WinFixer Strikes Again
Posted by Aaron Weber on April 27, 2007 01:43 PM
For the past couple of weeks, we've been seeing an increase in spam advertising a fake application called WinFixer.
This particular wave of spam claims to come from a man named Pierre Boutin and is aimed at Francophones. We've also seen versions in English but the product is the same - a rogue program which gives you false warnings about viruses, then encourages you to buy the fake anti-spyware software -- which may even make things worse, according to research from Sunbelt Software.
The application has been around for awhile in a variety of forms. For example, you may have seen popups that look like Windows warning dialogs and say "If your computer has been running slower than normal, it may be infected with Viruses, Adware, or Spyware."
A misleading popup designed to look like a Windows dialog.That's the same application. It also goes by the names ErrorSafe, DriveCleaner, WinAntiSpyware, ECsecured and WinAntiVirus. Sunbelt has also found Winfixer promoted on a series of fake security sites.
Another variant of the same application goes under the name of PrivacyProtector. The PrivacyProtector website is currently rated green by SiteAdvisor, because it hasn't had any downloads for us to test. However, we'll be overriding that to red shortly, based on its association with WinFixer.
There's already a class-action lawsuit against the makers and distributors of the program. The lawyer who leads the action (quoted in this Silicon Valley television news investigation) claims that WinFixer generates as much as $34 million per year in ill-gotten revenue:
The plaintiffs are having trouble locating the actual scammers, though: according to Wikipedia, the application and its associated domains have an ownership trail that runs through the UK, the Ukraine, and Belize.
At any rate, if you find an offer to install WinFixer or any of its relatives, don't. And if it installs itself, don't pay for it-- look for a way to get rid of it, instead. You can protect yourself by using SiteAdvisor, and also by using the Firefox web browser, which may be somewhat more resistant to automatic installation attacks.
Comments
How do I get rid of Spyware?
Posted by: Ron Childs | May 2, 2007 09:32 PM
I had spylocker installed.I want it uninstalled,but there was no uninstaller available.I went through and deleated everything that ws labled spy-anything,but it is still there,on the bottom right corner.I try to remove it from my start menue,but it comes back.How di I KILL IT?
Posted by: ron adams | May 11, 2007 02:00 PM
I have been getting more of these lately too. they are annying but I just click cancel the first time then cancel again
Posted by: James Townsend | May 12, 2007 09:42 AM
I've seen winfixer and other programs pop up on my browsers but I luckly know these are programs to avoid. It angers me that in a modern world people aren't protected from such scams more. People like yourselfs, McAfee, and other legitimate PC protecting software companies should do less charging and more service to the consumer. I personally hate the way I have to pay $40 or more/less for the same software but with new protection elements otherwise my PC is at threat of attack. Its legal bribery!
Posted by: Oliver | May 14, 2007 09:47 AM
Aaron, it’s great to get noticed by you and McAfee! Unfortunately it’s a bummer to read that “[t]he plaintiffs are having trouble locating the actual scammers…[in] the UK, the Ukraine, and Belize.” It’s just not true, and citing Wikipedia . . . well, what more do I need to say? In truth the scammers are right here in the good ‘ol U.S. of A. See for example my latest blog entry, with James Reno’s sworn testimony that his company in Ohio was answering the phones for WinAntivirus (another WinFixer cousin). I couldn’t find your email, but you’re always welcome to write me any time if you have questions about our case. Best wishes and thanks again for taking note of our efforts.
Posted by: Joseph | May 19, 2007 01:15 AM
I keep getting hit by this bloody thing as most are.
What I need to know is the address of the sod who keeps it going.
Why ,you may ask ?
Simple . here in the UK we can take the buggers to court for each and every bit of spam they send . Get`s to be very costly for them,but it also means if they don`t pay ,travel is very restricive as a warrant is put out for their arrest throughout the entire EEC:>
Posted by: jazzmann | June 9, 2007 07:35 AM
The latest vector for Winfixer
infiltration appears to be
flash ads served by zedo.com.
I personally have encountered
redirects to errorsafe and
pcturbopro from two sites,
wfaa.com and intellicast.com
There is a discussion on
Broadband Reports about this
I started at: http://www.dslreports.com/forum/r18551684-Another-WinFixer-infiltrationthis-time-on-wwwwfaacom
Posted by: Jeffrey Morse | June 25, 2007 11:08 AM
we have spylock on our computer how can we get rid of it and its virasis
Posted by: joseph | June 28, 2007 07:03 PM
How do you get rid of Java without having someone access the computer or unknown website to help you?Because we all know most of these people don't want to help you they only want to hurt you.
Posted by: avalon | July 23, 2007 03:06 PM
If anybody needs to get rid of spyware, get ad-aware, spy doctor, other authentic anti-spyware softwre or webroot spysweeper. Best of all, switch to Linux. I use Ubuntu. I rarely use windows. Windows is recommended for gaming, and not browsing the web :)
I'm also a computer trouble shooter. Hit me up on AOL, MSN & Yahoo! for help.
Rootbrian (AOL)
rootbrian(at)hotmail.com (MSN)
rootbrian2000 (Yahoo!)
Posted by: Rootbrian | August 7, 2007 01:09 AM
Make a mention with things like this the best is to click the small x up top, as some messages such as these will have the button switched(cancel being yes, etc).
Posted by: Red_Lizard2 | August 12, 2007 05:30 AM
How do I get rid or the Security Alert:Spyware found pop-up that keeps showing up in my task bar? It tells me to remove PSW.xVir spyware click this baloon, then wants me to buy their product.
Posted by: Kerri Carpenter | October 23, 2007 11:43 AM