A certain Spyware I can't get rid of, at least not at the moment.

Every once and a while I get a pop up saying something about I need erors, then it pops up an internet explorer page that tries to look like a "Add or Remove Programs" window, but it's obviously in internet explorer, and says

"Warning: Your computer may have critical errors in registry and file system!
These errors can lead to computer crashes, instability, slowness, and full system failure.

Immediate repair may be required.

To scan your computer for errors click the "Next" button below.
"

The URL on that is http://www.winfixer.com/download/2006/?p=2...x6kw5_1&lid=win

And it's obviously bull**** spyware.

After you hit X on that window, it says

"NOTICE: You have not completed the errors scan. If your computer has errors in the file system or Windows registry, it could cause unpredictable or erradic PC behaivor, freezes, crashes, and loss of data.

You need to install WinFixer 2006 to scan for and, if found, fix system errors now (Recommended)?"

with OK and Cancel, and i just hit cancel.



I want to get rid of this. It keeps popping up every 20 minutes or so. I won't fall for it but I don't want my stupid sister or my mom to fall for it. I did a couple spybot and adaware checks, I'm doing Norton Antivirus right now and I'm currently searching for the file itself that's causing this to destroy it manually.

Any help is appreciated.

Open the Task Manager and monitor the system processes. When the message box appears, leave it alone (don't click OK or Cancel) and look at the process list to see what has changed. It also doesn't hurt to try and shut down/reboot Windows with the message box up, to see a "Ending Program" message that can give some good infos.

Or just use this and save some logs of the event, then post them here.

Once you get some process names, reboot in Safe Mode, hunt it down, and kill it.

Another thing you can do is stop using Internet Exploder. >_>

I dont use internet explorer, I use firefox


I did that task manager thing already and all it said was IEXPLORE.exe


so I ran a search on that, didn't lead anywhere, but there was a suspicious folder in WINNT that had an "IEXPLORE.exe" that was named "SoftwareDistribution" or something.. didnt see anything wrong but I'll delete the folder anyway.

How did I guess this was winfixer before reading it.

I'm not entirely sure winfixer uses run registry keys to start, but I'm guessing it does.
In safe mode, you'll want to go into your registry (start->run: regedit) and look for the process in the following places:

HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run
(Also RunOnce and RunExec)

HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run
(Same as above)

Assuming you've identified which one(s) are winfixer, you can just delete them. Fresh installs of Windows XP always come with empty run keys, so accidently deleting the wrong one shouldn't be the end of the world. Maybe your antivirus or printer controls won't start up.