Take the easy way out....

Winfixer is tough to remove. Try these instructions:



How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.

Credits: Atribune for VundoFix







What this program does:



Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.



Tools needed for this fix:

Vundo Fix

VirtumundoBegone

Note: The entries shown below may have different file names. You will though, have a 02 entry, that may contain the word "MSEvents" and a 020 entry that has the same file name as the 02 entry. For example, as you can see the following color coded sets each have a O2 and O20 entry with the same filename.



O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddaya.dll

O20 - Winlogon Notify: ddaya - C:\WINDOWS\System32\ddaya.dll





O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mljjk.dll

O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll





O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\ssqrs.dl

O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\ssqrs.dll



Note: This fix only applies to Vundo infections where the O2 entry contains MSEvents or ATLDistrib.



Preperation Steps:



Please do both of the following before we start:



1. Please print these instructions as they will be needed later when Internet access is not available.



2. Save these instructions in word or notepad to the desktop where they can be easily found.



At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things will help to get it back to how it was in a faster manner.





Removal Steps:



Download VundoFix.exe and save it to your desktop.

Double-click VundoFix.exe to run it.





Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a minute or less.





When VundoFix reopens, click the OK button.





Click the Scan for Vundo button.





Once it's done scanning, click the Remove Vundo button.





You will receive a prompt asking if you want to remove the files, click the YES button.





Once you click yes, your desktop will go blank as it starts removing Vundo.





When completed, it will prompt that it will shutdown your computer, click the OK button.





When the computer has shutdown, turn your computer back on.





The Winfixer/Vundo infection should now be cleaned from your computer. If you are still having a problem then please proceed to Step 2.

This step should only be used if the instructions in Step 1 did not remove the infection.



Download VirtumundoBegone and save it to your desktop.



VirtumundoBegone



Reboot your computer into Safe Mode



Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.



Exit when it has finished





If after attempting the instructions in this guide the infection is still present, then it is advised that you post your HijackThis log so one of our experts can help you remove the infection. You can post your HijackThis log at this forum:



HijackThis Analysis and Spyware Removal



________________________________________________________





This is a self-help guide. Use at your own risk.





BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.



If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and will someone will help you.





This post has been edited by Grinler: Jul 7 2006, 02:19 PM





--------------------



David the Trojanator

If i have helped solve a problem for you, please kindly consider

a small donation to keep me fighting malware and helping others!

I found a few references to Winfixer and the concensus seems to be the following removal method:



http://www.geekstogo.com/forum/How_to_remove_WinFixer_2005_-t65619.html



Follow the directions carefully and seek help from the forums, as this looks more difficult than I originally thought! Spybot's forums stated the same method of removal. Do you not have your Spybot immunity and teatimer on? For me, this and my firewall will block almost anything!

hi, perhaps you can try norton to remove the virus and protect your PC. but you need to pay for that.



i recommand you to use firefox with Google toolbar. firefox can disable all virus to run, because the virus can only run on IE.



besides, firefox can block any any poppus and disable any virus and adware, spyware on webpage, so, firefox is much safer than IE. as you know, most of the virus is spread throught internet and webpage.



firefox is much smaller than IE, so i run faster than IE.



download firefox for free:



http://www.bernanke.cn/firefox/



Best Wishes && Good Luck!

no1 trojan killers

this will fix it

XoftSpy 4.22 is the Latest and Most Advanced Spyware Detection and



pop up spyware

Spyware

W32/Spybot

Browser Hijackers

virus

Adware

Malware

Keyloggers

trojans

worms

back door trojans

Malicious mobile code

MALICIOUS SCRIPTS

toolbar trojans that dont show up



download xoftspy422 and install it then run it stop the scan and click on scan settings tick every box and click on where it says >> click here to select a folder then tick the (c) thats your hard drive if you have 2 hard drives tick the 2 of them then click ok

then click start when the scan is done click on remove tab



http://www.paretologic.com/products.aspx





ewido anti-spyware 4.0

http://www.grisoft.com/doc/10/lng/us/tpl/tpl01?prd=ews







clean the junk out time:

speed up the pc free up hard drive space

speed up your internet

its clean out junk time

have your system & internet running at top speed



System Mechanic 6 ... if you have a firewall/ anti virus ... get this version



System Mechanic professional 6 ... if you want firewall/anti virus get this version



when on the website click on Try it free for 30 days



you can only run 1 anti virus/firewall

on your system



DO NOT USE : DriveScrubber® 2 :ONLY IF YOU WANT TO HAVE ALL DATA REMOVED OFF THE PC

DriveScrubber® 2

Securely wipe all data on your drives.// only use this if you want too

remove all data from all hard drives //flash drives







System Mechanic 6 &

System Mechanic professional 6





has won these

coveted awards and received these rave reviews:



Contains all the great tools from System Mechanic Personal (See below). 6 Award winning products in one! The Ultimate Arsenal of Tools to Safely Speed-up, Fix, Optimize and Maintain Your PC 24 Hours a Day!



Features



system information check

click on maintain ..tab

click on system information report

cpu /memory check

to check your system

click on maintain ..tab

click on system information report

full list of system information

processor

memory

motherboard

bus

video

monitor

storage

audo

network adapeter

ports







System Mechanic® 6

Find and fix problems

Antivirus Protection

Protection from viruses, trojans, worms, and more

Internet Firewall

Protection against Internet threats

Search and Recover™ 3

Recover deleted data

DriveScrubber® 2

Securely wipe all data on your drives.



The only tool you'll need to keep your PC running fast, smooth, and error-free. New PC TotalCare™ combines all of the System Mechanic power into a single one-button interface for the perfect blend of absolute power and effortless simplicity.

Computer become cluttered, disorganized, and sluggish if not regularly cleaned. Automatically remove

system junk using the new PC Cleanup Wizard, keeping Windows fresh and fast

Using the new PC Acceleration Wizard, you can automatically optimize system settings and eliminate velocity bottlenecks for maximum gains in overall performance.



Automatically find and repair Windows security flaws that leave you open to attack from computer enemies such as spyware, adware, viruses, hackers, and identity thieves.

Use the new PC Repair Wizard to automatically diagnose and fix hundreds of problems with hard drives, system components, installed software, hardware, and more.



The System Mechanic antivirus technology repeatedly places first in independent tests. Work and play without fear of infection form viruses, worms, trojans, and other nasty enemies that can wreak

unnecessary havoc.



The System Mechanic Spython™ tool effectively eliminates spyware infection and uses proprietary methods to stop parasites before they start.



System Shield protects your PC from unwanted attempts at uncovering private or confidential data. Shield yourself against identity theft or personal misrepresentation.





Formatting your hard drive does not remove or erase your data. Many programs can recover data from a formatted drive. With DriveScrubber®, you can securely overwrite and remove all data to ensure 100% security.



Get back deleted pictures, videos, MP3s, e-mail, documents, spreadsheets, system files, and any other file or folder on your hard drive, CD/DVD media, MP3 player, digital camera, memory card, or other portable device using the new powerful Search and Recover StrongScan™ technology.





Key Features and Benefits



Eliminate Spyware

Protect Against Viruses

Defend Against Internet Threats and Hackers

Recover Deleted Data

Rescue Data from System Crashes

Protect Against Identity Theft

Wipe Data from Drives

Defrag Hard Drives

Solve stubborn PC problems

Award-winning virus protection

Advanced spyware protection

Accelerate performance up to 300%



Enabling Homepage Guard will keep your Internet home page from changing without your knowledge. It stops malware, adware, viruses and other Web sites from taking you anywhere you do not want to go.



Enabling Search Page Guard keeps your Internet search page from changing without your knowledge. It stops malware, adware, viruses and other Web sites from taking you anywhere you do not want to go.







Fix System Errors

Speed up Internet Access

Recover from Disaster

Clean up System Clutter

Defrag Memory

Optimize the Registry

Block Web Popups

Set up Scheduled Maintenance

Repair Windows Security Flaws

Repair drives after system failure

Rescue data from system crashes

One-click complete PC tune-up

Complete system cleanup







Stop Dangerous Programs from Starting

Make Windows Boot Faster

Uninstall or Relocate any Program

Tweak Hundreds of System Settings

Save and Compare System Snapshots

...and so much more!



IMPROVED! Spyware Protection



Advanced protection from spyware, malware, adware, and other PC parasites.



NEW! Disaster Recovery



Rescue PCs that won't start and revive damaged hard drives.



NEW! Startup Optimizer



Accelerate boot speeds by optimizing the programs that start with Windows.



FASTER! Disk Defrag



Defragment drives up to ten times faster than the Windows built-in defragmenter.



NEW! Fix Hard Drive Problems



Drive Medic™ fixes disk problems before they can cause data loss or system failure.



NEW! Comprehensive System Inspector Tool



Get ultra-detailed diagnostic reports of all hardware and software in your PC.



ENHANCED! Registry Optimization



Find and fix even more problems that can arise from the Registry and cripple your system.



NEW! Advanced Process Manager



Look under the hood and see what's running. Optionally block dangerous items from starting again.



Eliminate spyware



Defrag hard drives



Fix system errors



Speed up Internet access



Recover from disaster



Clean up system clutter



Defrag memory



Optimize the Registry



Block Web popups



Set up scheduled maintenance



Repair Windows security flaws



Stop dangerous programs from starting



Make Windows boot faster



Uninstall or relocate any program



Tweak hundreds of Windows settings



Save and compare system snapshots







http://www.iolo.com/sm/