Computer Fix Description

Do not be fooled by Computer Fix. This fake defragmenter program does the complete opposite of what its name implies; instead of fixing your computer system, Computer Fix has been designed to harm it deliberately. Computer Fix is part of a scam that intends to steal your money by convincing you to purchase a useless, fake security utility for your computer system. Computer Fix has several clones, some of which include System Restore, System Fix, and HDD Repair. Computer Fix will display an extremely large number of alarming system alerts and error messages that are designed to convince the victim that the computer system is infected with a number of dangerous Trojans. Remember, Computer Fix is associated with a Trojan infection and is probably at the root of any possible problems on your computer system. Because of this, our malware analysts strongly recommend removing Computer Fix with a legitimate anti-malware program that is fully up to date.

Symptoms of Computer Fix

As was mentioned before, Computer Fix wants its victim to detect a problem. It does this so that the victim will purchase a useless “full version” of Computer Fix. ESG security researchers have listed a few other symptoms associated with Computer Fix:

• Computer Fix will use a Trojan to try to make you believe that your files have been deleted suddenly. To do this the Trojan will change your file’s settings so that they will be hidden from view. Most of the time, the Trojan not be able to delete files or folders permanently.
• The main way to recognize a Computer Fix infection is by its large number of constant security alerts and error messages. These can become an annoying presence that can seriously interfere with your daily operations.
• Computer Fix is not designed to interact nicely with your operating system or with other applications. Because of this, a computer system infected with this malware invader will typically become extremely slow and unstable. In the event of a Computer Fix infection, you can expect constant crashes and the appearance of the “Blue Screen of Death”.

Type: Rogue AntiSpyware Programs

How Can You Detect Computer Fix?

Computer Fix Removal Details

Computer Fix has typically the following processes in memory:

• %Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS].exe

Computer Fix creates the following files in the system:

• %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\3
• %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\
• %Documents and Settings%\[User Name]\Start Menu\\Programs\Computer Fix\Uninstall Computer Fix.lnk
• %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\2
• %Documents and Settings%\[User Name]\Local Settings\Application Data\~
• %Documents and Settings%\[User Name]\Start Menu\\Programs\Computer Fix\Computer Fix.lnk
• %Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS]
• %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\1
• %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\4
• %Documents and Settings%\[User Name]\Start Menu\\Programs\Computer Fix\
• %Documents and Settings%\[User Name]\Desktop\Computer Fix.lnk

Computer Fix creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS].exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0′
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU “MRUList”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS]”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0′
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0′

Important Article Disclaimer