WinFixer has infiltrated my browser (adware I think)

Discussion in 'Malware Help (A Specialist Will Reply)' started by oaf1984, Feb 23, 2006.

  1. oaf1984

    oaf1984 Private E-2

    I read the stickies about the generic solution, and it is pretty much all greek to me. To be honest I am not exactly sure what the problem is. Could not seem to find it on other threads. If I am breaking some kind of rule, feel free to trash this thread.

    Specs.

    I am running Windows XP sp2 home edition

    HP 2.2 GZ 448 MB Ram blah blah....

    I am using IE6 sp2


    This is the problem:

    Every so often I get a "Warning" from IE saying that I could have potentially damaging registery problems, and that it recommends that I download WinFixer 2006. It gives a yes or no option. I know this is BS and click no. Another screen pops up saying that they have detected some stupid crap and that they will proceed with the download. This time there is only the "Ok" option. BUT there is a 'x' in the corner to close the window, I click the 'x'. It takes me out of what I was browsing and tries to auto download this dum ass program. It also changes the window size of the Browser. A real pain.

    Is this a virus, or adware, or a weirdo pop-up?

    I do have pop-up blocker on. And I have the AVG free edition. They have found Trojan Horses in the past, but the deletion of those has not been related to this.

    I found some Winfixer 2006 files which I deleted, but the problem still existes.

    I also think that my Dad may have downloaded it. He is not computer savvy at all and has a bad memory when it comes to this stuff, so that is also a mystery that will probably remain unsolved.

    Also, thank you guys/girls so much for all you do. You have pulled my butt from the fire a few times. Your service is much appreciated.
     
    oaf1984, Feb 23, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The Generic Solution is only for HSA hijackers not Winfixer (which is really Virtumonde).

    Run this and attach the log: Virtumonde aka Trojan Vundo Removal

    If the above does not solve all your malware issues, continue with the below.


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis


    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

    Quote:
    Bitdefender
    Panda Scan
    HijackThis


    .
     
    chaslang, Feb 23, 2006
    #2
  3. oaf1984

    oaf1984 Private E-2

    I did it.

    -BUT-

    When I checked the box asking it to perform it as a task, it would not reopen, so I did it w/o the box. Is that cool?

    Here is the log:

    (I have no idea what any of this means)


    VundoFix V4.2.26
    Scan started at 12:49:15 PM 23/02/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\jkhhf.dll
    C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\fhhkj.tmp

    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.tmp
    C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\jkhhf.dll
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.tmp
    C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\jkhhf.dll

    VundoFix V4.2.26
    Scan started at 12:54:24 PM 23/02/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\jkhhf.dll
    C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\fhhkj.tmp

    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.tmp
    C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\jkhhf.dll
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.tmp
    C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\jkhhf.dll
    Attempting to delete C:\WINDOWS\system32\jkhhf.dll
    C:\WINDOWS\system32\jkhhf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\fhhkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fhhkj.tmp
    C:\WINDOWS\system32\fhhkj.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!
     
    oaf1984, Feb 23, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What is your status now?
     
    chaslang, Feb 23, 2006
    #4
  5. oaf1984

    oaf1984 Private E-2

    SO far so good.

    It is hard to tell at the moment, there are times when it pops up more than other.

    At the moment I have not had winfixer pop up so far.

    Do you recoge these types of files on the log?
     
    oaf1984, Feb 23, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! As I said in my first message, you had a Virtumonde infection.

    If you run into anymore malware problems, follow the other steps I gave you.
     
    chaslang, Feb 23, 2006
    #6
  7. oaf1984

    oaf1984 Private E-2

    Thanks for your help
     
    oaf1984, Feb 23, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Feb 23, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds