Downloaded Winifighter - Can't Get it Out

Hewlett-packard Compaq presario s3200nx...
July 6, 2009 at 09:17:39
Specs: Windows XP SP2, AMD athlon(tm) XP 1800 + 1.5 Ghz, 736 MB of RAM
I downloaded the Winifighter program thinking it would help my computer, but now I can't seem to get it out. I know it's malicious software and I'm wondering if anyone knows what programs I can get or what I can do to help fix my computer.

See More: Downloaded Winifighter - Cant Get it Out

Report •


#1
July 6, 2009 at 09:32:38
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\RECYCLER\S-1-5-21-3595739802-5392873326-703096348-8528\rundll32.exe','');
 QuarantineFile('C:\Program Files\WiniFighter Software\WiniFighter\WiniFighter.exe','');
 QuarantineFile('C:\WINDOWS\system32\setup2.exe','');
 QuarantineFile('C:\WINDOWS\TEMP\tempo-798234.tmp','');
 QuarantineFile('C:\WINDOWS\system32\drivers\viaudios.sys','');
 QuarantineFile('c:\docume~1\d\locals~1\temp\setup2.exe','');
 QuarantineFile('c:\docume~1\d\locals~1\temp\387.exe','');
 DeleteFile('c:\docume~1\d\locals~1\temp\387.exe');
 DeleteFile('c:\docume~1\d\locals~1\temp\setup2.exe');
 DeleteFile('C:\WINDOWS\TEMP\tempo-798234.tmp');
 DeleteFile('C:\WINDOWS\system32\setup2.exe');
 DeleteFile('C:\Program Files\WiniFighter Software\WiniFighter\WiniFighter.exe');
 DeleteFile('C:\RECYCLER\S-1-5-21-3595739802-5392873326-703096348-8528\rundll32.exe');
 DeleteFile('c:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.


A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
July 6, 2009 at 17:39:34
Whenever I try to use combofix, it tells me i dont have permission a few times, then gives me an error that says the contents of the file have been compromised and i should download a fresh copy. ive done this several times now and it still does the same thing. any tips? before i redid the steps, i made a file that went through successfully. I could send you that, but im not completely sure itd be all of what you want.

Report •

#3
July 6, 2009 at 17:54:37
Ok follow:

Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:

# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
July 6, 2009 at 18:12:50
The download page doesnt open for me, is it the anti-virus 2009?

Report •

#5
July 6, 2009 at 18:31:31
Try: ftp://212.47.219.89/devbuilds/AVPTool/index.html if you can't run it in normal mode try it in safe mode.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
July 7, 2009 at 10:12:41
My computer freezes after awhile and its been freezing while I've been scanning. Should I try this in safe mode?

Report •

#7
July 7, 2009 at 10:15:52
Run it in safe mode.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#8
July 8, 2009 at 02:55:57
Hi,

yes, you should run your computer is safe mode and scan it with a reliable anti-spyware software. Alternatively, you may use this manual removal guide: http://www.2-viruses.com/remove-win...


Report •

#9
July 9, 2009 at 00:27:26
To neoark:
I ran it in safe mode and it came up with one result, which was deleted. I tried to re-download combofix and it gave me the same error though. I think it may not be detecting it because the version(the program kept telling me to update it). I'm not quite sure what to do right now, but I have a combofix file from before, when i tried to follow your instructions to someone else, before I made this.

To ignys:
Thanks, I'll resort to that if I get get help from neoark any longer, I'm very daft when it comes to System32, however, and im not sure I should be going around deleting what I think may be wrong. I have no idea what the difference is. Some file names in my System32 are very suspicious, however. One practically spells out "not a virus" but with some letters incorrect and numbers in between. There are several.


Report •

#10
July 9, 2009 at 06:31:37
Run these two:

1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question