunize.
If you still have the blue picture and bugs try changing your desktop picture after you run spybot.
Margaret
May 11, 2008 @ 03:06:35
Hi! I just had the same problem as Jerry. Here is what I did.
1. Right click on your desktop
2. Choose “properties”
3. Pick the tab marked “Desktop”
4. Identify the name of the wallpaper that is defaulted to your screen (write it down :-)
5. Close your desktop properties dialog box
6. Click on your start menu
7. Click on “search”
8. Type in the name of the wallpaper you are searching for
9. After the search program locates that file in your computer, go in by hand and delete that file. Mine was buried in a very weird place on my computer.
10. Finally, open your desktop properties dialog box, choose another wallpaper and close your dialog box. The name for the malware wallpaper will be gone when you open it again.
Good luck.
Marsha
May 20, 2008 @ 00:16:23
Margaret had the answer to my problem. I had removed the virus, but it had left an image as wallpaper, which had not occurred to me until I read her reply. THANK YOU!