PC World - Leaked artwork of the supposedly upcoming Microsoft Zune portable media player has found its way onto the Internet. The artwork labels the new device as the Zune HD, and shows it to feature a large widescreen display housed in what looks like a bushed aluminum enclosure and glass.

Initial message prior to infection - Disconnect from the internet before closing this!

There are several ways in which WinFixer can infect a computer. Users using Internet Explorer are most susceptible, although users of other browsers, such as Firefox and Opera can also be infected, but are more resistant to the program.

Typical Infection

The infection usually occurs during a visit to a distributing web site (not necessarily winfixer.com) using Internet Explorer. A message appears in a Dialog Box, asking the user if they want to install WinFixer.

However, when the user chooses any of the options or tries to close this dialog (by clicking ‘Ok’ or ‘Cancel’ or by clicking the corner ‘X’), it will trigger a pop-up window and WinFixer will download and install itself, despite the user’s wishes. Because this is a dialog box related to the Internet Explorer application, it does not appear in the Windows Task Manager list (Ctrl+Alt+Del).

Trial offer of WinFixer

A free, trial offer of this program is sometimes found in pop-ups. If the trial version is downloaded and installed, it “locates” a couple of alleged trojans and viruses, but does nothing else. To obtain a quarantine or removal, WinFixer requires the purchase of the program. Some reviewers believe the alleged unwanted bugs to be bogus, only serving to induce the owner to buy the program.

WinFixer Application

Once installed, WinFixer frequently launches pop-ups and prompts the user to follow its directions. Because of the intricate way in which the program installs itself into the host computer (including making dozens of registry edits), successful removal is a tedious, manual process. When running, it can be found in the Task manager and stopped, but before long it will re-install and start up again.

Firefox Popup

The Mozilla Firefox browser is less vulnerable than Internet Explorer to initial infection by WinFixer. However, once installed, WinFixer is known to exploit the SessionSaver extension for the Firefox browser. The program causes popups on every startup asking the user to download WinFixer, by adding lines containing the word ‘WinFixer’ to the prefs.js file. The prefs.js file is located at:

Windows: C:\Documents and Settings\_username_\Application Data\Mozilla\Firefox\Profiles\_profile_\prefs.js

Linux: ~\.Firefox\Profiles\_profile_\prefs.js

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE