Re: winfixer removal
The current flavor of the Winfixer nasty is based on a recent variant of a fairly well-known exploit and incorporates coding which renders it much less susceptible to detection and removal than its elder kin. This stuff evolves; thats its nature.
The "fix" recommended by garney is a relatively safe and generally reliable method, though it is pretty involved for the typical user. The instructions leave quite a bit to be desired, and the process should not be followed without first posting a HiJackThis log for informed advice, as some of the specific suggestions offered refer to folder, file, and registry item values which very well may be - in fact typically are - variables and will not apply to everyone's particular individual situation. In some cases, HJT will not provide the necessary info (the trojan is very good at concealing itself), something which may necessitate a different track-down method for the discovery of the info needed to permit effective follow-through removal steps. Knowing what to look for and how to find it are the keys to getting it done.
While I have nothing against spyware-removal-guideline.com, I think it should be pointed out that is a commercial website which promotes download and purchase of its own particular security/privacy products. The free removal process they offer there is based on
aTribune's VundoFix utility, an essentially well regarded free tool, safe and reliable in most cases, though there have been reports of problems (generally of the user-error type, but problems none the less, and lots of them).
Downloading (and of course carefully reading and following the instructions)
Symantec Trojan.Vundo Removal Tool, V. 1.31 (or later), most recent update at time of this writing Oct 17, 2005, would be the option I recommend, though also I strongly recommend a HiJackThis log be posted first, as other things may be (and most often are) involved.
Finally, the entire cleanup process outlined
HERE should be followed in its entirety to ensure a clean and secure system. I know the process appears daunting to some, but it really is quite simple. There are only 4 main compnents;
1) perform the recommended downloads and updates without running the scans, tools, or fixes yet,
2) perform the online scans, saving logs as requested,
3) disconnect from the internet, boot into safe mode, execute the applications in the order listed, saving logs as requested,
4) reboot normally, perform the two scans, HJT and EWIDO, one more time, saving the logs, reconnect to the internet, navigate to your help request thread, and post the saved logs as detailed.
Yeah, its nitpicky and takes a bit of time effort, but it is free, safe, thorough, and proven effective. If getting rid of the sorta yuckware that brought you to this discussion was easy, there wouldn't be a problem, there wouldn't be all sortsa scammers and opportunists out there on the web offering fee-based "help", and you wouldn't be looking here or elsewhere for a solution. Think about it.