Thread: Winfixer? or something worse?
View Single Post
Old 02-26-2006, 01:10 AM   #3 (permalink)
Jag11
Analyst, Security Team
 
Jag11's Avatar
 
Join Date: Nov 2005
Location: 127.0.0.1
Posts: 806
OS: Windows XP


Hello BHM,

Don't buy/use those products (Anti-Virus) offered to you by those popups, they are just rogue softwares, or even malware. Well, I see that you don't have any Anti-Virus, so please get a free one, I personally use AVG Free, you can download it here. This is very important, please download and install it first before proceeding below.

==========================================================

Please follow the instructions provided, you may want to print out these instructions and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding.

==========================================================

Please download VundoFix.exe to your Desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • It will make a log in C:\vundofix.txt, I need you to post that later.
==========================================================

Download CleanUP! to your Desktop.
  • Install CleanUP!.
  • Do not run it yet. We'll use it later.
==========================================================

Run HijackThis

Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Quote:
ViewMgr.exe is an advertising program by Viewpoint. This process monitors your browsing habits and distributes the data back to the author's.
After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

==========================================================

Show Hidden Files and Folders. Click Start » My Computer » Tools » Folder Options. Select the View tab. Check Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm, then OK to exit.

==========================================================

Boot into Safe Mode. Please restart your computer and as soon as it starts to boot, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)

==========================================================

Uninstall Programs

Please go to Start » Control Panel » Add/Remove Programs, find these program(s) and then choose Uninstall (if present):

Viewpoint

==========================================================

Find and delete this folder:

C:\Program Files\Viewpoint\

==========================================================

Run CleanUP!
  • Open CleanUP!.
  • Click Options
  • Set the slider to Standard CleanUP!
  • Uncheck the following:
    • Delete Newsgroup cache
    • Delete Newsgroup Subscriptions
    • Scan local drives for temporary files
  • Click OK.
  • Click CleanUP! to start the cleaning process.
  • After it finishes, click Close to exit the program.
==========================================================

Restart your computer back to Normal again.

==========================================================

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Save the log file created to your Desktop.
==========================================================

I see that you disabled some startups using MSConfig. Please enable them first all:
  • Click Start » Run » ( type: msconfig ) » OK.
  • Select Normal Startup - load all device drivers and services.
  • Click OK. When it asks you to Restart your computer, select NO.
==========================================================

Then please post these logs:
  • HijackThis log (new)
  • VundoFix log (C:\vundofix.txt)
  • Panda log
__________________

If you think that we helped you in any way, please consider donating to the site.
.
Jag11 is offline