Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have Winfixer, But I Don't!


  • Please log in to reply
3 replies to this topic

#1 alexcraw

alexcraw

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 27 April 2006 - 02:13 PM

I get a pop up now and then, but it seems the spyware which pops up is not on my PC. the IE window pops up with the following address:

//systemerrorshield.com/pp6/popup.php

There is no data on the window except for the following text:

//go.winfixer.com/NjAy/2/426/ax=1/ed=2/ex=1/p6/
//ndtraff.com/ OK OK OK

I googled and found that winnfixer might be responsible, but when I do the procedure to remove it (vundofix), I find nothing.

I keep the PC ultra clean by continually using Adaware, S&D, ewido, CWShredder, Trojan Hunter, AVG Grisoft among others and last but not least, Hijack This. I think my log is clean as I always use the castle cops database.

How can I get shot of this single annoying pop up?

Many Thanks

Alex

//Mod edit to modify Hot Links above to protect otheres//

Edited by KoanYorel, 27 April 2006 - 02:56 PM.


BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:35 PM

Posted 27 April 2006 - 02:49 PM

I think my {HJT} log is clean as I always use the castle cops database.

Castle Cops is a good site, but databases can not tell the whole story. Frankly, HJT should not be used by anyone who is not properly trained in it's use as it can be a very dangerous tool to your system if used improperly. Also sometimes malware uses random file names that will not be found in any database. This way they can hide from the casual observer. But a properly trained person will pick up on the random naming pattern and can identify the infection from a HJT log - even if it contains random names not found in a database.

With that being said, I suggest you try one more tool: Download the trial version of SpySweeper from HERE. Update it. Boot into safe mode and run a scan, see what it finds. Let us know.

Edited by Albert Frankenstein, 27 April 2006 - 02:52 PM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 alexcraw

alexcraw
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 28 April 2006 - 03:31 AM

Cheers Albert

Is there a free version of Spysweeper?

I use HJT often to take out some nasties from friends' computers, but I only remove the items which obviously should not be there. I never remove items which I am not sure about, it's only ever 100% bad items. On that note, how can I train up on the use of HJT?

Alex

#4 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:35 PM

Posted 28 April 2006 - 06:11 AM

Is there a free version of Spysweeper?

Like I said in my earlier post, you can download a trial vresion. It is free for two weeks.

On that note, how can I train up on the use of HJT?

There are training programs available at a few sites around the internet, including this one. It requires a great deal of study. Perhaps months worth. More info on the training program here at BC can be found HERE.

HijackThis is an ennumerator.
It lists what is found in certain areas of the registry, or system files, in an easily accessible manner, so that those familiar with the use and reading of HijackThis logs and windows programs can determine what is infecting the machine and how to remove it. Spaces, extra characters, spelling, file location, plus numerous other subtle changes all make the difference between a good or bad file entry.

It is not a removal tool.
It will indeed remove the entries listed, but that does not cure the underlying problem.
The problem must be properly identified first, and cured, prior to removing the entries with HJT.
Otherwise you leave the infection and remove the keys which are needed to identify and remove it .

Removing entries in HJT before the problem is properly identified, and correct removal instructions posted, can make the problem undetectable to other detection and removal tools.
Hijack this should only be used to clean up the entries left behind, after you have properly removed the offending program, file, trojan, worm, hijacker etc.
And this usually requires help.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users