Winfixer?

jsteph · Feb 5, 2006

How in the heck do I get rid of Winfixer? I've tried the safe-mode thing, I've found the HKLM....Winlogon\Notify\PMNOP.dll key...that keeps coming back the second I delete it, as do any other keys involved.

This is the most persistent, insidious, nasty thing I've ever encountered. I've been to Nortons site and looked at the Vundo removal steps, and it doesn't make any sense, nor does it work.

I've tried Ewido, Trend-Micro, Nortons, Mcafee, nobody can get rid of it. Most detect it just fine, but none get rid of it.

Anybody know how to do this, short of re-installing Windows?

And it seems that this virus (vundo, virtual Monde) is aimed at selling a product--Winfixer. Is this an American company, or does anyone know where the main offices--or the little-sh*t's parent's basement--is?

And if anyone would like to begin forming an angry mob to that location, I'm all for it. I'd love to do like Marcellis Wallace says in Pulp Fiction, and get a pair of pliers and a blow-torch and get medieval on his buttocks.

Thanks for any help on this,
--Jim

vop · Feb 5, 2006

Download VirtumundoBeGone from:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated

Please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens

Just reboot if your system "jams"

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]

jsteph · Feb 5, 2006

Thanks very much, I will give that a try,
--Jim

pechenegs · Feb 5, 2006

If that doesn't fix it run this tool!

Please download

http://www.atribune.org/ccount/click.php?id=4

to your desktop.
· Double-click VundoFix.exe to run it.
· Click the Scan for Vundo button.
· Once it's done scanning, click the Remove Vundo button.
· You will receive a prompt asking if you want to remove the files, click YES
· Once you click yes, your desktop will go blank as it starts removing Vundo.
· When completed, it will prompt that it will shutdown your computer, click OK.
· Turn your computer back on.

· Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

erikhertzel · Feb 6, 2006

This tool will kill Winfixer:

Download it here:

http://www.sabethacomputing.com/downloads.html

Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Hope that helps,

Erik

jayjay66 · Feb 14, 2006

Does this:

http://www.sabethacomputing.com/downloads.html

work??

Can anybody confirm it please.

Thanks,
JJ

erikhertzel · Feb 14, 2006

I am not sure what you mean.

If you mean, does the website work: yes...

If you mean, when you go to the website and download the Webroot Trial and do an update and then a sweep, then yes, it will get rid of Winfixer.

Hope this helps,

Erik

jayjay66 · Feb 14, 2006

If I download the Webroot Trial and do an update and then a sweep, will it get rid of the winfix??

Can anybody confirm this?

Thanks,
JJ

erikhertzel · Feb 14, 2006

Yes, I can as I said. I have personally done it before, that's why I suggest using this tool.

Erik

erikhertzel · Feb 14, 2006

BTW:

There are other ways as well to fix the issue, but this has always worked well for me.

Hope that helps,

Erik

pechenegs · Feb 14, 2006

post a hijack this log and let's see what you realy have?

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

cathee · Mar 8, 2006

Winfixer, YIKES! I've read about 5-6 "fixes" for the WinAntiVirus Extortion pop-ups. Yesterday I downloaded Eric's Sabetha Computing free trial. It found 16 Traces. The Pop-ups came back at first, but so far this morning, it's okay. ***BUT: inside my Norton Wastebasket I have 1500 protected files of Ntuser.000 and SRQSS.INI.

They multiply to exactly 1500 in about 5 minutes. I empty them and then they come back in a matter of seconds.

Anyone know what they are or how dangerous they are?

jstevens · Jul 28, 2006

The best removal program I have used for virtumonde and winfixer is

http://www.superantispyware.com

Even removed better than Spysweeper Enterprise which suprised me.

Jason

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Winfixer?

jsteph

Technical User

vop

Technical User

jsteph

Technical User

pechenegs

MIS

erikhertzel

MIS

jayjay66

Technical User

erikhertzel

MIS

jayjay66

Technical User

erikhertzel

MIS

erikhertzel

MIS

pechenegs

MIS

cathee

Technical User

jstevens

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor