Winfixer Problem Improved, But Still Persists

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Gary U, Oct 5, 2005.

  1. Gary U

    Gary U Private E-2

    My situation: I started getting Winfixer pop-ups, simulated Winfixer security checks, etc. I also have an occasional website pop-up for no apparent reason. I followed all of the steps for two of the tutorials here (the spyware one and the HJT one).

    This resulted in quite an improvement, but not a complete fix. When the Winfixer popup starts to load now, it basically stops with an error and I get a white screen which is easily closed. I also still get random websites to open up (one is for a bookstore, one shows an image of art, etc).

    What additional steps can I take to complete resolve these issues? Thanks.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  3. Gary U

    Gary U Private E-2

    I ran though all the tutorials and did the cleaning this past weekend. I ran a "fresh" HJT log today and attached.

    Thanks
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.

    Look in Add/Remove programs for the below and uninstall if found.
    MyWay or MyWaySA or MyWaySearchAssistant or similarly named.


    Please print these instructions out for use in Safe Mode with no networking and DO NOT RUN any browsers while doing these steps.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning and a list of forums to seek help at. Iit should look like this
    • At this point press enter one time.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):

    C:\WINDOWS\assembly\psras.dll

    • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):

    C:\WINDOWS\assembly\sarsp.*

    • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
    • The fix will run then HijackThis will open.
    • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DS
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wowway.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\assembly\psras.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O20 - Winlogon Notify: psras - C:\WINDOWS\assembly\psras.dll


    • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
    • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
    • Delete this folder if found: C:\Program Files\MyWaySA
    • Now please attach a new HJT log from normal mode.
     
  5. Gary U

    Gary U Private E-2

    OK, followed all the directions. Here is the new log.

    Thanks!
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's clean! So how is everything working now?
     
  7. Gary U

    Gary U Private E-2

    Two days now and no problems! I think it's fixed. Thank you VERY much!
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds