My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Application.Winfixer.J

LOW
VERY LOW
71168-82136 bytes
(WinFixer, ErrorSafe,WinAntiSpyware)

Symptoms

    A downloader screen when you run the application which informs you of the progress downloading the application installer
    Popup messenges when you start windows and from time to time after that that say you have serious threats that needs fixing and take you to the registration page if you want to fix them.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

George Nechifor, virus researcher

Technical Description:

    Application.Winfixer.J is a name given to a set of 3 similar applications: Winfixer,ErrorSafe and WinAntiSpyware that have aproximately the same strategy:
They get installed either by the user or by some other application like a downloader.
They start scanning the system as soon as you install them and then report to you a series of system critical errors that need fixing and tell you to buy the application if you want it to fix your errors. Even on a clean windows installation these programs report threats and errors. and WinAntiSpyware detects Winfixer as being a threat.
    Depending on the program installed these files and registry keys will appear in your computer:
For Winfixer:
Files and folders:
%DocumentsandSettings%\All Users\Desktop\Win Fixer 2006.lnk
%DocumentsandSettings%\All Users\Desktop\Install WinFixer 2006.lnk
%DocumentsandSettings%\All Users\Start Menu\Programs\WinFixerFree\
%ProgramFiles%\WinFixerFree\
Registry keys:
HKEY_CLASSES_ROOT\FFxr_21.FFixr21
HKEY_CLASSES_ROOT\FWrape_r.FFEnginWrape_r.1
HKEY_CLASSES_ROOT\FWrape_r.FFEnginWrape_r
HKEY_CLASSES_ROOT\FxCor_e.MMFixCor_e.1
HKEY_CLASSES_ROOT\FxCor_e.MMFixCor_e
HKEY_CLASSES_ROOT\MMFxCtr_l.CoFixEngin_e.1
HKEY_CLASSES_ROOT\MMFxCtr_l.CoFixEngin_e
HKEY_CLASSES_ROOT\UWFX6PCheck.UWFX6PCheck.2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Win_Fixer_Free
HKEY_CURRENT_USER\Software\WinFixer_Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NI.UWFX6_0001_N68M2301
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
HKEY_LOCAL_MACHINE\SOFTWARE\WinFixer_2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinFixer_Free
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}\Control\DeviceReference
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0

For ErrorSafe:
Files and folders:
%DocumentsandSettings%\Noob Saibot\Desktop\Error Safe.lnk
%DocumentsandSettings%\All Users\Start Menu\Programs\Error Safe Unregistered Version
%ProgramFiles%\Error Safe Free
Registry keys:
HKEY_CLASSES_ROOT\ESSPChck.ESSPChck.1
HKEY_CLASSES_ROOT\ESSPChck.ESSPChck
HKEY_CLASSES_ROOT\FlFxr15.FlFixer15
HKEY_CLASSES_ROOT\FWraper.FFEnginWraper.1
HKEY_CLASSES_ROOT\FWraper.FFEnginWraper
HKEY_CLASSES_ROOT\FxCore.MMFixCore.1
HKEY_CLASSES_ROOT\FxCore.MMFixCore
HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine.1
HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Error Safe with value ""%ProgramFiles%\Error Safe Free\ERS.exe" /scan"
HKEY_LOCAL_MACHINE\SOFTWARE\Error Safe Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Error Safe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Error Safe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\"%ProgramFiles%\Error Safe Free\ESSPChck.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1

For WinAntiSpyware:
Files and folders:
%DocumentsandSettings%\All Users\Desktop\WinAntiSpyware 2006 Scanner.lnk
%DocumentsandSettings%\All Users\Local Settings\Temp\WinAntiSpyware2006Setup.exe
%DocumentsandSettings%\All Users\Start Menu\Programs\WinAntiSpyware 2006 Scanner\
%ProgramFiles%\WinAntiSpyware 2006 Scanner\
%System%\drivers\uwasfsd.sys
Registry keys:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ExplorerUWAS
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
HKEY_CLASSES_ROOT\UWAS6.UWAS6
HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier.1
HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier
HKEY_CLASSES_ROOT\uwashellext.ShellHook.1
HKEY_CLASSES_ROOT\uwashellext.ShellHook
HKEY_CLASSES_ROOT\uwashellext.WASContextMenu.1
HKEY_CLASSES_ROOT\uwashellext.WASContextMenu
HKEY_CURRENT_USER\Software\WinAntiSpyware 2006 Scanner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\%programfiles%\WinAntiSpyware 2006 Scanner\uwasffNT.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\%system%\drivers\uwasfsd.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiSpyware 2006 Scanner with value "C:\Program Files\WinAntiSpyware 2006 Scanner\was6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1230649B-B980-44A5-B259-9B09EBEA6331}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"WinAntiSpyware 2006 Scanner"
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 Scanner
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd
 where:
%DocumentsandSettings% is the current Documents and Settings folder
%ProgramFiles% is the current Program Files folder
%System% is the current System folder