| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 63195 | 2005-11-01 19:31:00 | Anyone know of a good tool for removing Winfixer? | robo (205) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 401071 | 2005-11-02 09:13:00 | :eek: I have run spybot, it found more stuff. I think I have now deleted 30% of the files on this cursed machine. Winfixer was mentioned by Spybot, and I thought it was removed. I am not sure it is Winfixer any more. It says it is clean, except for c:\windows\win.ini and displays a garbled message about that. It mentioned something that looked like backorifice, but I thought it didn't work on XP. Despite this, if I go to Stuff.co.nz (using that as a test site where the behaviour occurs), and click on the results of voting, that extra window creates about three or more little friends. They are all different and differ each time I try. It doesn't do this on my PC, so I figure it is good example. Worth noting that I think even going to stuff.co.nz, googlebar blocks a popup that I don't get on my machine. One key point, when it starts up it does try to dial the internet, I close it, and it tries again. Not sure why it is doing that. There is nothing in startup that would require it. Makes me wonder if a dodgy dialler is involved. Any ideas? robo. |
robo (205) | ||
| 401072 | 2005-11-02 09:20:00 | Post the HJT log here, so we can see whats in it. | Speedy Gonzales (78) | ||
| 401073 | 2005-11-02 09:23:00 | It does seem to be a rather tricky little number to get rid of . Just when I thought I had nailed it (or whatever is doing the dirty work) Avast pops up again with a new crop of warnings . :( Going to see how it goes tomorrow now, but I *think* Ewido may have got the last of it (fingers crossed) . Ran that in Safe Mode and it picked up quite a few extras and Avast finally came up clean afterwards . Try Ewido but recommend that you disable System Restore first and run everything in Safe Mode . Got the same symptoms as you by the way but the one on this PC is a trojan/dialer . Not sure if it is related to the WinFixer though . |
FoxyMX (5) | ||
| 401074 | 2005-11-02 09:26:00 | Get heavy handed. Use the advanced tools in spybot to delete all the Activex controls and BHO's.Kill off everything in startup,no matter what it is. Use crap cleaner to delete all the flotsom and tetsom. Hit it with Hijackthis and delete anything that isn't required to run the system. Install,update and run the trial of NOD32. Keep an eye on her results, if it finds but cant delete dodgy looking files then use Moveonboot to get rid of em. Also delete all the tempery folders in teh user account, if there is more then one user account then back up their personal files and reduce the accounts to one, otherwise you have to do the entire process for each account and the crap can cross-infect. At the end of the day the worst you can do is break it, and its broken already. hit it hard. |
Metla (12) | ||
| 401075 | 2005-11-02 09:41:00 | Deleted | Odysseus (9186) | ||
| 401076 | 2005-11-03 00:34:00 | Hi people Fixed it. Sort of. After rerunning AVG, Spybot thingy, etc and getting sick of all these dodgy ini files, I said sod it. Installed Firefox. No problems now. :D Thanks for your input. robo. |
robo (205) | ||
| 401077 | 2005-11-03 01:15:00 | If you didn't remove whatever files, even if u installed Firefox, it doesnt mean they're not on your system . And if one of those files belong to a dialler, and its still on your system, you'll find out sooner, or later . |
Speedy Gonzales (78) | ||
| 401078 | 2005-11-12 22:10:00 | 1)disable system restore 2)DISCONNECT FROM NETWORK AND/OR INTERNET 3)close web browsers 4) run Adaware or other adware removal program 5) restart computer 6) reconnect to network and/or internet I think the key in totally removing this self-renewing crap is to simply have your computer off of the internet and networks while removing it. Worked for me anyway. |
gord111 (9187) | ||
| 1 2 | |||||