Noob needs help with WinAntiSpy or UWAS6_0001....NetInstaller.exe

Hi and Welcome to Majorgeeks!

Below is our 1st steps guide for you to run on that PC, its a proven set of steps to initially get us to a point when most of the malware on a PC are removed or highlighted in which then a custom tailored set of fruther removal steps are posted from our experts in malware removal,

Run this first as IIRC ( and Chas or the guys will remind me ) that WinAntiSpy is related to WinFixer Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

The follow the below guide.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • 
    [*]runkeys.txt - the log from GetRunKey.bat
    [*]newfiles.txt - the log from ShowNew.bat
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Norton cannot fix this and never has been able to do so. In addition they do not even detect all the related files and problems that come with it. You should request a refund and send them an email stating that their tech support line is rather incompetent. They don't even know the correct way to remove this malware and this is supposed to be their specialty. As Halo stated, it is part of the Virtumonde family. You may have Virtumonde and winlogonhook. After you attach all the logs we will know, and we will also fix your PC the right way. Virtumonde can cause a variety of problems including popups and also can slow your PC down.

 

You're welcome, but the VundoFix log just indicated that you did not have a Virtumonde problem that it could find.

 

Actually it does not overwrite. It appends to the file. Take a look at the log you post and you will see it has two different dates it was run.