Solved

i need help getting rid of the winfixer virus

Posted on 2006-11-04
14
197 Views
Last Modified: 2013-12-04
My laptop has been infected with the winfixer and errorsafe viruses.  I have run the norton scan and upon completion it tells me that I have errorsafe and winfixer and tells me to delete the following file  C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe   However I cannot find this file anywhere.  Also every time I open internet explorer, I am directed to the page  http://iesecurepage.com/.  pleas help me.
0
Comment
Question by:davdawg765
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 2

Accepted Solution

by:
Elite_Bigfoot earned 168 total points
ID: 17873487
Hello,

Errorsafe:
1)http://www.spywareremove.com/removeErrorSafe.html
also include a software to completly remove the spyware

Winfixer:
1)http://www.spywaredb.com/remove-winfixer/

2)http://www.free-web-browsers.com/support/remove-winfixer.shtml
both errosafe and winfixer removeable
0
 
LVL 2

Expert Comment

by:Elite_Bigfoot
ID: 17873498
Also to unregister the dll's - http://www.mac-net.com/295484.page
0
 

Author Comment

by:davdawg765
ID: 17873519
what do you mean when you say unregister dlls?
0
 
LVL 2

Expert Comment

by:Elite_Bigfoot
ID: 17873524
Read http://www.spywaredb.com/remove-winfixer/

One of the phases to completly remove Winxfixer spyware require you to un-register few dll's.
To do so just view http://www.mac-net.com/295484.page, it will explain you how to easily do it.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 166 total points
ID: 17873531
Greetings, davdawg765 !

You can follow the manual method to remove Winfixer and ErrorSafe as propose by Elite_Bigfoot, or use the free tool SmitFraudFix to remove the adware.  Follow the directions in this link very carefully.
http://www.geekstogo.com/forum/index.php?showtopic=109268
OR
http://siri.geekstogo.com/SmitfraudFix.zip  

Best wishes!
0
 

Author Comment

by:davdawg765
ID: 17873573
For now I am downloading spyhunter and spyscanner per elite_bigfoot's advice.  hopefully that works
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:davdawg765
ID: 17873595
since i dont want to buy spyhunter, i am now trying smitfraudfix
0
 

Author Comment

by:davdawg765
ID: 17873720
when i am booting up in safe mofe, how do I find/Double-click smitfraudfix.cmd?
 
0
 
LVL 97

Expert Comment

by:war1
ID: 17873769
Did you download SmitFraudfix and extract all the files.  Smitfradfix.cmd should be one of the extracted file.
0
 

Author Comment

by:davdawg765
ID: 17874060
ok, so i used smitfraudfix and now i can set my homepage to anything.  however when i run norton antivirus scan it still says that winfixer and errorsafe are in my system in the same place as before.
0
 
LVL 97

Expert Comment

by:war1
ID: 17874188
For the homepage problem, go to Internet Explorer > Tools > Internet Options > General tab > set your homepage there.

If no joy, you need perform a registry edit. Backup your registry first.

1.      Click Start, and then click Run.
2.      In the Open box, type regedit, and then click OK.
3.      In Registry Editor, locate the following subkey, if it exists:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
4.      If the ResetWebSettings value or the HomePage value exists in this key, right-click the values, and then click Delete.

Note You may also want to verify any Web site information contained in the Default_Page_URL value and the Start Page value in the following registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
5.      On the Edit menu, click Delete, and then click Yes to confirm the deletion.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 166 total points
ID: 17874597
You need to show all the files in that folder first by unregistering occache.dll.
By default explorer will not show all files in that folder.


Start > Run > type

regsvr32 /u occache.dll

Click OK
then go to C:\WINDOWS\Downloaded Program Files
and manually delete the file --> UWA6P_0001_N91M1807NetInstaller.exe  
When you finish deleting the file go back to:
Start > Run
Paste in this command(to register the occache.dll back)

regsvr32 occache.dll

And Click OK


2.  Or use Killbox: to delete the file.
Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "Single File"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe  

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101070
Forced accept.

Computer101
EE Admin
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now