Eliminating Winfixer Spyware!
Yesterday, my sister was complaining about annoying ‘Winfixer’ popups while she was using her laptop. When I heard ‘Winfixer’, I immediately thought “SPYWARE!”. The week before she had the same problem, but I thought I removed it since Adaware SE detected and claimed to have removed it (Spybot and A-squared failed to detect it, btw).
So today, with some free time, I decided to investigate. I found that this ‘Winfixer’ is a real application but it can be integrated into certain programs for the purpose of spyware! And a lot of people were having problems removing it. The side effects of ‘Winfixer’ spyware are frequent Winfixer promotion popups in Internet Explorer and multiple browser page launches even when in the Windows Explorer. This was what my sister was experiencing from ‘Winfixer 2006’ spyware.
Anyway, it seems as though Winfixer occurs with the adware VirtuMonde and trojan Vundo, as claimed by Symantec Security Response. Here are the steps I took to remove this nasty piece of spyware (I am not responsible for any negative consequences of carrying out the proceeding. Please be careful of what you modify and delete!):
A. To Be Performed in the Windows Safe Mode
B. The following should only be performed after all major scans.
First filepath: C:\WINDOWS\system32\mljji.dll
Second filepath: C:\WINDOWS\system32\ijjlm.*
Your system should now be clean from Winfixer, Virtumonde and Vundo malware! I would advise that all of these steps be performed in the Windows Safe Mode with the exception of downloading and installing the necessary software. Make sure that you have all of the software downloaded, because you will want to minimize any internet activity that might trigger Winfixer to reproduce or fix itself. (In the Windows Safe Mode you will not have any internet connectivity.)
I must warn that the above steps may not be relevant for everyone. I only did what I did because I let all of my antispyware scan and pick up any traces of malware thereby reducing the amount that would need advanced cleaning later.
1. Using Mozilla Firefox as an alternate internet browser will decrease any currently installed ‘Winfixer adware’. In the long run, however, you should switch to Firefox because of its enhanced security over Internet Explorer.
2. Use the Immunize feature of Spybot Search & Destroy every time you update the software. Compounding this with Spyware Blaster’s protection doesn’t hurt either.
3. Lock the Hosts file in Windows. There is a feature in Spybot Search & Destroy to do this. You can also lock your homepage so that browser hijackers will not be able to change it should they become installed.
4. Keep your antispyware, antivirus and all security software updated. All of the software that I used in this fix are free!
5. Take responsibility in the websites you visit and the links you click. Don’t fall for scams in ads. Be careful of what you download.