WinFixer

By Domesticus in Spyware | 23 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Translate To:     Español  |   Português
 More... More

WinFixer Description

WinFixer is a deceitful application that reports exaggerated scan results, claiming that a PC is infected with numerous malware. After displaying a number of security warnings and irritating pop-ups, WinFixer will convince a user to purchase its “full version” in order to remove all the purportedly detected malware. WinFixer cannot be trusted as it is not able to detect or remove any real malware.

Type: Spyware

How Can You Detect WinFixer?

Download SpyHunter’s Detection Scanner
to Detect WinFixer.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

WinFixer Technical Report

As new WinFixer details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following WinFixer files with its MD5s were created in the system:

File Name File Size MD5
awvts.dll 243296 841ea219675c6800ecc776d92bb571c1
awtsq.dll 228960 5ff724cbed79cf8d757b4281012e64c2
awtst.dll 266336 f4555bb007c3a2ca71d2ad4c2f66639e
mllmj.dll 266336 3b8ffcf9cda23504309930247af10f11
awtst.dll 266336 7ecc8a294672ddfa215e4dde2c30d4c8
ssqrs.dll 266336 0020637716a934d0b573259a95f74003
jkkjh.dll 266804 40f924176ae136aaa6e8ea4321f3bb65
pmnli.dll 266336 dd3b279c39ccdfd09d7a64cb51532f11
mllmj.dll 285273 204d0861ce4d9990d4d82e6abe314ec9
ddayw.dll 262708 1db53c9f403a3d590edc271b331adbb7
ddabc.dll 262708 1d2e19d5b4b469da41e2e9577fc9636b
pmkjh.dll 266304 4d16a4b041a024600b323840a3596ac6
opnkjhg.dll 287766 4cec0bd5895f1104b100327133e19d82
gebxv.dll 244832 8a4fa77ab6eb41b3c4f48a01919a22e5
en.exe 189472 ce3b255b9781efa47078201203195653
awtst.dll 305248 8dca008cd86c9813c215cfe550a9c806
pmkjh.dll 319584 a9c9540da966aa090c3102382053fe0e
rqolm.dll 322656 c38e1f6753f20917b7682cfc7bc03e3d
awtst.dll 315488 cc8c3bb038547e91aa95e90ca9c858bd
ddayw.dll 314784 2397e71b20209fd7f6e40402fa074b19
ssqrs.dll 344576 1f1811e9129cab92b8d50e737ef9871b
installer_en[1].exe 204592 197a6a3e4d68aaa71a7c455b2249f29e
install_en.exe 69 459686491a704b0203c147ad92a5f56a
mllmm.dll 319584 a7da8ed1306a0572e34bb9bcbc085d81
awvts.dll 305760 4862823f383efdac45d4e308ca917867
pmkjh.dll 321600 a5b2dfd71b62939e2c63ed4cd6a9be99
setup_en[1].exe 260376 6690faec1d3f0169fd4cb6fc81b2475c
install_en.exe 190744 370e56560e02e88aaf6356d18fda1c4f
UWFX5LP_0001_0614NetInstaller.exe 40448 55144c3347dc4672206386c981bd870a
bm.exe 589824 d5a7c8de2bd1867df65f16d2f6138cd7
wfxcwr.exe 94208 591e7cd595aef40b1dabe5f156faf927

WinFixer Removal Details

WinFixer has typically the following processes in memory:

  • winfixer20.exe
  • setup.exe
  • sr.exe
  • wfx5.exe
  • compcln.dll
  • ffcom.dll
  • ftrec.dll
  • oedrop.dll
  • ddayw.dll
  • pmnli.dll
  • ssqrs.dll
  • pmkjh.dll
  • rqolm.dll
  • winfixer2005setup.exe
  • uwfx51.exe
  • install.exe
  • unins000.exe
  • pcheck.dll
  • df_proxy.dll
  • fixcore.dll
  • mmfix.dll
  • df_kmd.sys
  • mllmj.dll
  • awtst.dll
  • awvts.dll
  • gebxv.dll
  • winfixerscannerinstall.exe
  • uwfx5lp_0001_0803netinstaller.exe
  • df_kme.exe
  • updater.exe
  • crxml.dll
  • df_fixer.dll
  • ffwraper.dll
  • idletrac.dll
  • strres.dll
  • ddabc.dll
  • jkkjh.dll
  • awtsq.dll
  • opnkjhg.dll

WinFixer creates the following files in the system:

  • activate.dat
  • lock.dat
  • up.datdatabase.sav
  • sr.log
  • support.url
  • updater.dat
  • lapv.dat
  • unins000.dat
  • license.rtf
  • update.log
  • template.dbx
  • flash.ini
  • bnlink.dat
  • pv.dat
  • program.sav
  • trace.log
  • wfx5.url

WinFixer creates the following registry entries:

  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingsfirstrun
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingslast_scan_low
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingslastscanerrorcount
  • HKEY_LOCAL_MACHINE\software\winsoftware\winfixer2005abbr
  • HKEY_LOCAL_MACHINE\software\winsoftware\winfixer2005installpath
  • 23868256-5CDA-47E9-8F7E-C407F3B43E5F
  • 463C93D7-E756-4430-85B5-6086A754CC9C
  • 94387CA3-0BED-4B3B-B987-B687805C46F2
  • 351386ED-919E-4CD2-AFA9-1F61ECFC9C82
  • 640AF234-E823-4916-96AA-2C9D79788290
  • EC4DDB07-8E2F-425B-A138-14A587CEF60F
  • 343A2FED-471A-487B-B610-67B7DE246D69
  • D73C235F-D1C2-4DF8-9B51-5A39DFFF7B19
  • A018263B-3D4C-4EE5-BAED-955DB86E7851
  • C3C00057-1451-4334-93D9-3A5EF6031527
  • 5DE85B13-89DC-411B-BD04-420E02FE8322
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settings
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingslast_scan_high
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingslast_timeout_low
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWinFixer2005
  • HKEY_LOCAL_MACHINE\software\winsoftware\winfixer2005euluwfx5lp_0001_0803
  • B8B55274-0F9A-41E5-9067-A3539BD9E860
  • 012F1474-1963-4459-A244-20763BE45D42
  • 05CE46FF-21E1-4B93-B9B8-3C1A78BE2D05
  • D6350473-7DC0-4704-BEC0-9B035064A150
  • 60C9C42E-8651-45C7-9AF0-EF97CEA2A991
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqrs
  • D2312F19-F9F7-4FF0-8C5D-36E3E6E5E853
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awvts
  • 295B7A47-742F-432D-AF1A-8B0E452C8348
  • 2E379BBC-E37E-48DD-8855-B72243B676D2
  • 8EEE59BD-F526-4477-9E4B-21400B0CAFA4
  • 410B047E-A4D8-4875-89AD-98E0415E9676
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingsinstalldate
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingslast_timeout_high
  • HKEY_CURRENT_USER\software\winsoftware\winfixer2005\settingsoverwriteandbackupfilestopath
  • HKEY_LOCAL_MACHINE\software\winsoftware\winfixer2005activationcode
  • HKEY_LOCAL_MACHINE\software\winsoftware\winfixer2005productcode
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mllmj
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnli
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkkjh
  • FBC5ABD9-0E0B-44D7-9AA7-4DC9AA885A5F
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtst
  • 5E079580-BD0F-4987-9333-05960D834E5C
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtsq
  • 5FDBC8F3-5251-435D-8B5E-AEC8DE47FC29
  • 57EFEE45-3BC5-4206-87CC-09AA124C5747
  • 393DE829-A62C-4D53-B65B-AE60EAC55345
  • C59199B8-CE52-42C5-ADDF-5E02AE66D6BC

Important Article Disclaimer

ESG Support Center

This entry was last updated on 12/29/09 and posted on 12/29/09. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Fake.RegDefend
Worm.Perlovga.B »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.