?
Solved

i need help getting rid of the winfixer virus

Posted on 2006-11-04
14
Medium Priority
?
201 Views
Last Modified: 2013-12-04
My laptop has been infected with the winfixer and errorsafe viruses.  I have run the norton scan and upon completion it tells me that I have errorsafe and winfixer and tells me to delete the following file  C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe   However I cannot find this file anywhere.  Also every time I open internet explorer, I am directed to the page  http://iesecurepage.com/.  pleas help me.
0
Comment
Question by:davdawg765
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 2

Accepted Solution

by:
Elite_Bigfoot earned 672 total points
ID: 17873487
Hello,

Errorsafe:
1)http://www.spywareremove.com/removeErrorSafe.html
also include a software to completly remove the spyware

Winfixer:
1)http://www.spywaredb.com/remove-winfixer/

2)http://www.free-web-browsers.com/support/remove-winfixer.shtml
both errosafe and winfixer removeable
0
 
LVL 2

Expert Comment

by:Elite_Bigfoot
ID: 17873498
Also to unregister the dll's - http://www.mac-net.com/295484.page
0
 

Author Comment

by:davdawg765
ID: 17873519
what do you mean when you say unregister dlls?
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 2

Expert Comment

by:Elite_Bigfoot
ID: 17873524
Read http://www.spywaredb.com/remove-winfixer/

One of the phases to completly remove Winxfixer spyware require you to un-register few dll's.
To do so just view http://www.mac-net.com/295484.page, it will explain you how to easily do it.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 664 total points
ID: 17873531
Greetings, davdawg765 !

You can follow the manual method to remove Winfixer and ErrorSafe as propose by Elite_Bigfoot, or use the free tool SmitFraudFix to remove the adware.  Follow the directions in this link very carefully.
http://www.geekstogo.com/forum/index.php?showtopic=109268
OR
http://siri.geekstogo.com/SmitfraudFix.zip 

Best wishes!
0
 

Author Comment

by:davdawg765
ID: 17873573
For now I am downloading spyhunter and spyscanner per elite_bigfoot's advice.  hopefully that works
0
 

Author Comment

by:davdawg765
ID: 17873595
since i dont want to buy spyhunter, i am now trying smitfraudfix
0
 

Author Comment

by:davdawg765
ID: 17873720
when i am booting up in safe mofe, how do I find/Double-click smitfraudfix.cmd?
 
0
 
LVL 97

Expert Comment

by:war1
ID: 17873769
Did you download SmitFraudfix and extract all the files.  Smitfradfix.cmd should be one of the extracted file.
0
 

Author Comment

by:davdawg765
ID: 17874060
ok, so i used smitfraudfix and now i can set my homepage to anything.  however when i run norton antivirus scan it still says that winfixer and errorsafe are in my system in the same place as before.
0
 
LVL 97

Expert Comment

by:war1
ID: 17874188
For the homepage problem, go to Internet Explorer > Tools > Internet Options > General tab > set your homepage there.

If no joy, you need perform a registry edit. Backup your registry first.

1.      Click Start, and then click Run.
2.      In the Open box, type regedit, and then click OK.
3.      In Registry Editor, locate the following subkey, if it exists:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
4.      If the ResetWebSettings value or the HomePage value exists in this key, right-click the values, and then click Delete.

Note You may also want to verify any Web site information contained in the Default_Page_URL value and the Start Page value in the following registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
5.      On the Edit menu, click Delete, and then click Yes to confirm the deletion.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 664 total points
ID: 17874597
You need to show all the files in that folder first by unregistering occache.dll.
By default explorer will not show all files in that folder.


Start > Run > type

regsvr32 /u occache.dll

Click OK
then go to C:\WINDOWS\Downloaded Program Files
and manually delete the file --> UWA6P_0001_N91M1807NetInstaller.exe  
When you finish deleting the file go back to:
Start > Run
Paste in this command(to register the occache.dll back)

regsvr32 occache.dll

And Click OK


2.  Or use Killbox: to delete the file.
Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "Single File"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe  

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101070
Forced accept.

Computer101
EE Admin
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month7 days, 22 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question