Talk:WinFixer

From Wikipedia, the free encyclopedia

Contents

[edit] Spybot and Ad-Aware

I've added links to the Wikis for these two in the 'Removing WinFixer' section. I have and use both, and can affirm that they do remove WinFixer et al. effectively. Therefore, I think it is useful for them to be mentioned in this article, to help out those infected with this malware.

[edit] Grammar Fix

The section "Pop up Window screenshots" had pretty bad grammar, so I tidied it up. It's not a whole lot different, but in case you mods want to see how I did, it's there. ~ Deku-Scrub

[edit] SysProtect

I got a popup that was just like WinFixer's except it was renamed to SysProtect.

[edit] Error Safe

"I got a popup that was just like WinFixer's except it was renamed to SysProtect." Same thing, only under the guize of "Error Safe".

[edit] Notes about the initial pop-up message

Editor's Personal Note: Winfixer is very dangerous to an unprotected computer, such as mine was, and is the most in-your-face spyware program I have encountered. [advice deleted] --66.30.107.71 00:37, 14 November 2005 (UTC)

The above message included some misleading adice, which has been deleted. In Winfixer pop-ups, Winfixer spyware is downloaded if you click on "Yes", "No", or even on the X button at the top. The pop-ups are not on Windows task manager, so using the three finger salute (ie. Ctrl+Alt+Del in Windows) does not work. To end the pop up safely, first disconect from the internet, then close the pop up, and close the window that follows

Note from another user: I saw the pop-up ad for winfixer and since I never trust pop-up ads, I just closed the application by pressing the orange "X" button in the top left. However, this just caused the application to be downloaded anyway. The only way to prevent the application from being downloaded is to disable the internet application, then click the "X" button. Using Ctrl-alt-delete does not work to make the application go away, becuase the winfixer pop-up ad will not show up on the task manager.



Note from an unsatisfied customer: I feel pretty stupid for saying this, but I would have been taken in if not for this page which I found halfway through installation. The thing that convinced me was that my popup window DIDN'T have any of the usual tricks, like the "no" or "close" buttons also being a link. It looked authentic.

Yeah it's not actually a pop-up is it? Unless I am mistaken, it is a Dialog Box. Quite suprising that internet explorer allows a website to open this kind of thing. Does anyone know more about the nature of the initial message? -- Nojer2 11:53, 8 February 2006 (UTC)

[edit] Removing winfixer

There is a website, http://www.spyware-removal-guideline.com/winfixer-removal, that suggests a solution for removing WinFixer. I have not tried it out yet, mostly because my better judgement tells me that this site may itself be a spyware advocate. If anyone has any information on the aforementioned website, please share. Otherwise, I may have to try it out myself and, perhaps, suffer the consequences.

I'd recommend sticking with a verifiable source; both Symantec and McAfee offer 'tutorials' on how to nuke this sucker - they're time consuming procedures, but there's legitimacy. (I wonder why they cannot figure out how to get rid of it using their flagship products? Maybe that's coming.) -BB, 21Dec2005

[edit] Finding/Punishing the people behind winfixer

All of this talk about how to remove WinFixer would be moot if the people behind this misuse of private property could be found and stopped. Surely they can be traced -- why can't they be punished for their antisocial activities? Johna 16:10, 7 January 2006 (UTC)

That wouldn't work. The internet is international, obviously and WinFixer are hosted in various places around the world and thus would need every country to ban it, which most can't be arsed to do. Also, people argue it takes away freedom of speech (the same people that think child porn is a form of expresssion). 62.31.114.26 10:17, 22 June 2006 (UTC)

What about the people who went as far as to pay the $39.95 for their ErrorSafe product? (From their credit cards.) I'm guessing that's legal? User:NealIRC 14 August 2006 18:39 (UTC)

[edit] Reboot System

A much simpler way to get rid of this adware is to simply reboot your system in system recovery mode, it has worked for numerous people including myself.(Brodey)

[edit] Mozilla?

Luckily I have Mozilla as the default download browser. Every time I fail to kill the pop-up, Mozilla stops it, as permission is required for downloads. I deny permission. Seems to work...

  • I just dowloaded Mozilla after reading the above quote and am delighted! I suggest keeping both IE and Mozilla, and using one's already-infected IE if you're visiting what might be questionable sites. BTW, I posted all the stuff I found on the Ukraine/Canadian angle, in synopsis and under "Possible Legal Action". Thought it was important. Hope it's not too messy. Shawn, Montreal, 08/2006
  • Id agree, whenever i used IE i would get atleast 3 popups each time i visited another page, and they would predominately be Jamster pop ups or Winfixer ones (which were so OBVIOESLY fake).

As soon as i switched to FireFox, nothing. Not a single pop up since. I would say this is a sure fire to avoid Winfixer.

[edit] Headline text

Whoever created this page: Thank you. Our computer is infected with WinFixer and this was really informative. //user:DJRaveN4x

[edit] Opera Problems?

Hello,

I've seen WinFixer more times than I can count on computers at a local retirement home I used to volunteer at. Although I'm pretty computer safety savvy, I have to ask - is the Opera internet browser (which I use) affected by this blight? Thanks...--Spectrechris

I have found Opera to be as safe as houses in this regard. - Salmanazar 22:27, 29 January 2006 (UTC)

[edit] Just leave it?

If you have the popup come up, can you just ignore it and like move the box to the corner of the screen until your done surfing? or does it download anyway?

-I wouldn't do that...I mean, it is possible, but, I'm not willing to risk my baby (ok, computer) to test that. - Spectrechris


-:With IE security settings at medium or above, WinFixer will no be downloaded without your permission. Just close the second full-screen pop up that appears (the one that prompts for download).

[edit] Page quality

To give this page more credibility (and to get rid of the Higher Standards thingie), I re-wrote parts of it and softened some of the language...But, I left it up there so you all can review it. - Spectrechris

Yes. I'd be in favour of removing that notice now (it was put on before my improvements too). -- Nojer2 15:32, 2 March 2006 (UTC)

[edit] Spambox

Given the fact that this article is about a security threat, and that potential solutions are offered by commercial companies, is it really legitimate to include a spam warning? Lee M 03:01, 13 May 2006 (UTC)

Wikipedia is specifically not any kind of how-to guide or tutorial. I would much rather see an objective look at the nature of the program than a list of commercial websites trying to sell their removers. --RainR 08:39, 17 May 2006 (UTC)

[edit] What if you click cancel?

I got the WinFixer popup on my computer and I clicked cancel without disconnecting. Does that mean it is installed on my computer?--Taida 21:47, 26 June 2006 (UTC)

Yes :(

What if i did the same on FireFox? --Kitetsu 12:28, 21 November 2006 (UTC)

If you press cancel in Firefox or Opera, nothing is downloaded. --Xanthar 02:24, 25 November 2006 (UTC)

[edit] Winfixer

List_of_ZIP_Codes_in_New_York#13000_-_13099_:_Syracuse_area_communities_.28A-L.29

This demonstrates that 13088 is a postcode in Liverpool, New York.

--Quentin Smith 12:58, 24 July 2006 (UTC)

[edit] WinAntiVirus

WinAntiVirus isn't identical to WinFixer. As far as I know, it does work, just not very well. 80.193.149.218 22:34, 17 August 2006 (UTC)

[edit] Unavailable?

I attempted to get a copy of this from http://www.winfixer.com/buy_now.html so I could test different removal tools / antispyware, and the download page claims (rather ridiculously) that no copies are available. Could it have been taken down? YnnaD 19:13, 5 September 2006 (UTC)

[edit] 19 October cleanup

I cleaned up the article a bit. It's still sort of biased against WinFixer (rightly so), I think, and the writing could use a bit more professionalism. There was a big problem with the article assuming that the user would not want to download the program, and directing them to sites that would help get rid of it. Quite unencyclopedic, I'd say... Voretus the Benevolent 17:03, 19 October 2006 (UTC)

[edit] Neutrality?

All the tags on this article are hard to understand. While the style can be improved this is no matter of neutrality. What kind of neutrality or POV is expected about viruses? -

The {npov} {references} tags should be removed. Literally all vendors of security software recognize these programs as viruses. And many sources have been added in the last months.

I edited in some sentences about "SystemDoctor", same of the kin.--Peter Eisenburger 14:21, 23 October 2006 (UTC)

[edit] DriveCleaner

I got popups asking me to download DriveCleaner. This one claims to clean Internet tracks from adult sites and it claims to keep the registry clean (Just like Winfixer) Unsurprisingly, the popups look and act just like WinFixer. I also added it to the Winfixer article.

[edit] Thought that I got it, but...

Um, hello there. A new Wikipedian, but old member of Wookieepedia and Star Wars Fanon Wikias.

Anyway, I went to Wikipedia's article about Proxy servers, clicked on the second Open Source Project (dmoz.org or something like that) link, clicked there anonymouse.org (or .com, can't remember) and before I got to start proxy surfing, I was on the site fi.errorsafe.org and got that nasty-pop-up window several times. I clicked cancel on all of them and somehow managed to kill that page. I'm using Internet Explorer 7 Beta now.

I came to here, read this article, panicked, went to read about disinfection on Symantec's internet site, started my trial version of F-Secure anti-virus and waited. It scanned almost every single file on my computer, including reg. keys and nothing! No viruses, trojans, malware, etc.!

So, I thought it was too good to be true and I opened registry editor and checked several folders on it as recommended in the disinfection article on Symantec's web site. NOTHING! Sorry 'bout the Caps Lock...anyway, no ErrorSafe or anything! Just the files there should be...so, I wasn't infected!

I wanted to share this story with you Wikipedians. I honestly don't know what would I have done without your article. And Symantec's article. First time ever used XP's registry editor, and it was simple! Thank you. --Roosa 18:19, 3 November 2006 (UTC)

[edit] Winfix

I believe there could be confusion in peoples minds between Winfixer and Winfix. Winfix is a windows optimizing product marketed by Challenger Software of California USA and appears to be a perfectly genuine product unconnected with Winfixer.

I wondered whether something to this effect should be included in the article, particularly if it could be done by someone with a knowledge of Winfix's legitimacy. 11.10, 5 November 2006 (UTC)

[edit] Winantivirus very bad, very hard to remove

Winantivirus is definitely malware, and none of the above fixes removes it entirely. I had to reformat to get rid of it. my router recorded 2000 outgoing security events in 2 days while this program was running on my computer. My advice is learn how to back up all your docs, and how to reformat your HD in case you ever get something this bad.

[edit] Loathesome

I'm getting very fed up with ErrorSafe peckering my PC whenever i try and upload one of my baleful drawings in imageshack.us, which, if my suspicions are correct, have the ErrorSafe popup installed there. I swear to god, if this keeps up, i just WISH i'd sue -- no, BLACKMAIL the developers of ErrorSafe to halt the "promotion" of the malware permanently for being in the cesspool of hackers without a sense of direction in life, and sue ImageShack for being a medium in their petty scheme for a petty amount of cash.

Alas, i'm just a rambling dreamer with not a lot of privileges. *sigh* --Kitetsu 12:19, 21 November 2006 (UTC)

As far as I am aware, Imageshack doesn't use advertisements from Errorsafe. However, some adware, when installed on your system, will automatically cause pop-ups when browsing certain (usually quite popular) sites, which is sometimes specified in part of the adware program itself. So the chances are, this has nothing to do with Imageshack themselves, and more to do with WinFixer/ErrorSafe. --Dreaded Walrus 12:31, 21 November 2006 (UTC)

[edit] A fix?

I think I've fixed the problem. It was in a different place than most of the system security guys think it is. However, I'm going to leave it for a week. Clue: Google 'em.gad-network.com'. Dbuckner 21:24, 2 December 2006 (UTC)

[edit] Fix? update

  • My children's computer was affected my this about a month ago and I have only just worked out to fix it.
  • The affected PC has strong controls over site content (they are not even allowed chat rooms or the like) so I am

still puzzling about how it happened.

  • I don't believe there is any kind of malware or executable. The first sign of trouble is when

the browser randomly calls the following URL.

"http://em.gad-network.com/eas?cu=34&login=672125&mediaid_prefix=005&extparam=1:NIPfi7=ASQ6KA7u7Iwn3Uw&time=312e313536&nums=N01BGBG6Z"

This causes the behaviour of the browser to change. Thereafter, pressing the back button into the Google page causes the call above to happen, then the format of the browser changes slightly (it tabs down and to right - not sure what is happening here.

  • Thereafter, you get calls such as the following (.

"http://go.winantispyware.com/NjM1/2/422/N01BGBG6Z-FBI.M0SATx&login=672125&mediaid_prefix=005&time=312e313536"

  • The login id is identical in all cases. This is what suggests to me there is no malware or executable code.

All you see at any time is a window.

  • However, what you see is an alarming message saying that your computer has been infected, or that it is calling

a remote computer. This is clearly false, because if you save down the page, you see that messages like '54 files have been infected' are hard coded into the html. This also is what is illegal - they are deliberately giving false information about the state of your computer in order to get money off you.

  • The easiest way to fix the problem is to block the url's above.
  • This does not stop the blocked calls, which Norton (in my case) reports. But it stops the problem going any

further.

  • To get rid of it completely (if you are brave enough) go to the gad network site, who will send you a removal tool. This worked for me, but note that it can screw up dial connections. See below.
  • The following website offers help on this

http://www.imaginarynumber.co.uk/gadnetworkarescum

Dbuckner 09:46, 3 December 2006 (UTC)

[edit] Blocked Download

Hello, I some how found my way to winfixer a year ago. I kept pressing "x" but then it gave me the download page, but I was saved by the download protection on windows XP. I went on the site again, being an idiot, so is it on my system without me knowing? —The preceding unsigned comment was added by Hihihi1823 (talk • contribs) 22:23, 9 December 2006 (UTC).