Winfixer Removal |
by steamwiz | |
January 13, 2006 | |
Winfixer is a variant of the Virtumonde (Vundo) web browser hijacker. It pretends to be a program that will help you fix windows problems, but really it reports false information to try to get you to purchase the program. It is a SCAM. This nasty trojan can be removed by following the steps below: Note: You should print out these directions before continuing, as you will need to reboot your computer. Remove WinfixerStep 1: HijackThisDownload and run HijackThis. Our HijackThis tutorial will get you through that part. Once you have run it and created a log file, return to these instructions. Step 2: Examine HijackThis LogNext, look at the log file that HijackThis created and look for entries similar to this:
Step 3: VundoFixPlease download VundoFix.exe to your desktop: http://www.atribune.org/content/section/4/30/ Step 4: Reboot into safe modeIf you're not sure of how to get into safe mode, click here for instructions. Step 5: KillVundo.batNow that you are in safe mode, open the VundoFix folder on your desktop and double-click on KillVundo.bat
Press Enter. Next it will ask you for the filename - enter in the exact filename you wrote down in Step 2, i.e. C:\WINDOWS\repair\srvdisk.dll (as shown in the O2 & O20 entries in YOUR HijackThis log file)
Press Enter. It will now ask you for a second filename. Please type the following file path (make sure to enter it exactly as below) REMEMBER...(This is the entry as shown in the O2 & O20 entries in YOUR hijackthis ... spelled backwards) Press Enter. The fix will run, then HijackThis will open. Step 6: HijackThisIn Hijackthis, please place a check next to the following item(s) and click FIX CHECKED : (Again, replace srvdisk.dll with whatever you found in Step 2) Step 7: CleanUpDownload and install CleanUp: http://www.stevengould.org/downloads/cleanup/CleanUp40.exe
Step 8: Panda ActiveScanRun Panda ActiveScan virus scanner: http://www.pandasoftware.com/products/activescan.htm
Done! Your computer should now be clean of the Winfixer trojan! If you want your results checked....start a new thread in the Spyware Forum. Copy the results of the ActiveScan and paste them in the new thread, along with a new Hijackthis log and the vundofix.txt file from the vundofix folder. Make sure you tell us you have run the vundofix for Winfixer! |