Jump to content

Talk:WinFixer/Archive 1

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Archive 1

Notes about the initial pop-up message

Editor's Personal Note: Winfixer is very dangerous to an unprotected computer, such as mine was, and is the most in-your-face spyware program I have encountered. [advice deleted] --66.30.107.71 00:37, 14 November 2005 (UTC)

The above message included some misleading adice, which has been deleted. In Winfixer pop-ups, Winfixer spyware is downloaded if you click on "Yes", "No", or even on the X button at the top. The pop-ups are not on Windows task manager, so using the three finger salute (ie. Ctrl+Alt+Del in Windows) does not work. To end the pop up safely, first disconect from the internet, then close the pop up, and close the window that follows — Preceding unsigned comment added by Polonium (talkcontribs) 00:35, 8 January 2006
Ctrl+Alt+Del works if you shut down the process of your browser. Valentine de Villefort —Preceding unsigned comment added by 81.92.188.214 (talk) 20:46, 10 December 2007 (UTC)

Note from another user: I saw the pop-up ad for winfixer and since I never trust pop-up ads, I just closed the application by pressing the orange "X" button in the top left. However, this just caused the application to be downloaded anyway. The only way to prevent the application from being downloaded is to disable the internet application, then click the "X" button. Using Ctrl-alt-delete does not work to make the application go away, becuase the winfixer pop-up ad will not show up on the task manager.— Preceding unsigned comment added by 67.170.70.132 (talkcontribs) 05:08, 13 December 2005

Note from an unsatisfied customer: I feel pretty stupid for saying this, but I would have been taken in if not for this page which I found halfway through installation. The thing that convinced me was that my popup window DIDN'T have any of the usual tricks, like the "no" or "close" buttons also being a link. It looked authentic.

Yeah it's not actually a pop-up is it? Unless I am mistaken, it is a Dialog Box. Quite suprising that internet explorer allows a website to open this kind of thing. Does anyone know more about the nature of the initial message? -- Nojer2 11:53, 8 February 2006 (UTC)

Removing winfixer

There is a website, http://www.spyware-removal-guideline.com/winfixer-removal, that suggests a solution for removing WinFixer. I have not tried it out yet, mostly because my better judgement tells me that this site may itself be a spyware advocate. If anyone has any information on the aforementioned website, please share. Otherwise, I may have to try it out myself and, perhaps, suffer the consequences. — Preceding unsigned comment added by 216.60.18.40 (talkcontribs) 21:19, 14 December 2005

I'd recommend sticking with a verifiable source; both Symantec and McAfee offer 'tutorials' on how to nuke this sucker - they're time consuming procedures, but there's legitimacy. (I wonder why they cannot figure out how to get rid of it using their flagship products? Maybe that's coming.) -BB, 21Dec2005 — Preceding unsigned comment added by 168.103.114.137 (talkcontribs) 21:22, 21 December 2005

Here is a website with good traffic rank and is also a Rogue Remover certified site which claims to remove winfixer for free with its tool with no ads, no popups, no email regustation etc. http://spywaresignatures.com/forums/viewtopic.php?name=&t=186 — Preceding unsigned comment added by 59.178.41.174 (talkcontribs) 20:00, 5 May 2007

Reboot System

A much simpler way to get rid of this adware is to simply reboot your system in system recovery mode, it has worked for numerous people including myself.(Brodey) — Preceding unsigned comment added by Brodey (talkcontribs) 08:16, 7 January 2006

Finding/Punishing the people behind winfixer

All of this talk about how to remove WinFixer would be moot if the people behind this misuse of private property could be found and stopped. Surely they can be traced -- why can't they be punished for their antisocial activities? Johna 16:10, 7 January 2006 (UTC)

That wouldn't work. The internet is international, obviously and WinFixer are hosted in various places around the world and thus would need every country to ban it, which most can't be arsed to do. Also, people argue it takes away freedom of speech (the same people that think child porn is a form of expresssion). 62.31.114.26 10:17, 22 June 2006 (UTC)

What about the people who went as far as to pay the $39.95 for their ErrorSafe product? (From their credit cards.) I'm guessing that's legal? User:NealIRC 14 August 2006 18:39 (UTC) — Preceding unsigned comment added by NealIRC (talkcontribs) 17:39, 14 August 2006

Mozilla?

Luckily I have Mozilla as the default download browser. Every time I fail to kill the pop-up, Mozilla stops it, as permission is required for downloads. I deny permission. Seems to work… — Preceding unsigned comment added by 68.222.40.199 (talkcontribs) 01:43, 8 January 2006

  • I just dowloaded Mozilla after reading the above quote and am delighted! I suggest keeping both IE and Mozilla, and using one's already-infected IE if you're visiting what might be questionable sites. BTW, I posted all the stuff I found on the Ukraine/Canadian angle, in synopsis and under "Possible Legal Action". Thought it was important. Hope it's not too messy. Shawn, Montreal, 08/2006 — Preceding unsigned comment added by 69.156.35.22 (talkcontribs) 22:21, 8 January 2006
I think you've misunderstood - the adware doesn't just infect 'IE', it infects your computer THROUGH IE. That tactic really doesn't do anything other than exposing your computer even more (whenever you use IE). Joffeloff 15:12, 2 March 2007 (UTC)
  • Id agree, whenever i used IE i would get atleast 3 popups each time i visited another page, and they would predominately be Jamster pop ups or Winfixer ones (which were so OBVIOESLY fake). As soon as i switched to FireFox, nothing. Not a single pop up since. I would say this is a sure fire to avoid Winfixer. — Preceding unsigned comment added by 202.7.166.168 (talkcontribs) 12:17, 31 January 2006

When I was using Firefox, I kept getting pop-ups for WinFixer (but no download). I might have been using an outdated version, though, because the pop-up blocker was awful, but actually works now.--84.12.33.72 20:52, 5 February 2007 (UTC)

Headline text

Whoever created this page: Thank you. Our computer is infected with WinFixer and this was really informative. //user:DJRaveN4x — Preceding unsigned comment added by 72.241.33.162 (talkcontribs) 16:24, 16 January 2006

Opera Problems?

Hello,

I've seen WinFixer more times than I can count on computers at a local retirement home I used to volunteer at. Although I'm pretty computer safety savvy, I have to ask - is the Opera internet browser (which I use) affected by this blight? Thanks...--Spectrechris — Preceding unsigned comment added by Spectrechris (talkcontribs) 08:38, 22 January 2006

I have found Opera to be as safe as houses in this regard. - Salmanazar 22:27, 29 January 2006 (UTC)

Just leave it?

If you have the popup come up, can you just ignore it and like move the box to the corner of the screen until your done surfing? or does it download anyway? — Preceding unsigned comment added by 202.7.166.163 (talkcontribs) 06:59, 3 February 2006

-I wouldn't do that...I mean, it is possible, but, I'm not willing to risk my baby (ok, computer) to test that. - Spectrechris — Preceding unsigned comment added by Spectrechris (talkcontribs) 02:53, 25 February 2006

-:With IE security settings at medium or above, WinFixer will no be downloaded without your permission. Just close the second full-screen pop up that appears (the one that prompts for download). — Preceding unsigned comment added by 81.154.94.108 (talkcontribs) 00:32, 5 April 2006

Page quality

To give this page more credibility (and to get rid of the Higher Standards thingie), I re-wrote parts of it and softened some of the language...But, I left it up there so you all can review it. - Spectrechris — Preceding unsigned comment added by Spectrechris (talkcontribs) 02:58, 25 February 2006

Yes. I'd be in favour of removing that notice now (it was put on before my improvements too). -- Nojer2 15:32, 2 March 2006 (UTC)

SysProtect

I got a popup that was just like WinFixer's except it was renamed to SysProtect. — Preceding unsigned comment added by 68.82.189.208 (talkcontribs) 01:06, 2 April 2006

Error Safe

"I got a popup that was just like WinFixer's except it was renamed to SysProtect." Same thing, only under the guize of "Error Safe". — Preceding unsigned comment added by 202.7.166.171 (talkcontribs) 02:07, 21 April 2006

Spambox

Given the fact that this article is about a security threat, and that potential solutions are offered by commercial companies, is it really legitimate to include a spam warning? Lee M 03:01, 13 May 2006 (UTC)

Wikipedia is specifically not any kind of how-to guide or tutorial. I would much rather see an objective look at the nature of the program than a list of commercial websites trying to sell their removers. --RainR 08:39, 17 May 2006 (UTC)

What if you click cancel?

I got the WinFixer popup on my computer and I clicked cancel without disconnecting. Does that mean it is installed on my computer?--Taida 21:47, 26 June 2006 (UTC)

Yes :( — Preceding unsigned comment added by 83.92.93.200 (talkcontribs) 17:12, 27 June 2006

What if i did the same on FireFox? --Kitetsu 12:28, 21 November 2006 (UTC)

If you press cancel in Firefox or Opera, nothing is downloaded. --Xanthar 02:24, 25 November 2006 (UTC)

Grammar Fix

The section "Pop up Window screenshots" had pretty bad grammar, so I tidied it up. It's not a whole lot different, but in case you mods want to see how I did, it's there. ~ Deku-Scrub — Preceding unsigned comment added by Deku-Scrub (talkcontribs) 11:34, 2 July 2006

Winfixer

List_of_ZIP_Codes_in_New_York#13000_-_13099_:_Syracuse_area_communities_.28A-L.29

This demonstrates that 13088 is a postcode in Liverpool, New York.

--Quentin Smith 12:58, 24 July 2006 (UTC)

WinAntiVirus

WinAntiVirus isn't identical to WinFixer. As far as I know, it does work, just not very well. 80.193.149.218 22:34, 17 August 2006 (UTC)

No, WinAntiVirus does not work; it is a virus. It uses the exact same method as WinFixer, forced downloads. As stated in the main article, it "finds" x infected files, but those do not really exist. It is just trying to trick you into buying their bogus product. If you bought the product, I'm afraid you have fallen for their scam. —Preceding unsigned comment added by Aznfatnerd (talkcontribs) 23:59, 16 September 2007 (UTC)

Full WinAntiVirus does indeed work - it's a complete application based on a BitDefender engine. —Preceding unsigned comment added by Jed meyers (talkcontribs) 06:58, 3 July 2008 (UTC)

Spybot and Ad-Aware

I've added links to the Wikis for these two in the 'Removing WinFixer' section. I have and use both, and can affirm that they do remove WinFixer et al. effectively. Therefore, I think it is useful for them to be mentioned in this article, to help out those infected with this malware. — Preceding unsigned comment added by 82.39.47.143 (talkcontribs) 08:37, 26 October 2006

  • That's not true. WinFixer corporation releases new versions all the time. The vundo creates random dlls that adaware or spybot cannot always pick up. they may remove the host file, but there are 6 more waiting to reinstall it. I removed that section for it cannot be applied to this Trojan. - travis —The preceding unsigned comment was added by 131.230.52.199 (talkcontribs).
  • I had a version today that wasnt detected by spybot today. Spycatcher did the job though — Preceding unsigned comment added by 90.186.97.54 (talkcontribs) 21:57, 16 August 2007

Unavailable?

I attempted to get a copy of this from http://www.winfixer.com/buy_now.html so I could test different removal tools / antispyware, and the download page claims (rather ridiculously) that no copies are available. Could it have been taken down? YnnaD 19:13, 5 September 2006 (UTC)

19 October cleanup

I cleaned up the article a bit. It's still sort of biased against WinFixer (rightly so), I think, and the writing could use a bit more professionalism. There was a big problem with the article assuming that the user would not want to download the program, and directing them to sites that would help get rid of it. Quite unencyclopedic, I'd say... Voretus the Benevolent 17:03, 19 October 2006 (UTC)

Neutrality?

All the tags on this article are hard to understand. While the style can be improved this is no matter of neutrality. What kind of neutrality or POV is expected about viruses? -

The {npov} {references} tags should be removed. Literally all vendors of security software recognize these programs as viruses. And many sources have been added in the last months.

I edited in some sentences about "SystemDoctor", same of the kin.--Peter Eisenburger 14:21, 23 October 2006 (UTC)

DriveCleaner

I got popups asking me to download DriveCleaner. This one claims to clean Internet tracks from adult sites and it claims to keep the registry clean (Just like Winfixer) Unsurprisingly, the popups look and act just like WinFixer. I also added it to the Winfixer article. — Preceding unsigned comment added by Xx-sleepy-star-xx (talkcontribs) 12:49, 25 October 2006

I had this also. I downloaded AVG Anti-Spyware, AVG Anti-Rootkit, Norton 360, Adware Alert, and Adaware SE. Eventually, it all went away. It turns out the source is a Trojan.Vundo. --HPJoker 02:51, 2 July 2007 (UTC)

Thought that I got it, but...

Um, hello there. A new Wikipedian, but old member of Wookieepedia and Star Wars Fanon Wikias.

Anyway, I went to Wikipedia's article about Proxy servers, clicked on the second Open Source Project (dmoz.org or something like that) link, clicked there anonymouse.org (or .com, can't remember) and before I got to start proxy surfing, I was on the site fi.errorsafe.org and got that nasty-pop-up window several times. I clicked cancel on all of them and somehow managed to kill that page. I'm using Internet Explorer 7 Beta now.

I came to here, read this article, panicked, went to read about disinfection on Symantec's internet site, started my trial version of F-Secure anti-virus and waited. It scanned almost every single file on my computer, including reg. keys and nothing! No viruses, trojans, malware, etc.!

So, I thought it was too good to be true and I opened registry editor and checked several folders on it as recommended in the disinfection article on Symantec's web site. NOTHING! Sorry 'bout the Caps Lock...anyway, no ErrorSafe or anything! Just the files there should be...so, I wasn't infected!

I wanted to share this story with you Wikipedians. I honestly don't know what would I have done without your article. And Symantec's article. First time ever used XP's registry editor, and it was simple! Thank you. --Roosa 18:19, 3 November 2006 (UTC)

Winfix

I believe there could be confusion in peoples minds between Winfixer and Winfix. Winfix is a windows optimizing product marketed by Challenger Software of California USA and appears to be a perfectly genuine product unconnected with Winfixer.

I wondered whether something to this effect should be included in the article, particularly if it could be done by someone with a knowledge of Winfix's legitimacy. 11.10, 5 November 2006 (UTC) — Preceding unsigned comment added by 86.31.199.249 (talkcontribs) 11:11, 5 November 2006

Winantivirus very bad, very hard to remove

Winantivirus is definitely malware, and none of the above fixes removes it entirely. I had to reformat to get rid of it. my router recorded 2000 outgoing security events in 2 days while this program was running on my computer. My advice is learn how to back up all your docs, and how to reformat your HD in case you ever get something this bad. — Preceding unsigned comment added by Polanve (talkcontribs) 02:04, 20 November 2006

Loathesome

I'm getting very fed up with ErrorSafe peckering my PC whenever i try and upload one of my baleful drawings in imageshack.us, which, if my suspicions are correct, have the ErrorSafe popup installed there. I swear to god, if this keeps up, i just WISH i'd sue -- no, BLACKMAIL the developers of ErrorSafe to halt the "promotion" of the malware permanently for being in the cesspool of hackers without a sense of direction in life, and sue ImageShack for being a medium in their petty scheme for a petty amount of cash.

Alas, i'm just a rambling dreamer with not a lot of privileges. *sigh* --Kitetsu 12:19, 21 November 2006 (UTC)

As far as I am aware, Imageshack doesn't use advertisements from Errorsafe. However, some adware, when installed on your system, will automatically cause pop-ups when browsing certain (usually quite popular) sites, which is sometimes specified in part of the adware program itself. So the chances are, this has nothing to do with Imageshack themselves, and more to do with WinFixer/ErrorSafe. --Dreaded Walrus 12:31, 21 November 2006 (UTC)

A fix?

I think I've fixed the problem. It was in a different place than most of the system security guys think it is. However, I'm going to leave it for a week. Clue: Google 'em.gad-network.com'. Dbuckner 21:24, 2 December 2006 (UTC)

Fix? update

  • My children's computer was affected my this about a month ago and I have only just worked out to fix it.
  • The affected PC has strong controls over site content (they are not even allowed chat rooms or the like) so I am

still puzzling about how it happened.

  • I don't believe there is any kind of malware or executable. The first sign of trouble is when

the browser randomly calls the following URL.

"http://em.gad-network.com/eas?cu=34&login=672125&mediaid_prefix=005&extparam=1:NIPfi7=ASQ6KA7u7Iwn3Uw&time=312e313536&nums=N01BGBG6Z"

This causes the behaviour of the browser to change. Thereafter, pressing the back button into the Google page causes the call above to happen, then the format of the browser changes slightly (it tabs down and to right - not sure what is happening here.

  • Thereafter, you get calls such as the following (.

"http://go.winantispyware.com/NjM1/2/422/N01BGBG6Z-FBI.M0SATx&login=672125&mediaid_prefix=005&time=312e313536"

  • The login id is identical in all cases. This is what suggests to me there is no malware or executable code.

All you see at any time is a window.

  • However, what you see is an alarming message saying that your computer has been infected, or that it is calling

a remote computer. This is clearly false, because if you save down the page, you see that messages like '54 files have been infected' are hard coded into the html. This also is what is illegal - they are deliberately giving false information about the state of your computer in order to get money off you.

  • The easiest way to fix the problem is to block the url's above.
  • This does not stop the blocked calls, which Norton (in my case) reports. But it stops the problem going any

further.

  • To get rid of it completely (if you are brave enough) go to the gad network site, who will send you a removal tool. This worked for me, but note that it can screw up dial connections. See below.
  • The following website offers help on this

http://www.imaginarynumber.co.uk/gadnetworkarescum

Dbuckner 09:46, 3 December 2006 (UTC)

Blocked Download

Hello, I some how found my way to winfixer a year ago. I kept pressing "x" but then it gave me the download page, but I was saved by the download protection on windows XP. I went on the site again, being an idiot, so is it on my system without me knowing? —The preceding unsigned comment was added by Hihihi1823 (talkcontribs) 22:23, 9 December 2006 (UTC).

Taskmanager - only in Win2000 ? :D

While TaskMagaer application sure existsonly in Windows NT, in Windows non-NT one can just press Ctrl+Alt+Del to get list of tasks. However there are ways to hide malware from that list both on WinNT and Win 9x/ME.

Yet anyone can download additional taskmanager, for example Microsoft-SysInternals Process Explorer or z-oleg.com AVZ. However they usually are not localised that may make their use hard for non-english speaking persons. — Preceding unsigned comment added by 80.249.152.137 (talkcontribs) 18:49, 30 December 2006

Was I Lucky?

I fell for DriveCleaner for a second and the pop-up opened. Some bar quickly progressed at the top of the screen, but didn't finish because I x'd out of that. I don't think it said 'downloading software' or anything, and I was using Firefox, and it didn't alert that something was downloding. Does anyone know if I still got it or not? —The preceding unsigned comment was added by 69.148.180.203 (talk) 17:23, 18 February 2007 (UTC).

It is false. I have WinFixer installed on my PC, and it works perfect. Many times it has saved my computer from damage. It fixes all. Very good soft. Thanks developers for this useful tool. —The preceding unsigned comment was added by 212.82.213.58 (talkcontribs).

Reguarding Winfixer

hello everyone, i have come a cros this type of problem. but be cause some viruses spyware etc. downloads and installs without you knowing, i have put all my settigns for the internet, to stop any files being downloaded, for example internet settings you can deny any file being downloaded, so if the winfixer try and download itself, my system comes up and says, something like: "sorry this file is denied by your settings" or "your settings prefent you from downloading this file". sometimes i do get this error about winfixer but what i do is i cancel it, and disconnect and run a full scan stright away. also updateing virus database... because of these spyware and viruses that come out. i do a full scan, once in the morning and once in the evening, just incase i do get infected...

This is for your information of what i do From Darren Pude 82.9.76.139 16:45, 8 March 2007 (UTC)

Regarding Firefox near-immunity

I was once an IE user, but have switched to Firefox since last year, but I noticed (or is it just me?) That Firefox has just as much popup windows for Winfixer as IE, I think both are now equally vulnerable to it, correct me if I'm wrong though Bananas 13:09, 28 March 2007 (UTC) shout at me for doing wrong!

My solution

It appears that I have found a way to get rid of this, but it isn't exactly nice. Basically, I had a stubborn file that HiJackThis couldn't remove from the BHO or Winlogon list, and Regmon would find repeated access to the registry for this filename. My file was called "C:\Windows\system32\hgghijj.dll" but Google found no hits for that filename, so I'm assuming it can change names. So, I kept getting popups in IE for the WinAntiVirus 2007 and SystemDoctor and all that garbage (these popups happened just as often in IE as in Firefox). Vundofix kept finding new files and could remove them, but it never found hgghijj.dll. SuperAntiSpyware (reccomended on some forum in place of Panda's) would find two trojans, Trojan.WinFixer and Trojan.Downloader-Gen/LIB. Symantec Antivirus would find a Trojan it called Infostealer, and also WinFixer.

Now, I had run HiJackThis and removed all the weird looking BHOs and WinLogons, except the hgghijj.dll one wouldn't remove. I tried Killbox to delete that file on reboot, but it adds a new registry command that undoes that.

The solution I ran into happened because of a spare hard drive. By installing an NTFS capable version of Windows on it, I was able to delete the hgghijj.dll file, since it wasn't being loaded in that version of Windows. Then, running the SuperAntiSpyware software again on the infected Windows install removed the two Trojans, which required a reboot. Upon reboot, the hgghijj.dll file is still gone, and Vundofix returned no Vundo files. Symantec returned no viruses. AVG Anti-Spyware also returned no spyware.

Now, there's probably a simpler way to do this (I was limited by a RAID array and didn't have a floppy drive handy, so I couldn't do this): Boot off your Windows XP CD and if you need to load RAID drivers, hit F6. Now, once you're into the setup options hit R to go to a repair console. Hopefully I'm correct at this point, and the equivelant of my hgghijj.dll file isn't being loaded. So, it should be possible to simply delete that file. 24.34.198.111 05:44, 17 April 2007 (UTC)

Article biased towards FireFox?

I think this article is rather biased towards supporting the use of Mozilla Firefox in favour of Internet Explorer. IE-users will receive many warnings (especially with XP SP2 / IE7) before being able to install this software. It will no way "download and install itself, regardless of the user’s wishes". I think, rather than advising users to switch browser, this page should advise users not to trust software from sites like these, and to never install software you can't trust for the full 100%. These programs are based on a vulnerablility that is (and will be) in every browser available - that is the naivity and stupidity of users. --Elmarj 08:17, 19 April 2007 (UTC)

Not really, even if you click the x on the message, the spyware installs itself. A lot of intermediate users don't even know that, which is not naivity nor stupidy Billtheking 16:12, 3 May 2007 (UTC)
I have gotten a billion DriveCleaner popups. Regardless of the button I click, and regardless of my operating system or web browser (I've used IE on Windows, Firefox on Windows, Firefox on Ubuntu, Galeon on Ubuntu and Konqueror on Ubuntu) I get redirected to a very ordinary HTTP download with a very ordinary Cancel button. And guess what? If you click cancel, it cancels. ~ Keiji (iNVERTED) (Talk | Contribs) 19:02, 12 June 2007 (UTC)
Keji (iNVERTED), you got a billion DriveCleaner popups? Well, I got 9 million persuading unceasing Security Shield popups. I was scammed into buying it by those popups.--Security Shield (talk) 04:14, 1 February 2012 (UTC)

Domain Ownership

"The creater is a fat star trek fan who is 35 and lives with his parents." I know you are probably really mad that this program infected your computer but don't add stupid things like this to the article.

That or your joke just was stupid and doesn't belong here. —The preceding unsigned comment was added by Fontenot 1031 (talkcontribs) 22:24, 22 April 2007 (UTC).

Article is massively unsourced and stuff

Seriously. No sources for the bulk of the article. No information on if it actually spreads through a code execution exploit or just tricks users into downloading it. No information on how Firefox is currently "vulnerable". -- Consumed Crustacean (talk) 04:33, 28 April 2007 (UTC)

Problem Solved?

Winfixer is no longer a serious problem because the name servers return 127.0.0.1 instead of the old address. The many related problem programs and URLs are still a problem because valid IP addresses are still returned.

I don't understand the problem with references, there are plenty of good ones, in my opinion.

As far as how it spreads, there are known holes in old versions of the java virtual machine and other methods (such as vundo) that allow it to install itself without user action. One of the most common comments is that people don't know how it got on their machine.

For some reason "The neutrality of this article is disputed." I don't understand this at all. This is like saying terrorists are good people because they don't attack (place country of choice here). Make no mistake about it, Winfixer and its related pests are (repeat - ARE) a form of international extortion and international terrorism - they have cost the people of this planet hundreds of millions of dollars in direct costs and lost productivity. How can this article be "neutral" when the amount of damage is taken into account.

Let me be perfectly clear - I support the FBI (and others) getting involved to shut down the international terrorist that distributes this parasite.

Robert - Northern VA 06:56, 3 May 2007 (UTC)

I got this virus and I went to the symantec place to fix the thing, but it's just confusing. It might as well be in French. Can somebody clear this up or send me an email or something that can better help me understand how to get this bullshit off my computer? It's f**king annoying. tapeleg247@aol.com ChesterG 06:27, 21 May 2007 (UTC)

Probably the simplest, safest and fastest way is to reinstall windows and then for untrusted sites use just Opera web browser. This spyware installs more different spywares, and for one or few computers it is not worth to spend time searching for free removal method that would clear it totally. exe 11:19, 28 May 2007 (UTC)

PCTurboPro?

Just a stupid new copy of WinFixer? The links on my computer are now taking lots of time to click (about 3 or 4 times rather than just one).

Who is the guy who created WinFixer anyway? — Preceding unsigned comment added by 58.162.60.166 (talkcontribs) 13:53, 8 June 2007

Stop-sign

Stop-Sign is another WinFixer variant. Learned it the hard way… — Preceding unsigned comment added by 58.162.60.166 (talkcontribs) 13:59, 8 June 2007

NOTE: You can remove WinFixer infections with a system restore. Worked for me (for now) — Preceding unsigned comment added by 58.162.60.166 (talkcontribs) 14:05, 8 June 2007

I was reading on SiteAdvisor about it, and according to the user comments, this Stop-Sign program was actually being advertised on television! Horrifying! I don't remember if I saw any ads for it, but I can remember seeing antivirus commercials with streetlight imagery. MalwareSmarts 16:54, 8 August 2007 (UTC)

By the way, it's not a WinFixer variant. MalwareSmarts 17:20, 14 August 2007 (UTC)

AssayFixer

I get pop ups by an other variant of WinFixer the name is AssayFixer.

The text is with italic text: Your computer is infected with malware and other threats, these malicios programs can cause crashes on your computer. Download a free-trail of AssayFixer now (Recommended). — Preceding unsigned comment added by Phykyloman (talkcontribs) 16:28, 20 June 2007

How can you tell if you're infected?

I got the ErrorSafe popup, and I figured out that the thing was obviously fake pretty quickly, but I rather foolishly just X'ed out the supposed popup window each time it appeared. My browser resized itself a few times and minimised but that was it. My first reaction was to Adblock the site, more out of annoyance than anything else... After checking out Wikipedia, though, I'm worried now. I didn't get a download box and neither Firefox (2.0.0.4) nor Norton Internet Security complained about anything, and they seem to catch most stuff between them. Can it download completely silently? How can I tell whether or not I've got it? Raistlin11325 00:01, 27 June 2007 (UTC)

Wikipedia is probably not the best place to ask that. Try one of the various PC forums dotted about the web. You'll probably get a better response there. tommylommykins 20:47, 28 June 2007 (UTC)

Removal of "citation needed" tag

I removed the "citation needed" tag from the following text: WinFixer claims it "is a useful utility to scan and fix any system, registry and hard drive errors. It ensures system stability and performance, frees wasted hard drive space and recovers damaged Word, Excel, music and video files", The information is available on the website, but linking there isn't a very good idea. I took a screenshot of the page so that anyone who doubts that it's there can see it without going to the site, but I can't think of any way to properly cite a source for it.

Screenshot here: http://i9.photobucket.com/albums/a94/raistlin11325/ErrorSafe.jpg Raistlin11325 00:22, 27 June 2007 (UTC)

Why not sue the hell out of Drivecleaner, WinFixer, etc

I saw one person sued Winfixer, but I still had drivecleaner pop-ups on my computer. I called a support number for Drivecleaner just for the heck of it, it says "All of our customer service workers are busy, you are first in line." It says that 3 more times and then hangs up. A lot of people could win a lot of money if they sued these people. Why not? --HPJoker 02:51, 2 July 2007 (UTC)

I'm totally down with that. ChesterG 09:49, 4 August 2007 (UTC)

Mac OS X

I have received the same dialog boxes whilst running Mac OS X 10.4.10 on a PPC G5 chipset. Will the same errors occur? --ÆAUSSIEevilÆ 01:52, 4 July 2007 (UTC)

I just got a popup for this no my Macbook running OS X. This is the second time such a popup has appeared. It also redirected my open firefox window to drivecleaner.com. I am not sure what caused it, but hopefully the spyware is not actually able to infect Macs still since I know how hard it is to remove from Windows due to experience (I have removed it from at least 3 different PCs). --Petahhhh 13:39, 13 July 2007 (UTC)

Beyond a few proof-of-concept programs that exist, there is very little in the way of malicious software that targets OS X. It's therefore highly unlikely that any version of this thing would be able to infect your machine; just because the dialogue box shows up does not indicate an infection. --KatzMotel 00:31, 5 August 2007 (UTC)

Realtor.com DriveCleaner popups

I read on Sunbelt Software's blog that on Realtor.com there have been popups for DriveCleaner. Should this be added? MalwareSmarts 16:51, 8 August 2007 (UTC)

Law suits

Have they been talked about or should they also be included? Allen649 06:33, 2 September 2007 (UTC)

On June 28, 2007, Improbcat deleted the link to my page just because I think the government should protect us from this type of international criminal activity. To be specific, the WinFixer domain is registered to a Ukrainian address and hosted in Canada. This parasite installs itself on your machine without invitation and then attempts to extort money to remove it. Yes ... I think the federal government should protect us from this ... who else has the power or jurisdiction?

As for the term "terrorism" (he really did not like this), this parasite has cost Americans millions of dollars in lost time and frustration. I don't feel that "vandalism" even begins to describe the damage done. And "virus" simply makes it sound like some kind of prank.

He actually said

removed spam link, including one that says he's contacted the US government because winfixer is terrorism

I guess that this could be interpreted as calling my page "spam" - I am not sure what he is saying.

As far as I know, my page is still the only one on the internet that actually explains how to remove WinFixer without paying money to someone. I think the link belongs back on the main page, but I'll place it here instead.

  WinFixer Virus Manual Removal - Vundo Variant

Q Science 20:21, 7 September 2007 (UTC)

References ???

There are 2 comments at the top of the page

 This article does not cite any references or sources.
 This article needs additional references or sources for verification.

I don't get it, there are many reliable references through out the article.

There is one place that says attribution needed. I'm not sure why since the main references actually say that. Even my page (see previous post) says that - and I verified that the bugs that WinFixer claims are on your system are bogus. The entire purpose of WinFixer (and its cousins) is to extort money from clueless computer users.

At any rate, I would like to try and fix the problem, but, even after reading the style guide, I still have no idea what the real problem is.

As far as the other comment about the article contradicting itself - telling us to see the talk page is of no help. Specifically, what is wrong? This is one VERY evil piece of software. I don't think the article contradicts that position ... so, what are you talking about?

Q Science 06:30, 15 September 2007 (UTC)

Don't worry Q Science, whoever the Wiki Editor is who flagged your article with those comments, is a complete moron, unfortunately, wiki is awash with these idiots, you just have to put up with them. —Preceding unsigned comment added by 80.176.233.50 (talk) 07:25, 1 October 2007 (UTC)

WinAntiSpyware

I got WinAntiSpyware from freeonlinegames.com, but all it did was place an icon, and that can be deleted easily! Should we write about that? --Hpme2dastar123 01:02, 30 October 2007 (UTC)