DelphiFAQ Home Search:

What is WinFixer 2005? It warns me about errors in my registry

 

comments9 comments. Current rating: 5 stars (1 votes). Leave comments and/ or rate it.

Question:

I had a message box pop-up that supposedly (?)comes from Internet Explorer and warns me about errors in the registry database. It offers then to install a tool (?) WinFixer 2005 to check my computer for free (Recommended). The message box was a real message box (not a browser pop-up window) – here is a screenshot:



Answer:

Anything that offers itself (as it is likely in this scenario) sounds suspicious. There is nothing wrong with free software. I am a big fan of open source software which can be both free like a free beer or free like a free human being (free from license limitations).
However, software that comes uninvited for free may not be so free after all. It probably wants to install further spyware or send data back to advertising servers. And yes, it is possible that they try to send back the user ids and passwords that browsers store for in local files for your convenience.

That WinFixer tries to also install an Active-X control from WinSoftware, certified from Thawte Code Signing CA. ‘Certified’ only means that this download indeed comes from WinSoftware.com. It is not any kind of endorsement of this software.



What is WinFixer? WinFixer falls in the category advertising software. It secretly installs itself or any other item without the user permission or knowledge. You probably got it from a web site by accidentally clicking on a confusing ad (you know, those seemingly uncloseable browser windows). When WinFixer is not running, popup and popunder ads are displayed while the main product is not running. That way it seems not to be related to the popups that it pretends to cure. Once you actually 'install' (activate) WinFixer, it keeps coming back, warning you about problems with your registry.

Below is a list of files and registry entries associated with WinFixer 2005.

// Files on hard disk to detect WinFixer

c:\Program Files\Winfixer 2005\install.exe
c:\Program Files\Winfixer 2005\sr.exe
c:\Program Files\Winfixer 2005\unins000.exe
c:\Program Files\Winfixer 2005\updater.exe
c:\Program Files\Winfixer 2005\wfx5.exe
c:\Program Files\Winfixer 2005\compcln.dll
c:\Program Files\Winfixer 2005\df_fixer.dll
c:\Program Files\Winfixer 2005\df_proxy.dll
c:\Program Files\Winfixer 2005\ffcom.dll
c:\Program Files\Winfixer 2005\ffwraper.dll
c:\Program Files\Winfixer 2005\fixcore.dll
c:\Program Files\Winfixer 2005\ftrec.dll
c:\Program Files\Winfixer 2005\idletrac.dll
c:\Program Files\Winfixer 2005\mmfix.dll
c:\Program Files\Winfixer 2005\oedrop.dll
c:\Program Files\Winfixer 2005\strres.dll
c:\Program Files\Common files\winsoftware\crxml.dll
c:\Program Files\Common files\winsoftware\pcheck.dll


// Entries in the registry:

HKEY_CLASSES_ROOT\compcleancore.appcleaner.1\clsid
HKEY_CLASSES_ROOT\compcleancore.appcleaner\clsid
HKEY_CLASSES_ROOT\compcleancore.appcleaner\curver
HKEY_CLASSES_ROOT\compcleancore.filecleaner.1\clsid
HKEY_CLASSES_ROOT\compcleancore.filecleaner\clsid
HKEY_CLASSES_ROOT\compcleancore.filecleaner\curver
HKEY_CLASSES_ROOT\compcleancore.inetcleaner.1\clsid
HKEY_CLASSES_ROOT\compcleancore.inetcleaner\clsid
HKEY_CLASSES_ROOT\compcleancore.inetcleaner\curver
HKEY_CLASSES_ROOT\compcleancore.regcleaner.1\clsid
HKEY_CLASSES_ROOT\compcleancore.regcleaner\clsid
HKEY_CLASSES_ROOT\compcleancore.regcleaner\curver
HKEY_CLASSES_ROOT\compcleancore.systemcleaner.1\clsid
HKEY_CLASSES_ROOT\compcleancore.systemcleaner\clsid
HKEY_CLASSES_ROOT\compcleancore.systemcleaner\curver
HKEY_CLASSES_ROOT\df_fixer.fixer.1\clsid
HKEY_CLASSES_ROOT\df_fixer.fixer\clsid
HKEY_CLASSES_ROOT\df_fixer.fixer\curver
HKEY_CLASSES_ROOT\df_proxy.drivermanipulate.1\clsid
HKEY_CLASSES_ROOT\df_proxy.drivermanipulate\clsid
HKEY_CLASSES_ROOT\df_proxy.drivermanipulate\curver
HKEY_CLASSES_ROOT\ffcom.flfixer\clsid
HKEY_CLASSES_ROOT\ffwraper.ffenginwraper.1\clsid
HKEY_CLASSES_ROOT\ffwraper.ffenginwraper\clsid
HKEY_CLASSES_ROOT\ffwraper.ffenginwraper\curver
HKEY_CLASSES_ROOT\fixcore.mmfixcore.1\clsid
HKEY_CLASSES_ROOT\fixcore.mmfixcore\clsid
HKEY_CLASSES_ROOT\fixcore.mmfixcore\curver
HKEY_CLASSES_ROOT\interface\{1ce1c25b-f8b4-4974-99d2-5d4ae96b9900}
HKEY_CLASSES_ROOT\interface\{9e984934-cd94-4763-9dbc-618e483d4b7f}
HKEY_CLASSES_ROOT\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\1.0
HKEY_CLASSES_ROOT\typelib\{6a077841-5016-42c8-92c8-f2d6b865bcd1}
HKEY_CLASSES_ROOT\typelib\{ad70ac89-f460-4e7e-b5a5-7eaf7e207736}
HKEY_CLASSES_ROOT\typelib\{b6625280-8cd8-4632-97c0-83cec12a49a3}
HKEY_CLASSES_ROOT\typelib\{f458adae-d53b-4859-b99f-9fa127791278}
HKEY_CLASSES_ROOT\typelib\{fc76a5b8-db35-4f3e-8b9a-bf0eea098d64}
HKEY_CURRENT_USER\software\winsoftware\winfixer 2005

Content-type: text/html

Comments:

2006-01-15, 13:56:51
anonymous from United States  
who owns/funds winfixer and is the DOJ aware of their actions?
r aysmcp@yahoo.com
2006-01-25, 07:04:50
anonymous from Australia  
why do people create viruses and why would you? its stupid because what thrill do you get from wrecking someones pc. how would they like it if their computer was infected
2006-04-01, 12:50:42
anonymous from United Kingdom  
| would like to get my hands on the A.H. behind Windfixer. I can't beleave that somthing so destructive and sly has been going for so long. My PC has been infected twice and the only way I've found of getting rid of it is to restore to a previous date.
2006-04-01, 12:52:19
anonymous from United Kingdom  
rating
2006-08-15, 04:27:39
anonymous from United Kingdom  
Well I do know that the domain is regestered in ukrane, prob to avoid the EU computer misuse act
2006-12-19, 15:40:22
anonymous from United States  
is there another way to get of it besides restore to previous date? I tried that already and it didn't work. I can try it again though...
2007-08-19, 19:08:13
anonymous from United Kingdom  
i am fed up getting messages on my computer telling me i have an error and winsoftware will fix it for me, i have ran my antivirus scans only for it to come up and tell me winsoftware is causing problems. why is this so, when there advertised on this site ???
2007-12-11, 17:21:06
Ryan  
Winfixer is a bogus rogue antivirus, but for me, is very easy to remove. Just download Ad-Aware Free, and Spybot - Search & Destroy. Run a full scan with both of them, and then download AVG Anti-Virus free, and then download avast! home edition. If you need more help go to youtube.com/learnyourabcsright. My channel for security.
2007-12-11, 17:22:47
Ryan from United States  
By the way, delete anything spybot and ad-aware finds. It should remove winfixer. If you encounter any other problems try a scan with avast and avg. And winsoftware only makes viruses so they can extort money from people.

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: