Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help removing Winfixer 2005/Winantispyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby askey127 » October 13th, 2005, 7:44 am

Stoltzy,

Please download this Registry Search Tool from here:
http://www.billsway.com/vbspage/

Unzip it to a convenient location such as your Desktop. Make sure that your Antivirus / OS allows the use of the .vbs scripts. If prompted, make sure to allow the script.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

8576DE55-EDED-4675-AF10-BA15EDDB4D7A

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes, and when it opens, copy/paste the content in your reply.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

0667bfe0-db8d-11d2-b93e-0000947b0341

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes, and when it opens, copy/paste the content in your reply.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

Winantispyware

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes, and when it opens, copy/paste the content in your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

To Askey 127...regsearch results...thanks!!!

Unread postby Stoltzy » October 13th, 2005, 9:12 am

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "8576DE55-EDED-4675-AF10-BA15EDDB4D7A" 10/13/2005 9:01:17 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExplorerWinAS]
@="{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWinAS]
@="{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWinAS]
@="{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellext.WASContextMenu\CLSID]
@="{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellext.WASContextMenu.1\CLSID]
@="{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}"


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "0667bfe0-db8d-11d2-b93e-0000947b0341" 10/13/2005 9:08:40 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ZEUS]
@="{0667bfe0-db8d-11d2-b93e-0000947b0341}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0667bfe0-db8d-11d2-b93e-0000947b0341}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0667bfe0-db8d-11d2-b93e-0000947b0341}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ZEUS]
@="{0667bfe0-db8d-11d2-b93e-0000947b0341}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZEUS]
@="{0667bfe0-db8d-11d2-b93e-0000947b0341}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ZEUS]
@="{0667bfe0-db8d-11d2-b93e-0000947b0341}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\ZEUS]
@="{0667bfe0-db8d-11d2-b93e-0000947b0341}"


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Winantispyware" 10/13/2005 9:10:06 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\was5.exe\shell]
"FriendlyCache"="WinAntiSpyware 2005 (Unregistered version) Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}\InprocServer32]
@="C:\\Program Files\\WinAntiSpyware 2005\\shellext.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4C0649B-B980-44A5-B259-9B09EBEA6331}\InprocServer32]
@="C:\\Program Files\\WinAntiSpyware 2005\\shellext.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE}\LocalServer32]
@="C:\\Program Files\\WinAntiSpyware 2005\\AsAgents.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B798A44-7DFC-4C46-BD8F-41259D169A0D}\1.0\0\win32]
@="C:\\Program Files\\WinAntiSpyware 2005\\shellext.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B798A44-7DFC-4C46-BD8F-41259D169A0D}\1.0\HELPDIR]
@="C:\\Program Files\\WinAntiSpyware 2005\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6}\1.0\0\win32]
@="C:\\Program Files\\WinAntiSpyware 2005\\AsAgents.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6}\1.0\HELPDIR]
@="C:\\Program Files\\WinAntiSpyware 2005\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D4C0649B-B980-44A5-B259-9B09EBEA6331}"="WinAntiSpyware Shell Hook"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS5_is1]
"Inno Setup: App Path"="C:\\Program Files\\WinAntiSpyware 2005"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS5_is1]
"InstallLocation"="C:\\Program Files\\WinAntiSpyware 2005\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS5_is1]
"Inno Setup: Icon Group"="WinAntiSpyware 2005"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS5_is1]
"DisplayName"="WinAntiSpyware 2005 3.0.26.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS5_is1]
"UninstallString"="\"C:\\Program Files\\WinAntiSpyware 2005\\unins000.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS5_is1]
"QuietUninstallString"="\"C:\\Program Files\\WinAntiSpyware 2005\\unins000.exe\" /SILENT"

[HKEY_USERS\S-1-5-21-1715567821-1645522239-682003330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\htm]
"a"="C:\\Documents and Settings\\User\\Desktop\\MalWare Removal View topic - Need help removing Winfixer 2005-Winantispyware.htm"
Stoltzy
Active Member
 
Posts: 11
Joined: October 9th, 2005, 10:50 am
Location: Croton-on-Hudson, NY

Unread postby askey127 » October 13th, 2005, 11:20 pm

Stoltzy,
Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExplorerWinAS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8576DE55-EDED-4675-AF10-BA15EDDB4D7A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWinAS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWinAS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellext.WASContextMenu]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellext.WASContextMenu.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\was5.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4C0649B-B980-44A5-B259-9B09EBEA6331}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B798A44-7DFC-4C46-BD8F-41259D169A0D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D4C0649B-B980-44A5-B259-9B09EBEA6331}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS5_is1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ZEUS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0667bfe0-db8d-11d2-b93e-0000947b0341}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ZEUS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZEUS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ZEUS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\ZEUS]



Save it to your desktop as filename Fixme.reg. Save it as File Type All Files (NOT as a text document, or it won't work).

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.
Reboot your computer.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

To Askey 127...Thank you!

Unread postby Stoltzy » October 14th, 2005, 10:28 am

Dear Askey 127...THANK YOU VERY MUCH! The winfixer seems to be gone. It's unbelievable to me what one has to do to get rid of such a thing. It really makes me hate these guys who invade my system.
But I thank you SO much for all the time you spent with me. I really, really...really appreciate it!!!

Kindest regards,

Steve Stoltz
Stoltzy
Active Member
 
Posts: 11
Joined: October 9th, 2005, 10:50 am
Location: Croton-on-Hudson, NY

Unread postby askey127 » October 14th, 2005, 4:11 pm

Stoltzy,
Good job getting this cleaned up!
If it looks good to you as well, let's take a few extra steps for extra protection:
-----------------------------------------------------------
Disable WinXP System Restore
Disable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them.
This only way to erase these files is to temporarily disable System Restore. You will lose all previous restore points which are likely to be infected.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
If you are not prompted to reboot, do it on your own.
-----------------------------------------------------------
After the Reboot,
Enable WinXP System Restore
- Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The Disable/Re-enable System Restore sequence is not to be done regularly, but only once after the removal of malware.
-----------------------------------------------------------
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
-----------------------------------------------------------
Install IE-SPYAD Find it here: https://netfiles.uiuc.edu/ehowes/www/resource.htm
IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents any downloads, cookies, or scripts from the sites listed, although you will still be able to connect to them.
A tutorial can be found here : http://www.bleepingcomputer.com/forums/Using_IE_Spyad_to_enhance_your_privacy_and_security-tut53.html
-----------------------------------------------------------
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
This website also contains useful tips, and links to other resources and utilities.

Good Luck from Here.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

To Askey 127...

Unread postby Stoltzy » October 14th, 2005, 4:26 pm

Thanks for the extra tips!!!!!!
Stoltzy
Active Member
 
Posts: 11
Joined: October 9th, 2005, 10:50 am
Location: Croton-on-Hudson, NY

Unread postby NonSuch » October 23rd, 2005, 3:46 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27215
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware