回复：最近经常蹦出winfixer的警告

WinFixer is a bogus antispyware and spam blocking application that attempts to market itself by surreptitiously installing adware on the workstation. This adware aggressively and incessantly displays popup notifications in an attempt to convince the user that something (other than its own existence) may be amiss with the computer.

WinFixer might also be spyware or malware; no authoritative determination has yet been made.

WinFixer's claim:

WinFixer 2005 is useful utility to scan and fix any system, registry and hard drive errors. It ensures system stability and performance, frees wasted hard drive space and recovers damaged Word, Excel, music and video files.

In reality, WinFixer does none of these things.

The company that makes Winfixer, Winsoftware Ltd., claims to be based in Liverpool, England, however that is a lie[1]. Its domain has, in fact, been traced to Kiev, Ukraine[2]. A Canadian firm Big Pipe Inc., a division of Shaw Communications, is alleged to be providing web hosting [3].

How it Infects and Survives

The problem is typically initiated via a popup ad displayed during a visit to a distributing web site. Reports suggest that this initial popup is constructed such that any attempt to dismiss it (including clicking the 'X' in the upper right-hand corner) actually causes the adware to be installed on the workstation. From this point on, WinFixer popups are launched from the workstation itself. Because of the intricate way in which the adware insinuates itself into its host (including making dozens of registry edits), successful removal is a tedious, manual process (as of Dec 2005). When running, it can be found in Windows Task Manager and stopped, but before long it will start up again.

Remedies

Clicking anywhere on the pop-up ads, including the 'close' button in the top right hand corner, can result in WinFixer being downloaded to the user's machine. Users report that one way around this is to disconnect from the internet before closing the popup, thus preventing the program from being downloaded.

Purchasing the 'solution' from WinFixer once the user's computer has been infected may remove the problem; this is not recommended as it will only encourage the creators of scumware to continue exploiting people.

As of Dec 2005, the better-known antivirus and antispyware software packages are beginning to address the problem. But cleaning up a WinFixer infection is still a tedious, manual process that requires editing the registry. Both McAfee and Symantec have published procedures for doing this. (But those links do not contain that data. In fact McAfee says that this is actually legitimate software and not a virus.)

Note that besides WinFixer itself, there are several other products to be found on the Web that claim to have the ability to stop WinFixer. The user is advised to take care, as many of these 'solutions' are themselves WinFixer clones.

Another option is to switch from IE to other web browsers, such as Mozilla's Firefox or Apple's Safari.

Other technical information

WinFixer is closely related to Aurora Network's Nail.exe hijacker/spyware program. In worst case scenarios, it may embed itself in Internet Explorer and may be nearly impossible to remove. The program is also closely related to the Vundo and Virtumonde viruses.