Need help to get rid of "WINFIXER"

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by colme7, Sep 23, 2005.

  1. colme7

    colme7 Private E-2

    I have this Winfixer malware in my computer. I have followed step by step the instructions provided by Major Attitude on the basic spyware removal. I thought I got rid of the winfixer problem; however, today it just showed up again. Also, mu IE is slowed down loading images and is been freezing a lot lately since the winfixer problem appeared. (I don't know if that has something to do). I ran HJT as specified by Major Attitude in his tutorial and included in the message is the HJT log file as an attachment. Please help me out get rid of this plague. Thank you in advance for your help.
     

    Attached Files:

    colme7, Sep 23, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First you need to disable Spybot's Teatimer because is could get in our way.

    To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
    Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked.
    Now quit Spybot!

    Look in Add/Remove programs for Daily Weather Forecast and uninstall if found.

    Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.

    Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning and a list of forums to seek help at. Iit should look like this
    • At this point press enter one time.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):

    C:\WINDOWS\repair\hardanti.dll

    • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):

    C:\WINDOWS\repair\itnadrah
    .*

    • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
    • The fix will run then HijackThis will open.
    • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\hardanti.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O20 - Winlogon Notify: hardanti - C:\WINDOWS\repair\hardanti.dll



    • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
    • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
    • After reboot look attach a new HJT log from normal mode.
     
    chaslang, Sep 23, 2005
    #2
  3. colme7

    colme7 Private E-2

    First of all, thank you very much for your assistance with this matter. I followed the instructions as you directed and included is a fresh HJT log after the fixes were completed. On thing you should know:
    One of the files especified in your instruction was not identified, which was:
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\hardanti.dll
    That one did not show after the HJT scan; however, everything else was and were fixed as you instructed.
    One question: I could not find the daily weather forecast thing; but, it showed up on the HJT log, it is possible to fix that, I don't know how it is in the PC, because I never installed it.
    Again thank you very much for your help.
     

    Attached Files:

    colme7, Sep 25, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run HJT and select the below line then exist ALL browsers (including this one) before you click Fix.

    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe

    Now after Fixing, exit HJT and find and delete the below folder:
    C:\Program Files\Daily Weather Forecast


    How is eveything working now?
     
    chaslang, Sep 25, 2005
    #4
  5. colme7

    colme7 Private E-2

    Everything is running fine now. No sign of WINFIXER!!!! :) Again thank you very much for your help.

    I think this thread is done.
     
    colme7, Sep 26, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Sep 26, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds