how to get rid of WinFixer2005??

how can i get rid of Winfixer 2005? It keeps popping up over and over, and when I try to close the pop-up, it shuts down my internet explorer.

isnt this spyware?

any help is appreciated.

 

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

hi I am trying to run vundofix.exe after all of the other steps.....

i see a bad BHO in line 04, but it continues to return.


tried to run in safe mode per instructions, but explorer will not launch in safe mode ???

when trying to run explorer in safe mode MANUALLY, explorer shuts down.

how can I complete the steps if I cant run safe mode?

thanks for you help.

 

P.S.

Followed HJT Tutorial instructions, nothing really showed up, aside from everyday spyware.....nothing malicious.

CC cleaner is freezing on me, when I click RUN CLEANER after it analyzes.

I have a hijack log.

Let me know when I can post it, maybe this can give you a better idea where I am, since I have already ran everything the HJT tutorial.

Thanks again.

 

Please post a HijackThis log as an attachment.

 

thanks heres my log

please note, i cannot run anything in safe mode. explorer will not run in safe mode.

thanks.

 

You have HijackThis installed in the wrong location. Please read the following thread
Downloading, Installing, and Running HijackThis.

Please follow the instructions in the following threads:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files

• This will create a VundoFix folder on your desktop.

• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this

• At this point press enter one time.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\pmnno.dll​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\onnmp.*​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• The fix will run then HijackThis will open.

• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - blank (file missing)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\pmnno.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll​

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.

• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

• Once your machine reboots please attach a fresh HJT log from normal mode.

 

hi

im having trouble. When in safe mode, my desktop icons do not show. just a black screen with "safe mode" on the four corners. I tried four times.

Also while in safe, Windows starts up anyway and asks me to log in, then it goes back to safe mode again with no icons.

I tried to run the Killvundo.bat file by pressing CTRL, ALT, DELETE in safe mode, by browsing to the file itself.

At this point, i was prompted to enter the first file path you gave me, I pressed ENTER, F6, and ENTER again........NOTHING HAPPENED. I rebooted, and as I said, I did this four times.

AT one point, upon rebooting and trying to post, I had the HS.DONE home page. I ran hijack this again and fixed that and was able to get back on to post.

Please help and advise. I am at a loss here, as I work for a living from my computer. ANY HELP and more suggestions GREATLY APPRECIATED!!!!!


heres my 2nd log. (not sure you actually need it when I couldnt run KillVUndo.bat though). Thanks

 

Sounds like your explorer.exe is corrupt.

Boot to Safe Mode with Command Prompt

Log in as administrator and enter your password (may be blank).

If the displayed prompt is not C:\> the type CD .. press the enter key. Do this as many times as necessary until your command prompt ins C:\>

At the command prompt type the following:

rename C:\Windows\explorer.exe C:\Windows\explorer.bad press enter

expand C:\I386\EXPLORER.EX_ C:\Windows press enter

No Reboot to SAFE MODE and run the VundoFix from my previous thread.

 

the problems continue

when i tried to rename explorer exactly as you told me, it told me invalid syntax, i retyped this about 10 times EXACTLY as you said

Please note, when I go to into c:\windows I cant even find explorer anymore, theres a folder in its place called "EHome"

I cant run Killvundo.bat at all but the process.exe file will run, ONLY if I press CTRL, ALT, DELETE at the black screen in safe mode. It said it was clearing out all bad dll files.

My son installed spyweeper and it appears that the Virtmundo is now in quarantine, which allowed me to get back on line again...

Heres a new hijack log in my NEXT post so you can advise me from here.

This VIRUS is nasty!!!!

Am I going to be forced to restore the entire computer??

 

im in major trouble now

i have no ICONS on my desktop

when i tried to redownload IE 6, it tells me i have a newer version already running on my computer?

is there something I need to do to get my INternet Explorer back, since you had me try to rename it?? I cant even find it on my computer, but I can run IE from CTRL, ALT DELETE at the BLANK desktop!!

HELP!!! im so confused.

 

No this virus is not nasty, following our instructions to the letter will remove it. Nobody should be doing anything that you are not instructed to do by myself or any of the other Authorized Malware Fighters here at Major Geeks; by doing things you are not instructed to do, can and will make things worse.

Internet Explorer and Explorer are 2 different things. You cannot download IE6 and install it on a system with SP2.

The eHome folder belongs to Windows Media Center, so leave it alone.

Explorer.exe is what controls your desktop, and some viruses will replace it with a corrupt version. SpySweeper may have deleted it when it found the corrupt version. It wasn't renamed because you received a syntax error when trying to execute the command I gave you.

Uninstall SpySweeper for the time being.

Boot to Safe Mode with Command Prompt

Log in as administrator and enter your password (may be blank).

If the displayed prompt is not C:\> the type CD .. press the enter key. Do this as many times as necessary until your command prompt is C:\>

At the command prompt type the following:

rename C:\Windows\explorer.exe explorer.bad press enter (If the file is nolonger there goto the next command)

expand C:\I386\EXPLORER.EX_ C:\Windows press enter (This is assuming you have an I386 folder on your computer)

 

okay sorry, just getting desparate with the lack of income coming in.

heres my new log.

hopefully theres some improvement ??

 

OK, your log shows no signs of WinFixer. Do you know what BayScribe is?

Also your Operating System is seriously out of date. You should install SP2 and run Windows update after we are done. (This is because I had you repalce your Explorer.exe with the one in the I386 folder).

How is your computer running?

 

Bayscribe is a secure site that I use for my Work for the hospital I work for. Its a valid safe file.

Computer is running better.

I installed the new Zone Alarm Security Client Trial..should I uninstall AVG???

Im wondering what is better to run to avoid this happening again...the AVG and the free version of ZOne Alarm.........or should I invest in the Zone ALarm Security Suite and run that alone?

I will go install SP2 now.

Should I post a log again after that??

 

I like AVG over the ZoneAlarm AV. Personally I run AVAST! Home Edition with Sygate Personal Firewall Free. Whether or not, and how quickly a system becomes infected has a lot to do with personal habits. You don't want to run two AV applications they will conflict with each other. Decide which one you like better and uninstall the other one.

There is no need for another HijackThis log after your update your system.

 

okay thanks for all of your help.

im gonna run a few days, and if i have problems, ill post back.

when i did the windows update it took 33 updates!! i installed them all, dont know if i needed them all, but i installed them all. Hopefully, this wont cause any problems.

I think I will download Avast and Sygate tomorrow.

THanks again!! You Rock!

 

hi

its been a few days and I am posting a new log
just to be sure nothing has creeped in.

There were a few times that Zone Alarm SEcurity prompted me, and I wasnt sure if to allow or disallow.

I appreciate if you could glance at my log and just make sure nothing

malicious is running that I am not aware of, or anything else you may see.

Thanks so much!!

 

Yes, your log is clean.

 

thank you kindly.

i installed Avast and Sygate.

Can you tell me should the VRDB in AVast be generated at all times? Or only when needed????

 

Set it to Generate when the System is Idle or when the Screen saver is running, your choice.