TheSpywarePros NoAdware Logo

As Mentioned in:

TheSpywarePros Featured in Dallas News

TheSpywarePros Featured in Miami Today

TheSpywarePros Featured in WCNC

Over 35,000,000 Downloads and Counting!

Home   ::   About Us   ::   Download   ::   Testimonials   ::   FAQ   ::   Articles   ::   Newsletter   ::   Support   ::   Contact Us

Testimonials (unedited)
 
"I would like to thank you for your product. We had 18 parasites on our computer and after we ran your program our computer has operated so much smoother and the strange behavior and freezing has stopped. We are very happy."

- Phil Bates
 
"I was a bit dubious about noadware at first. let me tell you my computer is now zippier. perkier. it really helped. i had quite a few invasions by bad
parasites. my computer now zips through things.
Thank you!"

- Cynthia D'cruz
 
"After just purchasing your product, i couldn''t believe just how unintrusive it
is, the program simply zips through the system and detects files that most
internet users are totaly unaware off, it runs with a ''no mercy'' theme and
does a brilliant job of elimination."

-Tom Vinters
 
"I thank you with EXTREME thanks. My computer works perfectly once again."

- Pearl Hartman
 
"I have this evening got rid of parasites, which was driving me into an early grave!!! And I owe it all to NoAdware - THANKS!!!!!"

- Fredrick Simmons
 
 

 

#102 - How to get rid of the WinFixer Virus (Vundo Trojan)

Thanks Helga!

What can be farther from the truth than naming a virus something like WinFixer?
Yet, it's one of the latest virus' plaguing computers around the world, particularly Win 2000 and WinXp users.

WinFixer (also known as the Vundo Trojan) is related to Adware. Adware comes through corrupt sites and installs itself without the users' agreement. Adware parasites perform actions related to data recorded about the user.

Gathered information can be related to browsing history, the most visited pages, the products bought and more... Adware has the opportunity to update itself without user consent and attack you with newly updated ads in an ongoing cycle.

WinFixer behavior and symptoms are:

· Browser performance can be slow
· Possible pop-up ads display, search redirects
· Windows errors can be caused
· System crashes and restarts can occur

Every time the computer is booted up, WinFixer pops up and tries to run its installer. It can be closed, but sometimes that does not work, or if accidentally the wrong button is pressed WinFixer begins the installation process. Rebooting while it is trying to install is the only thing that will stop it. The process starts all over again after computer restart. WinFixer shows popup ads even if the main product is not running. Removing it multiple times using Add/Remove programs does not help, because it keeps coming back.

Here's the worst part: WinFixer is one of the more serious viruses affecting your registry and system files, and making removal much more complex.

If you are familiar with computers, and are able to edit your registry the removal steps are listed below - if you are not this familiar with computers, please see someone who is, or take it to a retailer.

Removal steps for WinFixer are as follows:

  • This guide fits for Windows 2000 and XP versions. Firstly you have to create Hijackthis log. (Download HijackThis)
     

  • Locate O2 - BHO: MSEvents Object line in the log. If such line is not found terminate reading this paragraph and jump to Manual WinFixer removal on the bottom of the page.
     

  • O2 - BHO: MSEvents Object is the line where WinFixer is hiding. Whole line should look like this O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\zxcvb.dll, but the {827DC836-DD9F-4A68-A602-5812EB50A834} and C:\WINDOWS\system32\zxcvb.dll parts can be different from the lines you can see on your log file. All you have to do is write the second part (C:\WINDOWS\system32\zxcvb.dll) down and use it INSTEAD of C:\WINDOWS\system32\zxcvb.dll in the future
     

  • Download VundoFix.exe to your desktop and run the file to extract VundoFix. All extracted files will be located on the desktop.
     

  • Reboot the computer into safe mode by choosing "Restart" option and pressing F8 key until menu appears. Choose "Safe Mode" and hit "Enter".
     

  • After computer is booted up, go to VundoFix folder and run KillVundo.bat file. First a caution window will appear - press "Enter". Further you will be asked to enter the line that you have written down in the third step. After the line is entered press "Enter". A message "Please type in the second filepath as instructed by the forum staff" should appear.
     

  • Now type the same line as you did before, but the "zxcvb" part (you have to use your own discussed in third step) writing in reverse order - "bvcxz" and replacing "dll" extension with *. So the final line will look like C:\WINDOWS\system32\bvcxz.* Press "Enter".
     

  • Finally HijackThis will be launched automatically (if not - start it manually). After scan if you can locate lines
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\zxcvb.dll
    O20 - Winlogon Notify: C:\WINDOWS\system32\zxcvb.dll
    Check them and press "fix checked".
    ATTENTION! the C:\WINDOWS\system32\zxcvb.dll part on the both lines has to be the same as you have written down in the third step.
     

  • Reboot the computer

NOTE: Use at own risk. These are self-help removal instructions and we are not responsible for misuse of directions. Also, make a system and registry backup in case you make an error.

Protect your investment - Download NoAdware 4.0 for FREE

 
Home   ::   About Us   ::   Download   ::   Testimonials   ::   FAQ   ::   Articles   ::   Newsletter   ::   Support   ::   Contact Us
Copyright © 2005  TheSpywarePros.com & NoAdware.net
This site is a Division of HoylesMedia.com