WinFixer
Online Advertising
WinFixer
The screenshot of www.winfixer.comWinFixer is a
computer program that claims to have the ability to repair any computer
system problem. However, due to its regular displaying of popup notifications,
dubious installation (installing itself without the user's permission), and
advertisements of other products, WinFixer is generally regarded as a bogus
adware program. The popup ads display insistent notifications to convince the
user that something may be amiss with the computer, and WinFixer will be able to
fix it, for a price.
Due to these problems, WinFixer could possibly be
spyware or
malware; no
authoritative determination has yet been made. However, its misleading popups
and forced downloads mirror the "marketing" strategies of many spyware programs.
Some computers infected with this program do exhibit sluggish performance.
WinFixer's claim:
WinFixer 2005 is useful utility to scan and fix any system, registry and
hard drive errors. It ensures system stability and performance, frees wasted
hard drive space and recovers damaged Word, Excel, music and video files.
In reality, WinFixer doesn't do any of these things.
How it Infects
There are several ways in which WinFixer can infect a computer. Users using
Internet Explorer are most susceptible, although users of other browsers, such
as Firefox and Opera can also be infected, but are more resistant to the program.
Typical Infection
The infection usually occurs during a visit to a distributing web site (not
necessarily winfixer.com) using Internet Explorer. A message appears in a Dialog
Box,
asking the user if they want to install WinFixer.
Initial message prior to infection - Disconnect from the internet before closing
this!
However, when the user chooses any of the options or tries to close this
dialog (by clicking 'Ok' or 'Cancel' or by clicking the corner 'X'), it will
trigger a pop-up window and WinFixer will download and install itself, despite
the user’s wishes. Because this is a dialog box related to the Internet Explorer
application, it does not appear in the Windows Task Manager list (Ctrl+Alt+Del).
Trial offer of WinFixer
A free, trial offer of this program is sometimes found in pop-ups. If the
trial version is downloaded and installed, it "locates" a couple of alleged
trojans and viruses, but does nothing else. To obtain a quarantine or removal,
WinFixer requires the purchase of the program. Some reviewers believe the
alleged unwanted bugs to be bogus, only serving to induce the owner to buy the
program.
WinFixer Application
Once installed, WinFixer frequently launches pop-ups and prompts the user to
follow its directions. Because of the intricate way in which the program
installs itself into the host computer (including making dozens of registry
edits), successful removal is a tedious, manual process. When running, it can be
found in the Task
manager and stopped, but before long it will re-install and start up again.
Firefox Popup
The
Mozilla Firefox browser is less vulnerable than Internet Explorer to initial
infection by WinFixer. However, once installed, WinFixer is known to exploit the
SessionSaver extension for the Firefox
browser. The program causes popups on every startup asking the user to download
WinFixer, by adding lines containing the word 'WinFixer' to the prefs.js file.
The prefs.js file is located at:
Windows: C:\Documents and Settings\_username_\Application Data\Mozilla\Firefox\Profiles\_profile_\prefs.js
Linux: ~\.Firefox\Profiles\_profile_\prefs.js
Remedies
Avoid infection
If the initial dialog box is shown, disconnecting from the internet BEFORE
closing it may prevent the download and any infection.
Switching to a different browser rather than Internet Explorer may reduce
vulnerability to this and other online Trojan threats. Most
malware is
targeted at Internet Explorer, and thus is written to take advantages in any
flaws and loopholes in its programming.
Blocking the site www.winfixer.com in your
firewall will prevent the typical infecting download. However, there may be
other ways in which the program installs itself.
Removing WinFixer
It should be noted that besides WinFixer itself, there are several other
products to be found on the Web that claim to have the ability to stop and
uninstall WinFixer. All users are advised to be skeptical, as many of these
'solutions' are themselves WinFixer clones.
WinFixer will prompt the user to purchase a licensed copy of the WinFixer
software. Making this purchase may solve the problems caused by the application,
without removing it. However, buying the license carries certain ethical
questions as it will encourage the creators of the program to continue their
operations. In addition, there is no proof that the program works, even after
purchasing the license. Some users report that purchasing and installing the
Winfixer program causes additional serious operating problems. If you have
purchased the program with a credit card many urge calling the credit card to
reverse the charge citing fraud.
Symantec
has
published procedures for removing WinFixer manually. This is a tedious
process involving
registry editing, which should be done with the utmost care. As of January 2006,
the better-known antivirus and antispyware software packages do not detect or remove WinFixer infections
automatically.
Webroot's Spy Sweeper does detect and remove WinFixer; the free trial
version of Spy Sweeper will remove WinFixer from memory and from your files and
registry.
McAfee's WinFixer information indicates that WinFixer may be classified as
legitimate software, however,
McAfee's Vundo information should still aid in your WinFixer removal
process. This removal process makes use of Sysinternals's Process Explorer (download
here) to suspend infected critical system processes. (Vundo is malware
intended to automatically install WinFixer on your machine, without your
consent)
Domain Ownership
The company that makes WinFixer, Winsoftware Ltd., claims to be based in
Liverpool, England, however this has been proven false[1].
The domain WINFIXER.COM on the whois database shows it is owned by a void
company in Ukraine thus making them (the company) exempt from the Digital
Millennium Copyright Act.
[2]. Other things also don't add up, for example according to
Alexa Internet the domain is owned by Innovative Marketing, Inc., 1876
Hutson St, Belize City.
Miscellaneous and Technical Information
Technical
WinFixer is closely related to Aurora Network's Nail.exe hijacker/spyware
program. In worst case scenarios, it may embed itself in Internet Explorer and
become part of the program, thus being nearly impossible to remove. The program
is also closely related to the Vundo and Virtumonde viruses.
[3] - Note: The database entry for the Virtumonde trojan and WinFixer itself
are down as of late February 2006), however, a great number of forum members on
on-line technical support forums and blogs believe that WinFixer is associated
with the Vundo trojan.
Program Name
Although purely speculative, it seems fairly obvious that the name WinFixer
is derived from the old Microsoft Windows abbreviation "Win" joined with the
word fixer, thus implying Win(dows) Fixer. Because of the name association with
the operating system, a hypothetical situation could occur in which a user may
possibly think that they are downloading a Windows related program, when, in
fact, they are not.
External links
Note
Most of these websites are selling products to remove WinFixer. If you intend
to buy any of these products, including the well known ones (Norton and McAfee),
do research on the products to make sure that they are effective and legitimate.
In addition, if you prefer to remove the software yourself, please use the
utmost caution when editing the registry values.
Links
Home | Up | Loyaltyware | WinFixer | 180 Solutions | DirectRevenue
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|