Outdated: Removing IE Addon "winfixer"

This section provides a tutorial example on remove adware 'winfixer'.

Symptom: Once a while, an IE pop up window shows up with in the address field. This pop up window contains a false warning message and advertisements for "WinAntiVirusPro 2006, WinAntiSpyware 2006, and WinFixer 2006". The warning message said:

Attention! Security Center has detected spyware on your PC sending
private information and documents to remote computer. One of processes
(Win32res.exe) has just sent this information: 

IP address: 
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; ....
Computer OS: Windows XP 
Full PC control: Gained 
Sent Information: approximately 17 Megabytes 

Sometime later, another IE window pops up with "http:www.winfixer.com/..." in the address field. The pop up window also contains a false warning message:

This site might require the following ActiveX control: 
'WinFixer2006FreeInstall.cab' from 'WinSoftware Corporation, Inc.'.
Click here to install...

Warning: Your computer may have critical errors in registry and 
file system! These errors can lead to computer crashes, instability,
slowness, and full system failure.

Immediate repair may be required.

To scan your computer for errors click the "Next" button below.

HijackThis Report: In the report, I could not find anything specifically related to winfixer. My guess is that the pop up is generated by one of the following IE addons:

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} 
   - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} 
   - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} 
   - C:\Program Files\Norton Internet Security\Norton AntiVirus

Quick Research: I found some reports about winfixer 2006 on the Web. But nothing can help me to identify the bad IE addon.

What I Did:

1. Looked at IE > Internet Options > Programs > Manage Addon, and disabled:

AcroIEHlprObj Class
Adobe Acrobat Control for ActiveX
ATLDistrib Object
AUTIO__X_MS_WMA Moniker Class
DHTML Edit Control Safe for Scripting for IE5
HTML Document
InstallShield Update Service Agent
Java Plug-in 1.4.2_03
Java Plug-in 1.4.2_03
MetaStreamCtl Class
Shockwave Flash Object
Sun Java Console
VIDEO__X_MS_WMV Moniker Class
Windows Media Player
Windows Media Player
Windows Messenger
XML Document

The following IE addons were kept enabled:

CNavExtBho Class           Symantec
CHisExtBho Class           Symantec
Norton AntiVirus           Symantec
Norton Internet Security   Symantec
Shell Name Space           Microsoft for managing IE "Favorites"

Result: Winfixer 2006 problem is gone.

Table of Contents

 About This Book

 Introduction to Microsoft Windows

 Introduction to Windows Explorer

 Introduction to Internet Explorer

 "Paint" Program and Computer Graphics

 GIMP - GNU Image Manipulation Program

 JPEG Image File Format Quality and Size

 GIF Image File Format and Transparent Background

 "WinZip" - ZIP File Compression Tool

 "WinRAR" - RAR and ZIP File Compression Tool

 FTP Server, Client and Commands

 "FileZilla" - Free FTP Client and Server

 Web Server Log Files and Analysis Tool - "Analog"

 Spyware Adware Detection and Removal

 IE Addon Program Listing and Removal

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 Spybot - Spyware Blocker, Detection and Removal

 Setting Up and Using Crossover Cable Network

 Home Network Gateway - DSL Modem/Wireless Router

 Windows Task Manager - The System Performance Tool

 "tasklist" Command Line Tool to List Process Information

 "msconfig" - System Configuration Tool

 Configuring and Managing System Services

 Windows Registry Key and Value Management Tools

 Startup Programs Removal for Better System Performance

 Winsock - Windows Sockets API

 Java on Windows

 Glossary of Terms

Outdated Tutorials

 Outdated: "HijackThis" - Spyware and Browser Hijacker Detector

 Outdated: Removing deSrcAs.dll - MyWay Search Assistant

 Outdated: Removing Google Desktop Icon - GoogleDesktop.exe

 Outdated: Removing IE Default Search Settings

Outdated: Removing IE Addon "winfixer"

 Outdated: Removing Yahoo! IE Services Button - yiesrvc.dll

 Outdated: Removing MySearch Toolbar - S4BAR.DLL

 Outdated: Removing NetZero Toolbar - Toolbar.dll

 Outdated: Removing Windows Messenger Extra Button


 PDF Printing Version