Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Removing "WinFixer" - Rogue Security Popups
This section provides a tutorial example on how to disable IE addons to stop WinAntiVirusPRO 2006 and WinFixer 2006 faksed security popup messages.
In order to identity the IE addon program that generates those faked security popup messages, I did a system scan with HijackThis. But in the HijackThis report, I could not find anything specifically related to winfixer. My guess is that the faked security messages were generated by one of the following IE addons:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX \AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\vtsts.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus \NavShExt.dll
Quick Research: I found some reports about winfixer 2006 on the Web. But nothing can help me to identify the bad IE addon.
What I Did:
1. Looked at IE > Internet Options > Programs > Manage Addon, and disabled:
AcroIEHlprObj Class Adobe Acrobat Control for ActiveX ATLDistrib Object AUTIO__X_MS_WMA Moniker Class DHTML Edit Control Safe for Scripting for IE5 DriverLetterAccess HTML Document InstallShield Update Service Agent Java Plug-in 1.4.2_03 Java Plug-in 1.4.2_03 MetaStreamCtl Class Real.com SearchAssistantOC Shockwave Flash Object Sun Java Console VIDEO__X_MS_WMV Moniker Class Windows Media Player Windows Media Player Windows Messenger XML Document
The following IE addons were kept enabled:
CNavExtBho Class Symantec CHisExtBho Class Symantec Norton AntiVirus Symantec Norton Internet Security Symantec Shell Name Space Microsoft for managing IE "Favorites"
Result: WinAntiVirusPRO 2006 and WinWinFixer 2006 problems were gone.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
►Malware Manual Removal Experience
Removing Malware "Social Privacy DNS"
Removing "WebBar" - htwtb.bin and bar.dll
Removing "SurfBuddy" - sbuddy.dll
Removing "WebSpecials" - webspec.dll
Removing "DSSAgent" - DSSAgent.exe
Removing "Best Offer" - farmmext.exe
Removing "dinst.exe" - dsr.dll
Removing "deSrcAs.dll" - MyWay Search Assistant
WinAntiVirusPRO 2006 Faked Security Popup
WinFixer 2006 Faked Security Popup
►Removing "WinFixer" - Rogue Security Popups
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal