Windows Legacy OS forum

General discussion

worried

by kewlchick02 / March 3, 2006 6:01 AM PST

I have a windows XP and it has Norton Anitvirus 2005. Just recently when I'm surfing the web, i receive a popup telling me that there has been a security brief of the blackworm virus and it tells me to download this WinAntivirus Pro 2006. When I just exit out of the pop up, it freezes my computer. I already did a full scan on my computer and removed the spyware that i detected, but i'm still getting that pop up once in a while and im not sure what to do anymore. I also did a live update and then scanned the computer but nothing is showing up.

Discussion is locked
You are posting a reply to: worried
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: worried
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Usual
by joesmithers06 / March 3, 2006 10:06 AM PST
In reply to: worried

Step 1: Turn off system restore
Step 2: Reboot into safe mode
Step 3: Run spyware removal programs, delete any bits found
Step 3a: Norton's spyware scan isn't enough. Download copies of AdAware, Spybot S&D as well as Microsoft's Anti-Spyware program
Step 4: Reboot
Step 5: Stop using Internet Explorer or Internet Explorer based browsers
Step 5a: Be sure to hit the Windows Update site to download any high priority updates you might be lacking
Step 5b: Make sure automatic updates is turned on
Step 5c: Download a copy of Mozilla Firefox, Opera or Seamonkey and forget that Internet Explorer even exists

Collapse -
Thanks
by kewlchick02 / March 3, 2006 10:46 AM PST
In reply to: Usual

I downloaded Mozilla, but i think i might know how to turn off system restore and i certainly dont know how to Reboot in safe mode. Should i have done that first before downloading Mozilla?

Collapse -
System Restore
by MarkFlax Forum moderator / March 3, 2006 7:32 PM PST
In reply to: Thanks

To turn off System Restore, right click your "My Computer" icon, and select the System Restore tab. Tick the option to turn System Restore off, then click Apply then OK.

This deletes all restore points you or windows has created, and it means that you will have no backups to restore back to if you have problems with Windows. But it is necessary at this stage because viruses, spyware and adware can reside in these backup files, and they are protected from scans by anti-virus and anti-spyware utilities.

Once you have scanned in Safe Mode, reboot back into normal mode and reverse the process above to turn System Restore back on, then immediately create your own restore point, (Start > All programs > Accessories > System Tools > System Restore).

To boot into Safe Mode, restart your computer, and immediately start tapping, (once a second), the F8 key. On some computers it is the F5 key, and so only experimentation will tell.

Safe Mode is a black screen with options. Use the arrow keys to select Safe Mode, (not Safe Mode with network support), and press the Enter key. On the next screen select your Operating System, normally it is already selected if you just have one, and press Enter.

Safe Mode displays a black desktop and the icons are larger, but your normal desktop will re-appear when you reboot normally.

Make sure your anti-virus and anti-spyware definitions are up to date before booting into safe mode.

Good luck.

Mark

Collapse -
Safe mode
by kewlchick02 / March 5, 2006 11:35 AM PST
In reply to: System Restore

I ran Ad-Aware SE Personal, Spy-Bot Search and Destroy, Norton Antivirus, and stng260 in Safe Mode. Neither of them detected anything in the computer. I also turned on the systerm restore. Should I leave it alone now and think that nothing is wrong with the computer?

Collapse -
Yes, for now.
by MarkFlax Forum moderator / March 5, 2006 6:00 PM PST
In reply to: Safe mode

Hi Kewlchick.

I would turn System Restore back on for now, and see how things go.

If you get the pop up again, let us know and tell us when and how it appeared.

Mark

Collapse -
Winfixer
by kewlchick02 / March 9, 2006 10:48 AM PST
In reply to: Yes, for now.

today when i opened mozilla firefox, a pop up appeared. It was a winfixer. When it appears it has a title of Add/Remove Programs but the window is blank. i can't exit it out it just dissapears by itself. I don't know what to do.

Collapse -
Winfixer is spyware
by Stan Chambers / March 9, 2006 3:14 PM PST
In reply to: Winfixer
Collapse -
Easy to Fix. Do this.
by novelidea / March 9, 2006 7:53 PM PST
In reply to: worried

Like the previous post said, WinFixer 2006 is Spyware.
This program gives you Popups, which are served via the VUNDO Trojan group.

Winfixer is a sneaky registry cleaner which when it isn't installed, continually asks the user to download their software on every reboot even if the user says no, and also at various times when using the internet. It is also installed along with various malware without the users permission.

It scares people into buying their software by insisting that they have a security breach and the blackworm virus. Then it tells you to download, and pay for, a program called WinAntiVirus Pro 2006. (or something like it)
Well, let me assure you, you do not have anything as bad as this. You just have an annoying program called Winfixer.

This is very easy to get rid of in my experience.
You do not have to buy any expensive programs either, like the previous posts link.
The program XOFTSPY SE will Not remove it. Some people have tried and failed.
Also, Norton nor Mcafee will do the trick, neither will Ad-Aware or ewido.

What you need is the Free program called VundoFix.exe which you can get from this link below. Follow the instructions.

http://www.softpedia.com/get/Antivirus/VundoFix.shtml

This program has worked every time for me when fixing PC?s with this problem.

Let me know what happens and good luck.

Collapse -
Vundo.fix
by kewlchick02 / March 11, 2006 5:28 AM PST
In reply to: Easy to Fix. Do this.

Ok I downloaded the program and ran it on my computer. It removed some things I'm not really sure what they were, but how do I know now that Winfixer was removed?

Collapse -
Vundo - Winfixer
by novelidea / March 12, 2006 11:46 PM PST
In reply to: Vundo.fix

If you have no more popups, then you are good and can be pretty sure that Winfixer is gone.
If you still had Winfixer, it would take only a few minutes of internet activity for you to get a popup.

If you are getting nothing, then you should be fine.

Collapse -
Vundo fixed more than Winfixer
by keithpl / March 17, 2006 7:08 AM PST
In reply to: Vundo - Winfixer

I am running XP SP2. Vundo runs so quickly and gives so little information that you wonder if it fixed anything. After months of trying to get rid of Winfixer, I downloaded and ran Vundo. Winfixer disappeared, EXPLORER.EXC went from using 50% of a pentium 4 processor to using a single digit percentage as you would expect, and the ADWARE software now runs to completion without crashing with the dreaded black screen. Desperation caused me to trust Vundo. I'm glad I did.

Collapse -
Worried
by hpjohn11 / March 17, 2006 12:01 PM PST
In reply to: worried

First of all go back to Windows Explorer. Then go to Ewido.com/en/. Download Ewido free for 21 days. Update definitions if necessary. Run program and it will clean out anything left on your computer including the Registry (only the bad part left by your spyware). I bought it and now have upgraded it to lifetime definition and program downloads. It is the best program I have found for this purpose. It cleans out stuff that gets past your other programs.

Collapse -
Ewido
by kewlchick02 / March 19, 2006 6:26 AM PST
In reply to: Worried

I downloaded Ewido and ran it on my computer, but it didn't detect anything. I hope that everything is fine now, but i still have one last question. Sometimes, it seems like a pop up or a window wants to open up becuase it shows on the task bar, but nothing opens up. they will just show up randomly. It doesn't matter if I'm on the internet or not. I'm not really sure what it is.

Collapse -
Pop up windows
by MarkFlax Forum moderator / March 19, 2006 8:09 PM PST
In reply to: Ewido

It's difficult to help on this. Does the Task Bar icon show any title, or anything?

Does it close by itself or do you have to close it? If you do, how do you do it?

You "may" see this when some applications open then minimise to the System Tray, (the area near the clock); eg on my older and slower HP machine running Windows ME, when I start the computer up and it eventually gets to the Windows screen, I will see a flash of a window outline, and a Taskbar icon, then my AVG anti-virus appears in the System Tray.

If you can't identify it, you may need to try and eliminate any possibilities by inspecting your MSCONFIG utility and your Task Manager Processes.

MSCONFIG, goto Start > Run, type in "msconfig" without the quotes, and click OK. In the window that displays, click the Startup tab and look for anything suspicious there. You can Google anything you are not sure of. Also, click the Services tab, and tick the option to "Hide all Microsoft Services". Again, investigate anything that looks suspicious.

To open Task Manager, right click your Taskbar, and select Task Manager. Click the "Processes" tab. The site below will give you information on each process;
http://answersthatwork.com/Tasklist_pages/tasklist.htm

Good luck. Come back with any problems/more information.

Mark

Collapse -
pop up
by kewlchick02 / March 22, 2006 10:21 AM PST
In reply to: Pop up windows

The task bar icon does not show any title it will just pop up for about two seconds and disappear by itself. I've tried to click on it when it pops up, but it's too fast and I dont think it's a good idea considering i dont know what it is. Thank you for your help I'll try to do what you said and look for suspicious things, but to be honest everything looks suspicious or strange to me. Happy

Collapse -
msconfig
by kewlchick02 / March 22, 2006 10:55 AM PST
In reply to: Pop up windows

I ran the msconfig and am looking up almost everything. I came across ''realsched'' and when i looked it up, web sites tell me that it is a worm yet others tell me that it's part of real player how do I know which one it is?

Collapse -
realsched
by warnerda / March 22, 2006 11:26 AM PST
In reply to: msconfig

I have the same problem. After doing some research, it sounds like un-checking "realsched" should do the trick. Also, you can open up your RealPlayer, and go to preferences, then auto update, and turn auto updates off.

Can't say yet whether it works, but I haven't had the pop-up yet.

Collapse -
NO
by warnerda / March 22, 2006 12:10 PM PST
In reply to: realsched

I don't think it worked. I think I just saw a popup. Back to square one I guess.

Collapse -
nothing here either
by kewlchick02 / March 25, 2006 9:18 AM PST
In reply to: NO

Thanks for the help I will keep trying to figure it out and tell you if anything works!

Collapse -
Mark's love hate relationship!
by tallin / June 14, 2006 9:44 AM PDT
In reply to: realsched

Hi,

I have read these threads with much interest as I have been helped so much by Mark Flax that my computer now runs like a Lear Jet. Everything Mark advised helped me. If you want to get rid of <realsched> once and for all, go to this site.

http://www.help2go.com/Tutorials/MP3

Collapse -
msconfig startup
by kewlchick02 / March 29, 2006 3:38 AM PST
In reply to: Pop up windows

I looked up most of the items on start up becuase I did not really know what they were for and i there are four that I'm a bit concerned about:

dumprep 0 -u : %Systemroot%\system32\dumprep 0 -u

GStartup :
C:\ProgramFiles\CommonFiles\GMT\GMT.exe\startup

realsched:
''C:\Program\CommonFiles\Real\Update_OB\realsched.exe.-osboot

cdaEngine0500 :
''C\Program Files\WildTangent\Apps\CDA\GameDrvr.exe''/startup ''C:/ProgramFiles\WildTangent\Apps\CDA\cdaEngine0500.dll''

I wasn't really sure what else to put about these so I gave the Command. I'm not sure if they are helpful or not. Is there A way that I can get rid of these If they are harming my computer? I already unchecked them on the startup list.

Collapse -
Sorry for the delay
by MarkFlax Forum moderator / March 29, 2006 6:52 PM PST
In reply to: msconfig startup

Hi Kewlchick, sorry for the delay getting back to you.

From the list you gave, here is what I know.

dumprep 0 -u : %Systemroot%\system32\dumprep 0 -u

This is a Windows reporting tool for reporting errors. It seems that sometimes once this has been started, (perhaps by a system error somewhere), it sets itself to run at startup. If you are now no longer having problems you can disable this by right clicking the My Computer icon and select Properties. Then goto the Advanced tab and under "Startup and Recovery", click the Settings button.

In th next window, if there is a tick in "Automatically restart" under System failure, take the tick out. (Otherwise every time the system encounters a problem it will restart, and you will find it difficult to see what went wrong and where).

Then, under "Write debugging information", select "None" from the pull down list. This should stop the debugger from starting at startup.

If the entry remains in your MSCONFIG Startup list, don't worry, just make sure there is no tick against it.

GStartup : C:\ProgramFiles\CommonFiles\GMT\GMT.exe\startup

Hmmm, looks like you still have some remnants of adware in your system here. This looks like GAIN/Gator adware. Both "GStartup" and "GMT.Exe" point to GAIN/Gator adware. I am surprised that Ewido did not find it, but you did right to disable it in MSCONFIG/Startup tab.

if I were you I would download, install, and update, (definitions), for either "Lavasoft's Adaware SE Personal", or "Spybot Search & Destroy". They should both be able to remove this. They are both free, and although I have both, I no longer use Lavasoft's utility.

realsched: ''C:\Program\CommonFiles\Real\Update_OB\realsched.exe.-osboot

This is my favorite item to hate. It is Real Player, and I dislike it intensely. Not only does it try to take over all of your music and video file associations, so that whenever you play a track or a CD or a video it only plays in Real Player, but it also sets so many checks and updates and other things to run at startup or other times that it is continuously, (it seems to me), doing something or other.

The trouble is, some web sites need it, (eg I watch the BBC news on Real Player), so it is sometimes difficult to get along without it.

You're right to disable it from startup, (in my view). If you need it, then WIndows will call it up. If you really don't want it, then goto Control Panel > Add/Remove programs, and remove anything for Real Player.

cdaEngine0500 :
''C\Program Files\WildTangent\Apps\CDA\GameDrvr.exe''/startup
''C:/ProgramFiles\WildTangent\Apps\CDA\cdaEngine0500.dll''

Difficult one this. It is most definitely adware/spyware, in my view. But it is quite benign. It is Wild Tangent software and is needed by some software to run games. For example if you visited Shockwave.com to try and play their shockwave/flash games, they would try and install Wild Tangent software, and the game needs it to play.

I don't like this at all. I don't like the fact that I have to download and install someone elses software to play some Flash games. However, other people have done so and don't mind, and they say that it causes them no problems.

In my view it is good that you have disabled both of these at Startup. Wild Tangent may have an entry in the Add/.Remove Programs, (in your Control Panel). If not, Spybot may remove it. This means you may lose the ability to play some online games.

I hope this helps.

Mark

Collapse -
Thank you
by kewlchick02 / March 30, 2006 9:38 AM PST
In reply to: Sorry for the delay

HI Mark,
Thankyou for your help, I scanned my computer again with lavasoft and Ewido but I they didn't find anything that had to do with Gain/Gator adware. I did have Spybot Search & Destroy, but when I recently installed Norton Internet Security, the program told me that Spybot wasn't compatible with it and I had to uninstall it. I'm not sure if I should download it again or not.
I do have another question, do any of the the programs that I listed have anything to do with the pop ups that I keep getting? They show up randomly on the taskbar and they don't have a title or anything to identify them with. Just as they show up, they dissapear. I don't have any other information to give you on them. Other than they show up whether I'm on the internet or not.

Collapse -
It's difficult to say without knowing what they are.
by MarkFlax Forum moderator / March 30, 2006 6:44 PM PST
In reply to: Thank you

I would say "yes" they do have something to do with the popups, but if you have disabled those from the Startup tab of msconfig they should not still be appearing.

Unless you can catch them when they appear in the Task Manager, (right click the Task Bar and select Task Manager), to see what appears or disappears, I am not sure how we can identify them.

I think it may be time for some heavy analysis. A HJT log.

Unfortunately this forums cannot analyse HJT logs and you need to go to a specialised forum, post your HJT log and ask them to do so.

There is more information on HJT logs in my post here;
http://reviews.cnet.com/5208-6142-0.html?forumID=5&threadID=122674&messageID=1390908

It's not as bad as it sounds, Happy

Good luck if you decide to do this, and let us know how you get on.

Mark

Collapse -
it took a while...
by kewlchick02 / June 14, 2006 4:48 AM PDT

Hello, the problem with the pop-ups is fixed, finally! A program in the star up menu was giving me the problem. Thank you for your advice! everytime I have a problem with my computer I can come here and fixe it!

Collapse -
worried NORTON 2005
by jw1ls5n0129 / March 30, 2006 6:59 PM PST
In reply to: worried

this is easy ,just remove norton fron your computer
(ALL OF NORTON )do not leave any ,live update etc.
and use the Free AVG this will put an end to your trouble and while we are doing this why not put REGISTRY MECHANIC 5 ( also free ).give them a try and you will end your troubles.Regards max1290.

Collapse -
a suggestion
by beckyblind / August 4, 2009 10:49 PM PDT
In reply to: worried

Certainly you're having some problems with your ati-virus program, why don't you try another one?maybe this one doesn't make a great job.Why don't you try Bitdefender?I'm using Total Security 2009 version and i realized it's the most complex anti-virus security solution.You can perform an online scan directly from their site http://quickscan.bitdefender.com/ .Good luck!

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.