ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How To Remove WinFixer

Updated on September 18, 2011

What is WinFixer

Winfixer is a type of rogue security program that is mostly being spread by trojans. While certain security assessment labs consider WinFixer to be merely a potentially unwanted program, it acts in a very annoying way by displaying misleading pop-ups, ads, and urging PC users to pay for the license key.

Winfixer is distributed as a "free version" with scan-only function. That is, it displays a number of severe risks in a particular system, and alarms the user into paying for a "full version" to stop reminders.

The detected system problems are of questionnable nature. Mostly suspicious or infected items are completely safe Microsoft Windows system files. WinFixer put fake descriptions to those files, trying to scare the user into purchasing a full-featured version of the software to allow the removal of those false and erroneous detections.

Winfixer features same interface as a number of other rogue security programs which clearly indicates it is a fake product made by same team of web scammers.

NOTE: Although the images presented below show WinFixer 2005, there exist versions of 2006 and probably other years. Please don't be confused with "outdated" releases since this malware is still present on the Web, and surfers fall victims to WinFixer, paying for fake software with no chance to get refunds.

WinFixer Advertisement

WinFixer Internet Explorer Scam
WinFixer Internet Explorer Scam

How To Get Infected with WinFixer

Unlike the relatively harmless nature of WinFixer, its distribution is carrued through nastiest breeches ever used by web criminals.

Thus, WinFixer is known to get installed without user consent. No banner clicks are needed because this malware exploits Internet Explorer vulnerabilties.

But this is not the only way it gets spread via Internet-connected PC's. In addition to brutal attacks through IE, WinFixer is promoted via social networks and bookmarking sites. It seems that a team of aggressive posters, equipped with bot programs and spam tools, are engaged into pushing WinFixer to unsuspicious surfers.

WinFixer is not tight down to any particular Second Level Domain Name (mainly in .com zone) and its web presence is established through a chain of related websites. Besides, it is spread by popular software download resources (softlow, fbmsoftware, etc being examples of such).

The executable installation file of WinFixer may be of less than 100 KB in size, which should make any more or less savvy PC user suspicious enough not to double click on it. Every legitimate program meant to perform some system maintenance tasks is at least several Megabytes in size (this is due to antivirus or antispyware signature databases, patterns of registry scanning, graphics, animation parts, etc.)

WinFixer Ad
WinFixer Ad

How to Remove Winfixer and its Traces Manually

It is possible to remove WinFixer manually. Upon successful installation, this fake program puts its files into the following directories:

  • Windows (or WINNT if you're using Windows NT/2000)
  • Windows/System32 or WINNT/System32
  • Program Files (where it creates a subfolder Winfixer 2005)
  • System32/Drivers
  • Documents and Settings\All Users\Start menu\Programs\Winfixer 2005
  • Documents and Settings\(username)\Local Settings\Temp

Search your hard drive for the following files and remove them using SHIFT+DEL key combination (this bypasses the Recycle Bin).

  1. WinFixerScannerInstall.exe

  2. WinFixer2005ScannerSetup.exe
  3. mfc71.dll
  4. dfe1.exe
  5. atl71.dll
  6. df_u42.sys

WinFixer Report

WinFixer Fake Scan Results
WinFixer Fake Scan Results

Tools and Software to Remove WinFixer

However, manual removal of WinFixer may turn to be quite a complicated task. This malware installs and creates well over a hundred of files and registry entries. Not every computer-savvy user can afford to spend that much time finding the remnants of WinFixer and its associated entries.

Furthermore, files are of different levels of danger to Windows system, some of them may require rather sophisticated approach to remove from the hard drive.

That is why it is recommended not to reinvent the wheel and go the easier route which promises a 100% positive result.

If you're comfortable with command-line scanners (like TrendMicro Sysclean or a-squared scanner), you may use this malware removal guide.

If you're afraid of black windows and the need to type in special commands, or simply prefer something with graphics and mouse support, then you may use HiJackThis (again, created by TrendMicro team and distributed at no cost). This non-installable program allows to run a system scan and identify the files and registry entries WinFixer consists of. However, you definitely need a solid level of competence to interpret the scan results properly. HiJackThis is very popular because of its detection power and removal capabilities, but unless you really know what you're doing, I advise that you consult someone savvy. I've seen quite a lot miserable PC users who used this powerful utility without proper guidance and preparation which ended in non-bootable Windows.

You can download HiJackThis here, but make sure you know what to do with it. I personally like this program a lot.

Another tiny tool to remove WinFixer is called Avenger. It works on Windows kernel level and requires pre-made script to execute. This script can be done manually, using the information provided by some scanning program (say, HiJackThis, which was mentioned earlier in this guide).

WARNING 1: Avenger operates on system kernel level (the lowest possible in Windows, and most critical part of the system), so wrong instructions may end in complete system failure. You've been warned, so use it at your own risk. No guarantees are provided whatsoever, and in case of removing anything else instead of WinFixer infection, there's no-one to blame for the unexpected ending.

WARNING 2: WinFixer is capable of creating random filenames, and total number of registry entries / installed files may be different depending on infection case, Windows version, etc. Therefore there's no a "universal" script to use with Avenger to remove winfixer infection. Most likely your particular case needs a specific set of commands to process.

Avenger Warning: experienced PC users only, please!
Avenger Warning: experienced PC users only, please!
Avenger Default Window
Avenger Default Window

Remove WinFixer Automatically

I'm a big fan of free tools, some of which are listed above. There is, however, a certain risk involved in using software specifically developed to target a particular range of threats. Programmers certainly know what they create and how to use it for best results, but many PC users may find it time-consuming to learn how to operate these tools properly. In some cases, when critical computers are infected and it is not possible to backup important data, software from 3d party manufacturers may suit your needs better. Some of them provide fully functional trials, or versions with scan/removal options, but with advanced features inactive.

NOTE: Every program listed below is safe to use, contains no adware/spyware or malicious code embedded, and has been awarded with top Web magazines. Download options are provided directly from software manufacturers, with full support and warranties pertained to each program.

Spyware Detector Awards & Microsoft Windows Compatibility
Spyware Detector Awards & Microsoft Windows Compatibility
Some types of malware a-squared is capable of detecting and erasing
Some types of malware a-squared is capable of detecting and erasing

a-squared anti-malware screenshot

a-squared anti-malware security status window (control center)
a-squared anti-malware security status window (control center)

After Removing WinFixer

I hope you have successfully removed the Winfixer and its variants. Hopefully you have installed an antispyware protection as well to eliminante the infection options in the future.

Still, please follow these simple steps to help your antispyware software protect you at best rate possible.

  1. Consider switching from Internet Explorer to some other browser (e.g. Mozilla FireFox or Opera). Because of IE popularity and native integration in Windows, this browser is the first to be attacked by all types of malware. Avoid the unnecessary troubles.
  2. Create a new habit: do antispyware and antivirus scans on a regular basis (e.g. once in a week). Instruct your security software to run scheduled scans (just about every decent program has this feature active by default, though free software may miss sheduling). Alternatively, you can create a Windows scheduled task to launch appropriate software at specified time/date.
  3. Stick to safe browsing. Avoid visiting websites which are potentially harmful to your computer. When in doubt, check Google or other search engine for reviews or lists of dangerous websites.
  4. Finally, make sure your PC security program is kept updated to latest definitions. Most antispyware and antivirus programs do it automatically. Some of them (very rare to come across these days, though) go still further and allow manual updates for offline computers. MAX Secure Spyware Detector is an example of such software.

Finally, if you found this guide helpful, please spread the word. You may bookmark it by using Share It button below, or your browser toolbar. Take part in fighting WinFixer!


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)