[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

i need help getting rid of the winfixer virus

Posted on 2006-11-04
14
Medium Priority
?
206 Views
Last Modified: 2013-12-04
My laptop has been infected with the winfixer and errorsafe viruses.  I have run the norton scan and upon completion it tells me that I have errorsafe and winfixer and tells me to delete the following file  C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe   However I cannot find this file anywhere.  Also every time I open internet explorer, I am directed to the page  http://iesecurepage.com/.  pleas help me.
0
Comment
Question by:davdawg765
  • 5
  • 3
  • 3
  • +2
13 Comments
 
LVL 2

Accepted Solution

by:
Elite_Bigfoot earned 672 total points
ID: 17873487
Hello,

Errorsafe:
1)http://www.spywareremove.com/removeErrorSafe.html
also include a software to completly remove the spyware

Winfixer:
1)http://www.spywaredb.com/remove-winfixer/

2)http://www.free-web-browsers.com/support/remove-winfixer.shtml
both errosafe and winfixer removeable
0
 
LVL 2

Expert Comment

by:Elite_Bigfoot
ID: 17873498
Also to unregister the dll's - http://www.mac-net.com/295484.page
0
 

Author Comment

by:davdawg765
ID: 17873519
what do you mean when you say unregister dlls?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:Elite_Bigfoot
ID: 17873524
Read http://www.spywaredb.com/remove-winfixer/

One of the phases to completly remove Winxfixer spyware require you to un-register few dll's.
To do so just view http://www.mac-net.com/295484.page, it will explain you how to easily do it.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 664 total points
ID: 17873531
Greetings, davdawg765 !

You can follow the manual method to remove Winfixer and ErrorSafe as propose by Elite_Bigfoot, or use the free tool SmitFraudFix to remove the adware.  Follow the directions in this link very carefully.
http://www.geekstogo.com/forum/index.php?showtopic=109268
OR
http://siri.geekstogo.com/SmitfraudFix.zip 

Best wishes!
0
 

Author Comment

by:davdawg765
ID: 17873573
For now I am downloading spyhunter and spyscanner per elite_bigfoot's advice.  hopefully that works
0
 

Author Comment

by:davdawg765
ID: 17873595
since i dont want to buy spyhunter, i am now trying smitfraudfix
0
 

Author Comment

by:davdawg765
ID: 17873720
when i am booting up in safe mofe, how do I find/Double-click smitfraudfix.cmd?
 
0
 
LVL 97

Expert Comment

by:war1
ID: 17873769
Did you download SmitFraudfix and extract all the files.  Smitfradfix.cmd should be one of the extracted file.
0
 

Author Comment

by:davdawg765
ID: 17874060
ok, so i used smitfraudfix and now i can set my homepage to anything.  however when i run norton antivirus scan it still says that winfixer and errorsafe are in my system in the same place as before.
0
 
LVL 97

Expert Comment

by:war1
ID: 17874188
For the homepage problem, go to Internet Explorer > Tools > Internet Options > General tab > set your homepage there.

If no joy, you need perform a registry edit. Backup your registry first.

1.      Click Start, and then click Run.
2.      In the Open box, type regedit, and then click OK.
3.      In Registry Editor, locate the following subkey, if it exists:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
4.      If the ResetWebSettings value or the HomePage value exists in this key, right-click the values, and then click Delete.

Note You may also want to verify any Web site information contained in the Default_Page_URL value and the Start Page value in the following registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
5.      On the Edit menu, click Delete, and then click Yes to confirm the deletion.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 664 total points
ID: 17874597
You need to show all the files in that folder first by unregistering occache.dll.
By default explorer will not show all files in that folder.


Start > Run > type

regsvr32 /u occache.dll

Click OK
then go to C:\WINDOWS\Downloaded Program Files
and manually delete the file --> UWA6P_0001_N91M1807NetInstaller.exe  
When you finish deleting the file go back to:
Start > Run
Paste in this command(to register the occache.dll back)

regsvr32 occache.dll

And Click OK


2.  Or use Killbox: to delete the file.
Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "Single File"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe  

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101070
Forced accept.

Computer101
EE Admin
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Loops Section Overview
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question