Does MivroSoft have a removal tool for WinFixer?
Iv'e runAdAware,Spybot,Beta,Yahoo.and AVAST, but notheing seems to get rid
of this thing.
robert

From: "Robert" <Robert@discussions.microsoft.com>

|
| Does MivroSoft have a removal tool for WinFixer?
| Iv'e runAdAware,Spybot,Beta,Yahoo.and AVAST, but notheing seems to get rid
| of this thing.
| robert

Two phase answer...

Perform Part 1 the perform part 2

Part 1
------------
Download Adware-Virtumundo Removal Tool v1.5 --
http://secured2k.home.comcast.net/to...undoBeGone.exe

Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

Part 2
------------
Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe

Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Dave Lipman,
Thanks for the info.So far, I have run the Mcafee Scan which removed
all kinds of stuff ,but the pop ups continue and seem worse.I'll try the
other websites you listed.
Appreciate your help..
--
robert


"David H. Lipman" wrote:

> From: "Robert" <Robert@discussions.microsoft.com>
>
> |
> | Does MivroSoft have a removal tool for WinFixer?
> | Iv'e runAdAware,Spybot,Beta,Yahoo.and AVAST, but notheing seems to get rid
> | of this thing.
> | robert
>
> Two phase answer...
>
> Perform Part 1 the perform part 2
>
> Part 1
> ------------
> Download Adware-Virtumundo Removal Tool v1.5 --
> http://secured2k.home.comcast.net/to...undoBeGone.exe
>
> Information on the Adware-Virtumundo Removal Tool:
> http://forums.mcafeehelp.com/viewtopic.php?t=57049
>
> Part 2
> ------------
> Download WinFixerFix.exe from the URL --
> http://www.ik-cs.com/programs/virtools/WinFixerFix.exe
>
> Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before performing another scan.
> It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
> report for each session.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "Robert" <Robert@discussions.microsoft.com>

| Dave Lipman,
| Thanks for the info.So far, I have run the Mcafee Scan which removed
| all kinds of stuff ,but the pop ups continue and seem worse.I'll try the
| other websites you listed.
| Appreciate your help..

Don't forget run them in Safe Mode and Normal Mode.

Also...
Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Dave,
This is the report run in the "Normal" mode.I'll try the 'Safe Mode" next.

Virus Scan Report File
Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4656 created Dec 22 2005
Scanning for 167436 viruses, trojans and variants.

Virus Scan Results


12/22/2005 20:05:39


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML
"C:\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*
C:\Program Files\bbsetupaud.exe ... Found potentially unwanted program
Adware-BonziBuddy.dr.
The file or process has been deleted.
C:\Program Files\MyWay\myBar\2.bin\F3HTMLMU.DLL ... Found potentially
unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE ... Found potentially unwanted
program Adware-MySearch.
The file or process has been deleted.
C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL ... Found potentially unwanted
program Adware-MySearch.
C:\Program Files\MyWay\myBar\2.bin\MYPOPSWT.DLL ... Found potentially
unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe ... Found
potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe ... Found
potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl ... Found
potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll ... Found
potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll ...
Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\414C9864-3BF0-4141-A85D-768059\BA0E720D-C367-4CBF-AA56-6EA436 ... Found potentially unwanted program Medload.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\817D068B-C013-45C1-A1A9-0CAAFE\FE1F3A05-1C01-41AA-87CE-DD021E ... Found potentially unwanted program Adware-PromulGate.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\817D068B-C013-45C1-A1A9-0CAAFE\9DD64252-A903-44AD-ADE7-6B17C1 ... Found potentially unwanted program Medload.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\817D068B-C013-45C1-A1A9-0CAAFE\C0AE4C3B-E2E0-4A54-9672-D86F66 ... Found potentially unwanted program Adware-PromulGate.dll.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\09EEBBA3-04C1-415A-B208-8460F2 ... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\9D424537-F95F-4830-9D72-828A46 ... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\B6BCF48C-14A2-48C5-A3D0-2816C9 ... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\C14D3E30-9432-48C7-AEDB-A8A841\9EE484BF-B569-48A9-AE1E-D3B9F5 ... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\Program Files\Kirby Alarm\kirbyalarm.exe ... Found virus or variant New
Malware.b !!!
Please send a copy of the file to McAfee
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde47.tmp\BDEINSTALLMAN3.EX E ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde4C.tmp\BDELOAD.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde4E.tmp\BDEPLAYER3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde55.tmp\BDEENGINE3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde5B.tmp\BDEIMAGE.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde5D.tmp\BDEWRAPPER3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde5F.tmp\BDESAC24.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde62.tmp\BDESAC10.DLL ... Found potentially unwanted
program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local
Settings\Temp\BDECache\bde68.tmp\BDERASTDX3.DLL ... Found potentially
unwanted program Adware-BDE.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local Settings\Temp\httppost.exe ... Found
potentially unwanted program Adware-Favman.
The file or process has been deleted.
C:\Documents and Settings\BOB\Local Settings\Temp\gate.exe\gate.exe ...
Found the StartPage-CD trojan !!!
The file or process has been deleted.
C:\Documents and Settings\Robert\Local
Settings\Temp\NI.UWFX5_0001_N57M2811\setup.exe ... Found potentially unwanted
program Winfixer.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP544\A0061821.exe\A0061821.exe ... Found potentially unwanted program Adware-SurfAccuracy.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064597.exe
.... Found potentially unwanted program Adware-BonziBuddy.dr.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064598.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064599.EXE
.... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064600.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064604.exe
.... Found potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064605.exe
.... Found potentially unwanted program Viewpoint.dr.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064606.cpl
.... Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064607.dll
.... Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064608.dll
.... Found potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064609.exe
.... Found virus or variant New Malware.b !!!
Please send a copy of the file to McAfee
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064610.exe
.... Found potentially unwanted program Adware-Favman.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP568\A0064611.exe\A0064611.exe ... Found the StartPage-CD trojan !!!
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060403.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060405.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060406.EXE
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060407.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP526\A0060408.DLL
.... Found potentially unwanted program Adware-MWS.
The file or process has been deleted.

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on C:\*.*
File(s)
Total files: ........... 160576
Clean: ................. 156403
Possibly Infected: ..... 4
Cleaned: ............... 0
Deleted: ............... 48
Non-critical Error(s): 2
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Scanning D: []
Scanning D:\*.*

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on D:\*.*
File(s)
Total files: ........... 2451
Clean: ................. 2451
Possibly Infected: ..... 0
Cleaned: ............... 0
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:27.07


--
robert


"David H. Lipman" wrote:

> From: "Robert" <Robert@discussions.microsoft.com>
>
> | Dave Lipman,
> | Thanks for the info.So far, I have run the Mcafee Scan which removed
> | all kinds of stuff ,but the pop ups continue and seem worse.I'll try the
> | other websites you listed.
> | Appreciate your help..
>
> Don't forget run them in Safe Mode and Normal Mode.
>
> Also...
> Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
> reply.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "Robert" <Robert@discussions.microsoft.com>

| Dave,
| This is the report run in the "Normal" mode.I'll try the 'Safe Mode" next.
|
| Virus Scan Report File

< log snipped >

Some found were in the System restore cache.

Others found in the Microsoft AntiSpyware Quarantine folder.

Bonzi-Buddy and MyWay Bar are not associated with WinFixer 2005 so you have a broader
adware/spyware infection.

We can deal with that after you have executed the tools already provided executed in both
Normal Mode and in Safe Mode.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

--Hi Dave,
Iv'e included the report run in the "Safe" mode.I don't see anything
and pop-ups continre. Even if we don't solve the problem,have a "Merry
Christmas".
(Both Safe and Normal scans hove now been run.)

Virus Scan Report File
Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4656 created Dec 22 2005
Scanning for 167436 viruses, trojans and variants.

Virus Scan Results


12/23/2005 20:13:35


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML
"C:\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*
C:\System Volume
Information\_restore{5B12B370-FAB3-4830-9F0B-E5BE3C51BB97}\RP569\A0064626.DLL
.... Found potentially unwanted program Adware-MySearch.
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 249307
Clean: ................. 245158
Possibly Infected: ..... 0
Cleaned: ............... 0
Deleted: ............... 1
Non-critical Error(s): 2
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Scanning D: []
Scanning D:\*.*

Summary report on D:\*.*
File(s)
Total files: ........... 2453
Clean: ................. 2453
Possibly Infected: ..... 0
Cleaned: ............... 0
Master Boot Record(s): ......... 2
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:19.34




robert


"David H. Lipman" wrote:

> From: "Robert" <Robert@discussions.microsoft.com>
>
> | Dave,
> | This is the report run in the "Normal" mode.I'll try the 'Safe Mode" next.
> |
> | Virus Scan Report File
>
> < log snipped >
>
> Some found were in the System restore cache.
>
> Others found in the Microsoft AntiSpyware Quarantine folder.
>
> Bonzi-Buddy and MyWay Bar are not associated with WinFixer 2005 so you have a broader
> adware/spyware infection.
>
> We can deal with that after you have executed the tools already provided executed in both
> Normal Mode and in Safe Mode.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "Robert" <Robert@discussions.microsoft.com>

|
| --Hi Dave,
| Iv'e included the report run in the "Safe" mode.I don't see anything
| and pop-ups continre. Even if we don't solve the problem,have a "Merry
| Christmas".

IYou previously mentioned Ad-aware and SpyBot but failed to mention their versions. Below
are the latest versions and THEY need to be used by scanning in Safe Mode. I also suggest
BHOdemon.

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

http://www.majorgeeks.com/downloadge...4332b4b8b8442d



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm