LD SoftwareBespoke Software, Web Design, Security Consultants and Host Services.

Menu

Sentinel
You have been warned!
We have caught 5848 shameful hackers.

NukeSentinel(tm)

Paypal Referral
Sign up for PayPal and start accepting credit card payments instantly.

Link Exchange
Join our free link exchange

Click Here
 
WinFixer

Online Advertising

WinFixer

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next


The screenshot of www.winfixer.com The screenshot of www.winfixer.com

WinFixer is a computer program that claims to have the ability to repair any computer system problem. However, due to its regular displaying of popup notifications, dubious installation (installing itself without the user's permission), and advertisements of other products, WinFixer is generally regarded as a bogus adware program. The popup ads display insistent notifications to convince the user that something may be amiss with the computer, and WinFixer will be able to fix it, for a price.

Due to these problems, WinFixer could possibly be spyware or malware; no authoritative determination has yet been made. However, its misleading popups and forced downloads mirror the "marketing" strategies of many spyware programs. Some computers infected with this program do exhibit sluggish performance.

WinFixer's claim:

WinFixer 2005 is useful utility to scan and fix any system, registry and hard drive errors. It ensures system stability and performance, frees wasted hard drive space and recovers damaged Word, Excel, music and video files.

In reality, WinFixer doesn't do any of these things.

How it Infects

There are several ways in which WinFixer can infect a computer. Users using Internet Explorer are most susceptible, although users of other browsers, such as Firefox and Opera can also be infected, but are more resistant to the program.

Typical Infection

The infection usually occurs during a visit to a distributing web site (not necessarily winfixer.com) using Internet Explorer. A message appears in a Dialog Box, asking the user if they want to install WinFixer.

Initial message prior to infection - Disconnect from the internet before closing this! Initial message prior to infection - Disconnect from the internet before closing this!

However, when the user chooses any of the options or tries to close this dialog (by clicking 'Ok' or 'Cancel' or by clicking the corner 'X'), it will trigger a pop-up window and WinFixer will download and install itself, despite the userís wishes. Because this is a dialog box related to the Internet Explorer application, it does not appear in the Windows Task Manager list (Ctrl+Alt+Del).

Trial offer of WinFixer

A free, trial offer of this program is sometimes found in pop-ups. If the trial version is downloaded and installed, it "locates" a couple of alleged trojans and viruses, but does nothing else. To obtain a quarantine or removal, WinFixer requires the purchase of the program. Some reviewers believe the alleged unwanted bugs to be bogus, only serving to induce the owner to buy the program.

WinFixer Application

Once installed, WinFixer frequently launches pop-ups and prompts the user to follow its directions. Because of the intricate way in which the program installs itself into the host computer (including making dozens of registry edits), successful removal is a tedious, manual process. When running, it can be found in the Task manager and stopped, but before long it will re-install and start up again.

Firefox Popup

The Mozilla Firefox browser is less vulnerable than Internet Explorer to initial infection by WinFixer. However, once installed, WinFixer is known to exploit the SessionSaver extension for the Firefox browser. The program causes popups on every startup asking the user to download WinFixer, by adding lines containing the word 'WinFixer' to the prefs.js file. The prefs.js file is located at:

Windows: C:\Documents and Settings\_username_\Application Data\Mozilla\Firefox\Profiles\_profile_\prefs.js

Linux: ~\.Firefox\Profiles\_profile_\prefs.js

Remedies

Avoid infection

If the initial dialog box is shown, disconnecting from the internet BEFORE closing it may prevent the download and any infection.

Switching to a different browser rather than Internet Explorer may reduce vulnerability to this and other online Trojan threats. Most malware is targeted at Internet Explorer, and thus is written to take advantages in any flaws and loopholes in its programming.

Blocking the site www.winfixer.com in your firewall will prevent the typical infecting download. However, there may be other ways in which the program installs itself.

Removing WinFixer

It should be noted that besides WinFixer itself, there are several other products to be found on the Web that claim to have the ability to stop and uninstall WinFixer. All users are advised to be skeptical, as many of these 'solutions' are themselves WinFixer clones.

WinFixer will prompt the user to purchase a licensed copy of the WinFixer software. Making this purchase may solve the problems caused by the application, without removing it. However, buying the license carries certain ethical questions as it will encourage the creators of the program to continue their operations. In addition, there is no proof that the program works, even after purchasing the license. Some users report that purchasing and installing the Winfixer program causes additional serious operating problems. If you have purchased the program with a credit card many urge calling the credit card to reverse the charge citing fraud.

Symantec has published procedures for removing WinFixer manually. This is a tedious process involving registry editing, which should be done with the utmost care. As of January 2006, the better-known antivirus and antispyware software packages do not detect or remove WinFixer infections automatically. Webroot's Spy Sweeper does detect and remove WinFixer; the free trial version of Spy Sweeper will remove WinFixer from memory and from your files and registry.

McAfee's WinFixer information indicates that WinFixer may be classified as legitimate software, however, McAfee's Vundo information should still aid in your WinFixer removal process. This removal process makes use of Sysinternals's Process Explorer (download here) to suspend infected critical system processes. (Vundo is malware intended to automatically install WinFixer on your machine, without your consent)

Domain Ownership

The company that makes WinFixer, Winsoftware Ltd., claims to be based in Liverpool, England, however this has been proven false[1]. The domain WINFIXER.COM on the whois database shows it is owned by a void company in Ukraine thus making them (the company) exempt from the Digital Millennium Copyright Act. [2]. Other things also don't add up, for example according to Alexa Internet the domain is owned by Innovative Marketing, Inc., 1876 Hutson St, Belize City.

Miscellaneous and Technical Information

Technical

WinFixer is closely related to Aurora Network's Nail.exe hijacker/spyware program. In worst case scenarios, it may embed itself in Internet Explorer and become part of the program, thus being nearly impossible to remove. The program is also closely related to the Vundo and Virtumonde viruses. [3] - Note: The database entry for the Virtumonde trojan and WinFixer itself are down as of late February 2006), however, a great number of forum members on on-line technical support forums and blogs believe that WinFixer is associated with the Vundo trojan.

Program Name

Although purely speculative, it seems fairly obvious that the name WinFixer is derived from the old Microsoft Windows abbreviation "Win" joined with the word fixer, thus implying Win(dows) Fixer. Because of the name association with the operating system, a hypothetical situation could occur in which a user may possibly think that they are downloading a Windows related program, when, in fact, they are not.

External links

Note

Most of these websites are selling products to remove WinFixer. If you intend to buy any of these products, including the well known ones (Norton and McAfee), do research on the products to make sure that they are effective and legitimate. In addition, if you prefer to remove the software yourself, please use the utmost caution when editing the registry values.

Links


Home | Up | Loyaltyware | WinFixer | 180 Solutions | DirectRevenue

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

 
You can syndicate our News with backend.php And our Forums with rss.php
You can also access our feeds via Feedburner Site News and LD Software Forums
© 2009 ld-software.co.uk All Rights Reserved.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.37 Seconds