Removing "WinFixer" - Rogue Security Popups

This section provides a tutorial example on how to disable IE addons to stop WinAntiVirusPRO 2006 and WinFixer 2006 faksed security popup messages.

In order to identity the IE addon program that generates those faked security popup messages, I did a system scan with HijackThis. But in the HijackThis report, I could not find anything specifically related to winfixer. My guess is that the faked security messages were generated by one of the following IE addons:

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX
   \AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} 
   - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} 
   - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} 
   - C:\Program Files\Norton Internet Security\Norton AntiVirus
   \NavShExt.dll

Quick Research: I found some reports about winfixer 2006 on the Web. But nothing can help me to identify the bad IE addon.

What I Did:

1. Looked at IE > Internet Options > Programs > Manage Addon, and disabled:

AcroIEHlprObj Class
Adobe Acrobat Control for ActiveX
ATLDistrib Object
AUTIO__X_MS_WMA Moniker Class
DHTML Edit Control Safe for Scripting for IE5
DriverLetterAccess
HTML Document
InstallShield Update Service Agent
Java Plug-in 1.4.2_03
Java Plug-in 1.4.2_03
MetaStreamCtl Class
Real.com
SearchAssistantOC
Shockwave Flash Object
Sun Java Console
VIDEO__X_MS_WMV Moniker Class
Windows Media Player
Windows Media Player
Windows Messenger
XML Document

The following IE addons were kept enabled:

CNavExtBho Class           Symantec
CHisExtBho Class           Symantec
Norton AntiVirus           Symantec
Norton Internet Security   Symantec
Shell Name Space           Microsoft for managing IE "Favorites"

Result: WinAntiVirusPRO 2006 and WinWinFixer 2006 problems were gone.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

Malware Manual Removal Experience

 Removing Malware "Social Privacy DNS"

 Removing "WebBar" - htwtb.bin and bar.dll

 Removing "SurfBuddy" - sbuddy.dll

 Removing "WebSpecials" - webspec.dll

 Removing "DSSAgent" - DSSAgent.exe

 Removing "Best Offer" - farmmext.exe

 Removing "dinst.exe" - dsr.dll

 Removing "deSrcAs.dll" - MyWay Search Assistant

 WinAntiVirusPRO 2006 Faked Security Popup

 WinFixer 2006 Faked Security Popup

Removing "WinFixer" - Rogue Security Popups

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 Full Version in PDF/ePUB