We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

i need help getting rid of the winfixer virus

davdawg765
davdawg765 asked
on
Medium Priority
225 Views
Last Modified: 2013-12-04
My laptop has been infected with the winfixer and errorsafe viruses.  I have run the norton scan and upon completion it tells me that I have errorsafe and winfixer and tells me to delete the following file  C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe   However I cannot find this file anywhere.  Also every time I open internet explorer, I am directed to the page  http://iesecurepage.com/.  pleas help me.
Comment
Watch Question

Hello,

Errorsafe:
1)http://www.spywareremove.com/removeErrorSafe.html
also include a software to completly remove the spyware

Winfixer:
1)http://www.spywaredb.com/remove-winfixer/

2)http://www.free-web-browsers.com/support/remove-winfixer.shtml
both errosafe and winfixer removeable

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Also to unregister the dll's - http://www.mac-net.com/295484.page

Author

Commented:
what do you mean when you say unregister dlls?
Read http://www.spywaredb.com/remove-winfixer/

One of the phases to completly remove Winxfixer spyware require you to un-register few dll's.
To do so just view http://www.mac-net.com/295484.page, it will explain you how to easily do it.
CERTIFIED EXPERT
Top Expert 2008
Commented:
Greetings, davdawg765 !

You can follow the manual method to remove Winfixer and ErrorSafe as propose by Elite_Bigfoot, or use the free tool SmitFraudFix to remove the adware.  Follow the directions in this link very carefully.
http://www.geekstogo.com/forum/index.php?showtopic=109268
OR
http://siri.geekstogo.com/SmitfraudFix.zip 

Best wishes!

Author

Commented:
For now I am downloading spyhunter and spyscanner per elite_bigfoot's advice.  hopefully that works

Author

Commented:
since i dont want to buy spyhunter, i am now trying smitfraudfix

Author

Commented:
when i am booting up in safe mofe, how do I find/Double-click smitfraudfix.cmd?
 
CERTIFIED EXPERT
Top Expert 2008

Commented:
Did you download SmitFraudfix and extract all the files.  Smitfradfix.cmd should be one of the extracted file.

Author

Commented:
ok, so i used smitfraudfix and now i can set my homepage to anything.  however when i run norton antivirus scan it still says that winfixer and errorsafe are in my system in the same place as before.
CERTIFIED EXPERT
Top Expert 2008

Commented:
For the homepage problem, go to Internet Explorer > Tools > Internet Options > General tab > set your homepage there.

If no joy, you need perform a registry edit. Backup your registry first.

1.      Click Start, and then click Run.
2.      In the Open box, type regedit, and then click OK.
3.      In Registry Editor, locate the following subkey, if it exists:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
4.      If the ResetWebSettings value or the HomePage value exists in this key, right-click the values, and then click Delete.

Note You may also want to verify any Web site information contained in the Default_Page_URL value and the Start Page value in the following registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
5.      On the Edit menu, click Delete, and then click Yes to confirm the deletion.
CERTIFIED EXPERT
Top Expert 2007
Commented:
You need to show all the files in that folder first by unregistering occache.dll.
By default explorer will not show all files in that folder.


Start > Run > type

regsvr32 /u occache.dll

Click OK
then go to C:\WINDOWS\Downloaded Program Files
and manually delete the file --> UWA6P_0001_N91M1807NetInstaller.exe  
When you finish deleting the file go back to:
Start > Run
Paste in this command(to register the occache.dll back)

regsvr32 occache.dll

And Click OK


2.  Or use Killbox: to delete the file.
Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "Single File"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe  

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.
Forced accept.

Computer101
EE Admin
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.