Expert: Carolyn Meinel - 11/18/2006

Question
Dear Carolyn,

I had asked you awhile back about the virus's on my computer, I had dialer traffic advance and winfixer. You mentioned that Mcaffee could remove dialer traffic adance but not winfixer. You gave the link the site that had removal instructions for winfixer but you said to be careful. I never did try to remove it myself. I've tried one of the computer forums where a technician tries to walk you through it. They ask for a log and to see what is on your computer and you run this Hijackthis program. I've done this and they had me download different things, one is called an ATF cleaner and they gave me a link to a Firewall called ZoneAlarm and I've downloaded an anti-virus called AVG, all of these were free. They also wanted me to download something called Kasperskyscanofharddrive. It looked like it contained a database of known viruses. They also wanted me to delete Java and download the most current verson which is update 9. I did have an anti spyware program called Ad-aware SE Personal but they wanted me to download a different one from AVG anti-spyware, I tried to but I kept getting an error message called NSIS error, which looked like this,
"The installer you are trying to use is corrupted or incomplete.
This could be the result of a damaged disk, a failed download or a virus.

You may want to contact the author of this installer to obtain a new copy.

It may be possible to skip this check using the /NCRC command line switch
(NOT RECOMMENDED)."

They then sent me to this site that my have solutions to why I was getting that error.


"[edit]Solutions
Follow these steps for each case to get rid of the error.

[edit]Error with Single Installer
Disable any download accelerators and download the installer again.
Update any active anti-virus and download the installer again.
Disable any active anti-virus and download the installer again.
Download the installer from another source. It might be corrupted on the server, or the connection to the server is unreliable.
Download the installer using another computer and copy it to the original computer using a reliable media."

Sorry, I haven't heard back from anyone on the forum as I keep geting the AVG anti-spyware but I don't understand some of these solutions to that would enable the download.

I've run what they have told me and it doesn't look like I have the viruses any longer, it doesn't flag any viruses. Is it possible that these programs could have gotten rid of Winfixer? I did run a san from symantec just to check from a 2nd source and it did flag one threat but didn't say what it was, just that it wasn't a virus, so I'm not sure what that meant. My computer is super slow now, even slower than when I had the virus. Is all this anti-virus and firewall software what is doing that? I only have the 56K so maybe it doesn't work out well with these programs or that I need a faster connection to make it worthwhile. Do I need that Kaspersky program, I don't know what it's doing for me other than the first time I used it and I don't know what it did then either? When I try to play Windows Media song clips off the Internet I'm not able to anymore where I used to be able to. Is says I'm not compatible anymore, Is there anything I can do to fix this? Did I do the right thing with all this? I know I've written a lot, but please point out if there is something I've done wrong or should be aware of. I appreciate your time.

Lee

Answer
First of all, please watch out for those help sites that allow anyone to give advice. Allexperts.com is careful to only provide experts who are proven experts.

The advice to use "Hijack This" is a case in point. This program is only useful for people who are experts in running processes. Your experience in not getting proper followup was, sadly, common with these sites that allow anyone to claim they are experts.

Since I first gave you advice on how to remove winfixer, I've found what may be an easier way to remove it, and it's free.

First, uninstall your current antivirus and install the free trial of F-Secure Internet Security, see http://www.f-secure.com/home_user/support_and_downloads/evaluations/

It is the most widely used Internet security suite in the world, but because it is made in Finland you don't see many ads for it in the U.S. Since your Internet access is running so slowly, besides removing Winfixer, F-Secure might find several other malware programs and remove them.

Second, we need to hunt down and remove the program that first tricked you into installing Winfixer. Usually it is installed by Look2Me, which hides well and therefore might still be on your computer. It is so good at hiding that even F-Secure Internet Security can't remove it. However, F-Secure offers a free program to remove it automatically, see http://www.f-secure.com/sw-desc/look2me.shtml

If this doesn't work, you may need to entirely rebuild your operating system. This is what a computer repair shop would do to fix your computer. If you decide to do it yourself, let me know and I'll give you complete instructions.