Warning Do Not Download Winfixer!!!

[MikeVXSS]

hey guys just a warning for anyone that receive's a prompt while surfing the net say somthing along the lines of..... if your registry is blah somthing blah download winfixer to fix these problems DO NOT DOWNLOAD ANYTHING WITH THE FILE NAME WINFIXER. it is an evil spyware/virus/tojan/worm that will do all it can to upload virus's worms an the like. the main problem my friend is experiencing is mass amounts of pop ups n spyware there is no knowing program to delete this crap, and is very VERY involved to remove manually. So i thought id try andgive as many of you a heads up on as i just had the prompt come up while i was looking for fricking DBZ wallpapers. it is an evil prog from all ive read so do ya best to IGNORE WINFIXER it will no fix anything on your compy then asks you to buy a program from the arseholes that made it to get rid of it

IGNORE WINFIXER PLEASE

Ps. if any of you have downloaded this proggy pm me and ill help the best i can with the manual deletion

[hakhawk]

is your friend using xp sp1? if so, disable the messenger service. might help a bit with pop ups, also get a pop up blocker happening, although theres heaps these days that will override most blockers.

[MikeVXSS]

is your friend using xp sp1? if so, disable the messenger service. might help a bit with pop ups, also get a pop up blocker happening, although theres heaps these days that will override most blockers.

yea no pop up blockers work for it he had 5 running at once to try and do em but nothing will work for em as once the program is installed it duplicates itself and renames all its own files its a cnut!!

[vh-holden]

as a general rule, when surfing the net, never click any of those things that tell you your computer is at risk.

[MikeVXSS]

as a general rule, when surfing the net, never click any of those things that tell you your computer is at risk.

lol yea thats the one, but ya know some people just think they are doing the right thing lol lol

[ClairBear]

I don't see the need for giant bold warnings, most people know you don't click and download those things. That winfixer has been a popup for a long time. Your acting like this is something new. Even if you do download, if you know what your doing, removal is easy. As for evil - its no worse than most trojans.

The one that has me PMSL at the moment, is the email warning about the olympic torch virus. Sadly these spam emails can cause people who are computer illiterate to think they have the virus if something simple plays up, I have heard of people formatting their computer thinking they have a virus. It's also very annoying for ISP's as people ring up to find out what to do, causing delays in operators answering calls from people who have genuine issues.

On another matter, to all those people that forward those chain emails and jokes without BBC'ing the recipients are making their email address more vulnerable to capture and end up with spam email. Plus it's bad manners to let your friends and associates see each other's email addresses, it's like giving out their contact details without their permission. I am very particular about where my email address goes, and it's very annoying to receive email from people and see my address in the 'to' field along with eleventy hundred other peoples, all who can grab mine.

C.

[NORTI]

I don't see the need for giant bold warnings, most people know you don't click and download those things. That winfixer has been a popup for a long time. Your acting like this is something new. Even if you do download, if you know what your doing, removal is easy. As for evil - its no worse than most trojans.

The one that has me PMSL at the moment, is the email warning about the olympic torch virus. Sadly these spam emails can cause people who are computer illiterate to think they have the virus if something simple plays up, I have heard of people formatting their computer thinking they have a virus. It's also very annoying for ISP's as people ring up to find out what to do, causing delays in operators answering calls from people who have genuine issues.

On another matter, to all those people that forward those chain emails and jokes without BBC'ing the recipients are making their email address more vulnerable to capture and end up with spam email. Plus it's bad manners to let your friends and associates see each other's email addresses, it's like giving out their contact details without their permission. I am very particular about where my email address goes, and it's very annoying to receive email from people and see my address in the 'to' field along with eleventy hundred other peoples, all who can grab mine.

C.

Amen! Yes Im exactly the same... I hate people who too lazy to BCC its not hard! I dont send alot of stuff, If ever now to more than one person at a time... I guess Ive been online so long that Ive seen so much crap now... dont bother posting it on....

spyware... all these popups & other "registry fixers" etc... always around... seems I got stung few times in a row... But when I get done... I get really done lol not just one of the suckers... I cop the lot But ah thats what ya get for surfing where ya shouldnt...

Tell ya mate to surf between the flags fom now on stay away from the roguher waters & he wont get stung



D.

[MikeVXSS]

yea most people know ya dont download them but alot people dont understand, its just a warning for people that havent heard about it, as for e z removal ...


WinFixer manual removal:
Kill processes:
df_kme.exe, install.exe, sr.exe, wfx5.exe
Help: how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\WinFixer 2005
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CompCleanCore.AppCleaner
HKEY_CLASSES_ROOT\CompCleanCore.AppCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.CCQuickScan
HKEY_CLASSES_ROOT\CompCleanCore.CCQuickScan.1
HKEY_CLASSES_ROOT\CompCleanCore.FileCleaner
HKEY_CLASSES_ROOT\CompCleanCore.FileCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.InetCleaner
HKEY_CLASSES_ROOT\CompCleanCore.InetCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.RegCleaner
HKEY_CLASSES_ROOT\CompCleanCore.RegCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.SystemCleaner
HKEY_CLASSES_ROOT\CompCleanCore.SystemCleaner.1
HKEY_CLASSES_ROOT\df_fixer.Fixer
HKEY_CLASSES_ROOT\df_fixer.Fixer.1
HKEY_CLASSES_ROOT\df_proxy.DriverManipulate
HKEY_CLASSES_ROOT\df_proxy.DriverManipulate.1
HKEY_CLASSES_ROOT\FFCom.FlFixer
HKEY_CLASSES_ROOT\FFWraper.FFEnginWraper
HKEY_CLASSES_ROOT\FFWraper.FFEnginWraper.1
HKEY_CLASSES_ROOT\FixCore.MMFixCore
HKEY_CLASSES_ROOT\FixCore.MMFixCore.1
HKEY_CLASSES_ROOT\MMFixCtrl.CoFixEngine
HKEY_CLASSES_ROOT\MMFixCtrl.CoFixEngine.1
HKEY_CLASSES_ROOT\AppID\checkproduct2.dll
HKEY_CLASSES_ROOT\AppID\compcln.dll
HKEY_CLASSES_ROOT\AppID\ffwraper.dll
HKEY_CLASSES_ROOT\AppID\fixcore.dll
HKEY_CLASSES_ROOT\AppID\mmfixctrl.dll
HKEY_CLASSES_ROOT\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
HKEY_CLASSES_ROOT\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
HKEY_CLASSES_ROOT\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
HKEY_CLASSES_ROOT\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
HKEY_CLASSES_ROOT\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
HKEY_CLASSES_ROOT\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
HKEY_CLASSES_ROOT\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
HKEY_CLASSES_ROOT\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
HKEY_CLASSES_ROOT\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
HKEY_CLASSES_ROOT\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
HKEY_CLASSES_ROOT\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
HKEY_CLASSES_ROOT\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
HKEY_CLASSES_ROOT\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
HKEY_CLASSES_ROOT\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
HKEY_CLASSES_ROOT\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
HKEY_CLASSES_ROOT\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
HKEY_CLASSES_ROOT\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
HKEY_CLASSES_ROOT\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
HKEY_CLASSES_ROOT\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
HKEY_CLASSES_ROOT\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
HKEY_CLASSES_ROOT\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
HKEY_CLASSES_ROOT\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
HKEY_CLASSES_ROOT\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
HKEY_CLASSES_ROOT\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
HKEY_CLASSES_ROOT\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
HKEY_CLASSES_ROOT\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
HKEY_CLASSES_ROOT\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
HKEY_CLASSES_ROOT\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
HKEY_CLASSES_ROOT\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
HKEY_CLASSES_ROOT\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
HKEY_CLASSES_ROOT\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
HKEY_CLASSES_ROOT\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
HKEY_CLASSES_ROOT\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
HKEY_CLASSES_ROOT\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
HKEY_CLASSES_ROOT\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
HKEY_CLASSES_ROOT\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
HKEY_CLASSES_ROOT\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
HKEY_CLASSES_ROOT\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
HKEY_CLASSES_ROOT\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
HKEY_CLASSES_ROOT\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
HKEY_CLASSES_ROOT\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
HKEY_CLASSES_ROOT\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
HKEY_CLASSES_ROOT\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
HKEY_CLASSES_ROOT\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\df_kmd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\df_kmd.sys
HKEY_CURRENT_USER\Software\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WFX5_is1
Help: how to remove registry entries

Delete files:
df_kme.exe, install.exe, sr.exe, wfx5.exe, crxml.dll, compcln.dll, df_fixer.dll, df_proxy.dll, ffcom.dll, ffwraper.dll, filetyperecognizer.dll, fixcore.dll, mmfix.dll, oedrop.dll, pcheck.dll, strres.dll, df_kmd.sys, flash.ini
Help: how to remove harmful files

Delete directories:
C:\Program Files\WinFixer 2005
C:\Program Files\Common Files\WinSoftware
C:\Documents and Settings\All Users\Start Menu\Programs\WinFixer 2005

Misc:
Exact file location:
crxml.dll, pcheck.dll - C:\Program Files\Common Files\WinSoftware
df_kme.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
df_kmd.sys - C:\Program Files\WinFixer 2005; C:\Windows\System\Drivers, C:\Windows\System32\Drivers or C:\Winnt\System32\Drivers
other files - C:\Program Files\WinFixer 2005


yea piece of piss most people can do it there arse tied behind their back. and oh my god im sooooooooooo sorry for the bold headings didnt mean to offend i was just trying to help those who dont know about it. and when a trojan hops into your computer and uploads a worm and destroys everything on your computer( and dont say you back up everyday )and then climbs into all your cookies that you havent deleted for that day and gets all ya passwords for everything you work with online, then come back and say its not evil. have a nice day..

[MikeVXSS]

Tell ya mate to surf between the flags fom now on stay away from the roguher waters & he wont get stung



D.

lol he was as was i half an hour ago. was just looking for dragon ball z wallpapers and there she was. i just want the people that dont know about it to know. it is an evil one. ive seen its work

[sixshooter]

Format start again...thats the best way...there could be hidden registry keys installed with the program that the winapi can't see...

Download Sysinternals root kit revealer and test the machine with it.

http://www.sysinternals.com/Utilitie...tRevealer.html

[ClairBear]

LMAO - or you could install and run VundoFIX which totally erases the latest WinFixer

C.

[sixshooter]

But does it now ?...you see you think it does...?...But does it really ?....LMAO....I sound like the Malvingian...agh programming languages I've sampled VB, VbScript, C++, C#, its like wiping your ass with silk...but Java is my favourite....especially to curse with when classes wont compile.

[MikeVXSS]

LMAO - or you could install and run VundoFIX which totally erases the latest WinFixer

C.

like i said the proggy duplicates itself then changes all its file names, so the only real way to get rid of it is to do it manually. next time you search google about something try reading into it abit more.

[drewins]

yeh i keep getting those things

[ClairBear]

like i said the proggy duplicates itself then changes all its file names, so the only real way to get rid of it is to do it manually. next time you search google about something try reading into it abit more.

Didnt research google actually, was reading about it a few weeks back on one of the tech forums I troll

C.

[MikeVXSS]

ok cool good. just trying to let people that dont know about it know that they shouldnt trust it is all, some of us know not to beleive prompts but alot dont alot of people like i said earlier think they are doing a good thing cause it sounds good. no offence to the older computer users but alot of them only know how to turn it on, a 28 year old bloke at my work doesnt know how to use one. just giving those other few the heads up on it. dont want a bitch session

[Holden_ve]

I have popunders, they are like popups.. but open in the window your browsing from!!

[MikeVXSS]

lol they are a pain in the arse, i found a small one like google toolbar popup blocker helps with a few, but not all.

[vh-holden]

i was thinking, if someone has the virus and there computer is really that messed up, would they really be looking on here for help?

[holdensupporter2005]

I'm a computer Tech and I don't know how many pc's I remove that junk from. Most pc's that we get in our workshop have it installed. Don't these people that program this sort of stuff have better things to do with there time.

[matty88]

My old man just got an email confirming an "order" that he put in to buy it, stupidly he downloaded and installed it, good luck to me for removing it, popops are a pain in the a$$, main PC is sooooo slowwwwwwww

[MikeVXSS]

i was thinking, if someone has the virus and there computer is really that messed up, would they really be looking on here for help?

no i spose they wouldnt be looking in here for help, but at least they will know not to download this particular one now that i have mentioned its CRAP.

Thanx and have a nice J

[BANGERS88]

haha popups was trying to find a crack for some game the other day clicked on one of the search results (looked inocent) and then WAMMO popups started they were opening faster than i could close them (pretty much all of them porn) So in the end i just reefed the cord out of the socket

not recomended but it works

[minux]

roflmao @ windows users, suckers.

Save yourself some pain http://www.gentoo.org/ is a great start