Re: Are WinFixer 2005 popups a sign of infection or just attempts

That winfixer is is part of the spyaxe. it a hard one to get rid off your
computer. I have found that the webroot program Spy sweeper gets rid of it.
http://www.webroot.com/consumer runs about 29.95, but it solved the problem
after I had spent numerous hours trying other ways

"Ada Price" wrote:

> > I think WinFixer, SpyTrooper, SpyAxe relied on the recent WMF flaw that
> > Microsoft became aware of on 27th December 2005 and was patched on 6th
> > January 2006 "Security Update for Windows XP (KB912919)".
>
> Hello Stephen Howe,
>
> I think you are a good sleuth. I was wondering myself how come those
> WinFixer popups only came ONCE on my system. Only an expert could explain
> this.
>
> Apparently I'm not infected but the Winfixer company took advantages of
> weaknesses in my system to pop up the requests to infect me. Clever.
>
> Therefore, despite the single set of popups, Winfixer didn't seem to have
> infected my system since I never clicked on any of the buttons on those
> popups (does anyone ever hit any popup buttons? I never do. I always kill
> the popup window although I guess they could force action if they wanted
> to). Yet I got those three popups myself.
>
> When I ran the wonderful Jim Byrd suggested Vundo remover
> http://forums.mcafeehelp.com/viewtopic.php?t=57049 it reported nothing
> found.
>
> [01/14/2006, 19:32:47] - VirtumundoBeGone v1.5 (
> "D:\programs\WinFixer_Removal\VirtumundoBeGone.exe" )
> [01/13/2006, 12:32:50] - Detected System Information:
> [01/13/2006, 12:32:50] - Windows Version: 5.1.2600, Service Pack 2
> [01/13/2006, 12:32:50] - Current Username: Administrator (Admin)
> [01/13/2006, 12:32:50] - Windows is in NORMAL mode.
> [01/13/2006, 12:32:50] - Searching for Browser Helper Objects:
> [01/13/2006, 12:32:50] - Finished Searching Browser Helper Objects
> [01/13/2006, 12:32:50] - Finishing up...
> [01/13/2006, 12:32:50] - Nothing found! Exiting...
>
> So, I'm assuming Winfixer TRIED to infect me by using a Windows flaw to
> slip past our defences in order to put those three popups on our screens
> but Winfixer I'm assuming never infected my system because I never said yes
> to the popups.
>
> I'm going to patch my system pronto to the suggested patch level to prevent
> Winfixer from taking advantage of my system again.
>
> Thanks for solving the puzzling riddle.
> Ada
>
>
> On Sat, 14 Jan 2006 22:13:46 -0000, Stephen Howe wrote:
> >> I have these WinFixer popups which I thought were "normal" pop ups.
> >> How do they slip past our defenses?
> >
> > I think WinFixer, SpyTrooper, SpyAxe relied on the recent WMF flaw that
> > Microsoft became aware of on 27th December 2005 and was patched on 6th
> > January 2006. By now, all those using Automatic updates should have the
> > patch. If you go to Control Panel, click on Add/Remove Programs, make sure
> > "Show Updates" is ticked and Sort by Name, you should see if you scroll to
> > the bottom text "Security Update for Windows XP (KB912919)" which is the
> > patch. So before 6th January 2006 most Windows users were vulnerable (unless
> > using the unofficial patch), that should not be the case now.
> >
> > Of course if your system is infected, you need to be disinfected.
> >
> >> They must be doing *something* different as I don't get any popups ever
> >> except these WinFixer 2005 popups. What trick did they use to slip past
> >> what the other popups can't seem to overcome?
> >
> > See above. It was a problem. It should not be now. Now it is just a case of
> > mopping up infected PCs.
> > No uninfected patched PCs should be being infected.
> >
> > Stephen Howe
>
.