Windows Tutorials - Herong's Tutorial Examples - v5.62, by Dr. Herong Yang
Outdated: Removing IE Addon "winfixer"
This section provides a tutorial example on remove adware 'winfixer'.
Symptom: Once a while, an IE pop up window shows up with http://202.67.220.233 in the address field. This pop up window contains a false warning message and advertisements for "WinAntiVirusPro 2006, WinAntiSpyware 2006, and WinFixer 2006". The warning message said:
Attention! Security Center has detected spyware on your PC sending private information and documents to remote computer. One of processes (Win32res.exe) has just sent this information: IP address: 66.19.202.184 Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .... Computer OS: Windows XP Full PC control: Gained Sent Information: approximately 17 Megabytes
Sometime later, another IE window pops up with "http:www.winfixer.com/..." in the address field. The pop up window also contains a false warning message:
This site might require the following ActiveX control: 'WinFixer2006FreeInstall.cab' from 'WinSoftware Corporation, Inc.'. Click here to install... Warning: Your computer may have critical errors in registry and file system! These errors can lead to computer crashes, instability, slowness, and full system failure. Immediate repair may be required. To scan your computer for errors click the "Next" button below.
HijackThis Report: In the report, I could not find anything specifically related to winfixer. My guess is that the pop up is generated by one of the following IE addons:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX \AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\vtsts.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus \NavShExt.dll
Quick Research: I found some reports about winfixer 2006 on the Web. But nothing can help me to identify the bad IE addon.
What I Did:
1. Looked at IE > Internet Options > Programs > Manage Addon, and disabled:
AcroIEHlprObj Class Adobe Acrobat Control for ActiveX ATLDistrib Object AUTIO__X_MS_WMA Moniker Class DHTML Edit Control Safe for Scripting for IE5 DriverLetterAccess HTML Document InstallShield Update Service Agent Java Plug-in 1.4.2_03 Java Plug-in 1.4.2_03 MetaStreamCtl Class Real.com SearchAssistantOC Shockwave Flash Object Sun Java Console VIDEO__X_MS_WMV Moniker Class Windows Media Player Windows Media Player Windows Messenger XML Document
The following IE addons were kept enabled:
CNavExtBho Class Symantec CHisExtBho Class Symantec Norton AntiVirus Symantec Norton Internet Security Symantec Shell Name Space Microsoft for managing IE "Favorites"
Result: Winfixer 2006 problem is gone.
Table of Contents
Introduction to Microsoft Windows
Introduction to Windows Explorer
Introduction to Internet Explorer
"Paint" Program and Computer Graphics
GIMP - GNU Image Manipulation Program
JPEG Image File Format Quality and Size
GIF Image File Format and Transparent Background
"WinZip" - ZIP File Compression Tool
"WinRAR" - RAR and ZIP File Compression Tool
FTP Server, Client and Commands
"FileZilla" - Free FTP Client and Server
Web Server Log Files and Analysis Tool - "Analog"
Spyware Adware Detection and Removal
IE Addon Program Listing and Removal
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
Spybot - Spyware Blocker, Detection and Removal
Setting Up and Using Crossover Cable Network
Home Network Gateway - DSL Modem/Wireless Router
Windows Task Manager - The System Performance Tool
"tasklist" Command Line Tool to List Process Information
"msconfig" - System Configuration Tool
Configuring and Managing System Services
Windows Registry Key and Value Management Tools
Startup Programs Removal for Better System Performance
Outdated: "HijackThis" - Spyware and Browser Hijacker Detector
Outdated: Removing deSrcAs.dll - MyWay Search Assistant
Outdated: Removing Google Desktop Icon - GoogleDesktop.exe
Outdated: Removing IE Default Search Settings
►Outdated: Removing IE Addon "winfixer"
Outdated: Removing Yahoo! IE Services Button - yiesrvc.dll
Outdated: Removing MySearch Toolbar - S4BAR.DLL
Outdated: Removing NetZero Toolbar - Toolbar.dll