, 18 min read
Winfixer got to me, but I had the last word
20 thoughts on “Winfixer got to me, but I had the last word”
Daryl says: I’ve scanned there website, there are no contact details. I think that their practises are shadey to say the least. Really like to find someway of shutting them down.
Ameara says: I knew it! I am having the same problem with Winfixer, and it is getting incredibly worse. After quite a bit of work, I did find some contact information and sent them a lengthy and angry e-mail, which of course I have yet to hear a response. Anyway, I am writing you to see if you know of anything I can do to get rid of the darn pop-ups. The only “solutions” I found online were to download other spyware software; no thanks. I would appreciate any help you can give me, or if you know of any trustworthy program I can get. I read what you did, and unfortunatly I am not computer savy enough to have any idea all what you were talking about.
Alan.Lonetree says: I have this stupid winfixer thingy appearing in my computer too. I got this shit installed on my windows machine without any knowledge where it comes from. Its pretty annoying. I hope it would not hit my linux machine since the first post said it hit his linux. I hate spyware and adware. Such shit shouldn’t even have existed. Really hope these idiots should be penalised and punished.
Anyway, I think I am lucky enough that my system is protected by a recivery card. So after this session of usage, I will reboot my computer and everything will be removed.
Once again, whoever own this winfixer thing, you shouldn’t even be existed in this world. No body will say that you are great for doing such destroy. Please! do something constructive with the knowledge you have.
Jim McMullin says: I when through both Firefox and Explorer on Wintel and checked the trusted sites on the security settings. Sure enough, there’s winfixer. I changed it to block. Also found it it in the cookies. Damn… someone nuke that site.
Kiki says: I have winfixer popups that are driving me nuts. How exactly do I get rid of this. What is etc/hosts and how did you add the line 127.0.0.1 http://www.winfixer.com to it.
I am not computer savvy so I need help. I would appreciate your feedback. THanks, Kiki
jamie says: Please can you tell me how to get rid of these very
annoying winfixer pop ups,i have only had a computer about 3 weeks & been on the internet about the same amount of time.It`s getting to be that annoying that i`m considering giving it up all together,because there is no enjoyment in trying to do whatever it is your trying to do with these stupid pop ups appearing every few seconds.
Thanks Jamie
Norma: the solution I offered was specific to Linux. For Windows, it would also work, but I don’t know exactly how to do it. Might have to do with the c:windowslmhosts file though I don’t use Windows much myself.
Norma says: HiDaniel… I am so computer “out of it” Can you please provide step by step direction on how to add the information to etc/hosts. Will it work on Explorer?
p says: Winfixer tried hijacking my IE session and took me to:
And there was an error on the page:
Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING,
expecting ‘)’ in /var/www/html/trafc/db_sdate.php on line 8
I knew this was not legit, and I never consented to downloading any
software from these guys.
I looked at the directory where the script is:
http://202.67.220.227/trafc
… and found interesting files there. One has IP addresses. Another
has something with the word Administrator in it. And one has code
written in perl to manage their campaigns…
What would be the best way to inform people that their computer
address is some company’s advertising target, and to also notify the
world that these guys are not legitimate?
By the way, in their perl code, it seems SpyBot S&D is an accomplice…..not necessarily a threat to WinFixer (I may be misreading perl code, so go check it for yourself.)
Hi Daniel
I’ve just got stung by this too. Same deal, firefox on linux and I’m also using the Sessionsaver extension. I found clearing the cache/cookies/saved passwords etc did not work BUT if I did that, restarted firefox, closed the popup then opened several new tabs, recleared the cache etc and restarted firefox then the pop up did not resurface. This leads me to suspect that Sessionsaver is the culprit and that the pop-up code is getting pushed onto the end of the Sessionsaver stack (or queue or however this is implemented); since Sessionsaver does not know about this new javascript code, it will overwrite it with the details of new tabs/windows when you open them. (This is just speculation)
I’ve blocked their domain at the firewall to save myself editing /etc/hosts on both desktop and laptop but if I ever get time I may unblock and have a play with reinfecting myself and looking at the Sessionsaver source to see if I can work out how it is doing this.
After years of pop-up/virus/malware free computing it’s a pain to deal with the kind of crap that bothers Windows users on a daily basis. My arrogant “I use linux and I’m immune” stance has been sorely dented by this!
Damn these people.
Dave says: Can we slam the winfixer site with massive hits…or send a million or 2 emails to jam them….just a thought
Diana says: Winfixer is nothing but a HUGE FRAUD!… My computer tech told me that they are known to ruin your system and do NOTHING of what they say it does! I called WinFix at 800-755-5909 and gave them a piece of my mind (even got a Complaint Number!) and told them that I have stopped payment, and that I will report them.
I flagged the payment and my bank is doing an investigation on them. I reported the charge as fraud and I tried file a complaint with the Better Business Bureau but since I dont have a city for them it won’t register. Everybody should call them and complain …we need to stand up to companies like that, who are ripping people off left and right!
Just posted this on wikipedia:
Winfixer is also known to exploit the SessionSaver extension for the Firefox browser. If you are experiencing popups on every startup asking you to downliad winfixer, you should open your prefs.js file and delete all lines containing the word ‘winfixer’ (just do a search for the word and delete the whole lines). The prefs.js file is located at:
Windows: C:Documents and Settings_username_Application DataMozillaFirefoxProfiles_profile_prefs.js
Linux: ~.FirefoxProfiles_profile_prefs.js
http://en.wikipedia.org/wiki/WinFixer#How_it_Infects_and_Survives
Winfixer is also known to exploit the SessionSaver extension for the Firefox browser. If you are experiencing popups on every startup asking you to downliad winfixer, you should open your prefs.js file and delete all lines containing the word ‘winfixer’ (just do a search for the word and delete the whole lines). The prefs.js file is located at:
Windows: C:Documents and Settings_username_Application DataMozillaFirefoxProfiles_profile_prefs.js
Linux: ~.FirefoxProfiles_profile_prefs.js
Matt says: If you do a whois search for the http://www.winfixer.com domain, you will find their address and contact details… they are located in Kiev!
if you dont know how to do it go to a domain availability checker.. there is one at http://www.titanhosts.net/ (a very good hosting company btw) and search for the domain.. when you get your result click the whois link..
:o)
I wish winfixer woul die!
Helmetedwarrior says: I also run Linux with Firefox. I turned off my session saver, cleared all private data, cookies, history, etc. Closed firefox and restarted it. I started my session saver again and no more winfix popup. Thanks for the tip and I hope this helps.
tanya says: winfixer is
Derf says: In Firefox Select Options from the Tools menu and then choose Privacy and Cookies. Add an exception to block winfixer.com.
Comments are closed.
I just had a run in with WinFixer.com too, using Firefox on Wintel. Interesting it managed to popup at all as I already have winfixer.com listed as 127.0.0.1 courtesy of Spybot S&D.
I am running Firefox while typing this, and since the last time I closed the Firefox session with Task Manager it has not re-appeared.
It continued to popup while visiting sites advertising torrents.
I think you might find (my experience) the popups are more likely related to the site/s you were visiting at the time of the popup. Just my .02c worth.