Author Topic: winfixer virtumonde adware trojan driving me insane (cant remove it) (Read 446 times)

Citabria · « **on:** December 03, 2005, 09:39:24 PM »

anyone find a way to remove this?

tried ad-aware
spybot
microsoft antispy

all 3 find it and remove it then it is back imediately

heeelp

Estes · « **Reply #1 on:** December 03, 2005, 09:41:19 PM »

Have you tried hijack this? And manually deleting the winfixer entry in the registry?

Citabria · « **Reply #2 on:** December 03, 2005, 10:02:01 PM »

WhiteHawk · « **Reply #3 on:** December 04, 2005, 07:11:47 AM »

i dont know about that one, but I had a java bug for a while. What I did was find exactly where it was path wise. i.e. c:\windows\system 32\javascript\etc etc. Write it down in big letters. (it is prolly a mile long). When your puter is booting up , you need to goto start\programs\accessories\command prompt. Select command propmpt. then use the cd command to get to the filename of the bug. example: when you get to c:\ you type "cd windows\system32\javascript\etc.etc.etc" without the quotes until you get to the .exe of your virus or spyware bug. Dont type the .exe file. (and it may not be .exe, but whatever it is). Once you get to the directory that contains the bug you type "del bugsexactn.ame". No quotes. Make damm sure you get the name of the bug right. You have to do this before the bug is loaded into your working memory or it will just make copies of itself. You may be able to do this with windows explorer, but I have always had the best luck with the above method. I hope this helps. Hey, why tf is spyware still legal to install on peoples personal computers?

Ghosth · « **Reply #4 on:** December 04, 2005, 07:13:26 AM »

There finding it but not finding the source. Which by the sound of it creates a new one as soon as the old one is deleted.

What location does it consistantly show up in??

Go there & do some sleuthing, keep eyes open for a folder that doesn't belong.

WhiteHawk · « **Reply #5 on:** December 04, 2005, 07:21:29 AM »

yes ghost. Is I stated above. In a nutshell, the trick is to delete them before your puter finishes loading them . I have had very good luck getting rid of viruses and spyware using the above method. You just have to be quick with getting to the bugs location. Hijack this may work as well, come to think of it. But most of these newer spybugs seeem to be extremely resistant to removal once the puter is up and running.

Curval · « **Reply #6 on:** December 04, 2005, 08:12:18 AM »

That trojan is a beyotch to remove

Citabria · « **Reply #7 on:** December 04, 2005, 10:05:19 AM »

hijackthis squashed that winfixer bastard hehe thx guys

AutoPilot · « **Reply #8 on:** December 05, 2005, 10:40:56 PM »

Theres a free Anti-Virus program called Avast that detects those kinda things before they even get near your system.

Download it free at http://www.download.com

Type Avast in the search bar,version 4.6 i believe.

Vipermann · « **Reply #9 on:** December 06, 2005, 03:27:34 PM »

also don't forget to disable system restore when removing nasty stuff from your computer. After your sure it's gone then you can re-enable it if you use it.

Stratocaster · « **Reply #10 on:** December 06, 2005, 07:15:34 PM »

omg gotta get rid of that friggen winfixer pops like 50 windows up when u try to x it out.

Estes · « **Reply #11 on:** December 06, 2005, 07:33:59 PM »

Strangely enough. Few days after Fester got the winfixer bug. I had a customer bring in a computer with the same bug.

However, I don't think it was as bad as some of the examples that Curval posted. All this one had was the program, and when you tried to close it it would pop up a bunch of windows.

Easy enough to get rid of though, just boot into safe mode. Uninstall the winfixer program, and then delete the entries through hijack this.

AutoPilot · « **Reply #12 on:** December 07, 2005, 01:00:10 PM »

Avast will remove that.