Talk:WinFixer

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Low This article has been rated as Low-importance on the project's importance scale. Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Low-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

Archives

Archive 1

This page has archives. Sections older than 730 days may be automatically archived by Lowercase sigmabot III when more than 10 sections are present.

What Type of sites can give you WinFixer

I think if there is any consistency between the type of sites, someone should add it — Preceding unsigned comment added by Eljawa (talk • contribs) 18:01, 8 June 2007

There is no consistency, since these days this piece of crap is surreptitiously embedded into legitimate banner ads by a rogue advertiser, which is then rotated onto safe sites, triggering the download. There was a time late last year in 2006 where many bulletin boards and safe popular sites (like Livejournal) got hit by this - so now you can't be sure which sites are safe and which site isn't. Mind you, this is a mighty good case for blocking all ads on every site with an adblocker with extreme prejudice. — Preceding unsigned comment added by 203.120.68.69 (talk • contribs) 06:20, 14 June 2007

Like an ad for Firefox

Latest comment: 15 years ago1 comment1 person in discussion

Parts of this article read almost like an advertisement for Firefox. If you want to claim that IE is more vulnerable and FF less, by all means do so, but cite sources. CNash (talk) 16:15, 3 September 2008 (UTC)Reply

Sephiroth storm edit war

Latest comment: 15 years ago8 comments2 people in discussion

User Sephiroth storm (talk) has decided to make major changes to this article. I originally reverted his changes and explained why. But rather than have a discussion, he has decided to resort to an edit war. These are some of the problems I have with his changes.

• He edited the entire file at one time, mixing proper edits with those that needed to be undone. Since there was no way to address problem sections one at a time, a complete undo made more sense.

• Some of the changes were only half done, such as replacing complete sentences with phrases and gibberish.

• In some places he changed the complete meaning of a section, but without providing any references. This is particularly bad since the previous data was correct and the changes are not.

• In a few cases, he removed valuable data that has been in the article for years.

• He made major changes without adding anything to this discussion page.

It should be noted that WinFixer is extortion program - it makes someone's computer unusable until you pay them to remove it. At the time the article was written, neither McAfee nor Symantec could detect and remove it.

Sephiroth storm has decided to make the program sound less dangerous by claiming that it is scareware or a rogue program and by stating that McAfee and Symantec can now remove it. In fact, it installs itself without the users knowledge, usually though some security hole. At that point, it takes over your machine and makes it unusable.

He removed

• Safety information warning users not ot search for WinFixer Removal programs because many of those were actually alternate versions of WinFixer

• A link to information on a class action lawsuit against WinFixer

• Information stating very clearly that Symantec would not detect or remove the program

• Information that McAfee considers the program to be legitimate

• Information from McAfee needed to manually remove WinFixer. He left in a link to the incorrect Symantec instructions.

By the way, the main reason parasites like WinFixer deserve their own WikiPedia articles is because the trusted anti-virus programs don't protect the users. If McAfee and Symantec were doing what everyone thinks they are doing, then no one would waste their time producing an article like this one. As a direct result, claims on their web sites should NOT be trusted as reliable information as to what they detect and remove.

Unfortunately, the original editors of this site have moved on to other things and the valuable information they contributed to this article is now being removed.

Q Science (talk) 18:35, 2 October 2008 (UTC)Reply

And yet you have not produced any edits to make the article better yourself. Feel free to add any verifiable information you please, however, saying that I am attempting to make the article sound less dangerous is incorrect. Wikipedia does have a manual of style, and the article in its original form was highly POV. I made my original edits, you undid them, I undid your revision, and decided to take your advice and find sources for the article. This article has went from 4 refernces to 13. I also open gateways of communication, and asked you to join WikiProjects involved with Malware and InfoSec, and you accuse me of starting an edit war? noone else has objected to my edits, and I have opened the article for review on the WikiProject Computing/Computer and Information Security task force page. Of course I welcome comments from any editor on this issue.

Addition: Also, as for McAffee and Symantic's detection and/or removal of WinFixer:

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=135733 Threat Profile: Winfixer Risk Assessment

 - Home Users: N/A 
 - Corporate Users: N/A 

Date Discovered: 9/1/2005 Date Added: 9/1/2005

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It purports to be an system repair/maintenance application, but requires paid registration before any issues found can be fixed.

http://www.symantec.com/security_response/writeup.jsp?docid=2005-120121-2151-99

WinFixer is a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.

ProtectionInitial Rapid Release version June 27, 2007 Latest Rapid Release version October 2, 2008 revision 041 Initial Daily Certified version June 27, 2007 Latest Daily Certified version October 2, 2008 revision 050 Initial Weekly Certified release date December 7, 2005

Both sites claim to offer detection of WinFixer, and both also have removal instructions. I think it is logical to assume that anyone looking to remove these infections would prefer to get complete instructions from the vendor (McAfee/Symantic/ect.) rather than wikipedia, if said instructions cause damage to a users computer. Wikipedia could be held responsible, which is why it does not offer advice on malware removal.

Answers:

• Safety information warning users not ot search for WinFixer Removal programs because many of those were actually alternate versions of WinFixer

-Instead I included VERIFIABLE references that claim to remove the infection. The same can be said for most Malware applications. However, if you provide a trusted third party reference, I will gladly include it in the article.

• A link to information on a class action lawsuit against WinFixer

-This was inserted randomly into the article, I believe there was a link, however, I do not know if it was indeed a reference. Feel free to provide it, as a matter of fact, I will locate it, but there doesn't appear to be a need for it.

• Information stating very clearly that Symantec would not detect or remove the program

-Addressed above.

• Information that McAfee considers the program to be legitimate

-McAfee(R) AVERT recognizes that this program MAY have legitimate uses in contexts where an authorized administrator has knowingly installed this application. This is not the same as saying that it is legitimate. What kind of SysAdmin installs a reported rouge application, that has not been vetted?

• Information from McAfee needed to manually remove WinFixer. He left in a link to the incorrect Symantec instructions.

-Manual removal can indeed be dangerous, however, I included a link to the Mcafee listing that links to removal instructions.

• It should be noted that WinFixer is extortion program - it makes someone's computer unusable until you pay them to remove it.

Please provide a source for this information. Many types of Malware can damage or ruin a users computer, that is why they are termed Malware, malicious-Software. To call these programs "extortion programs" could be considered slander, which is what happened when several vendors of rouge programs took the security companies to court. As such, they are not claissified as viruses or spyware (depeneding on the vendor) but as PUP's (potentially unwanted program). Wikipedia cannot cal the application as such, unless verifiable third parties call it such.

I look forward to your response. Sephiroth storm (talk) 02:58, 3 October 2008 (UTC)Reply

I looked at the page history, the link for the class-action lawsuit is http://fixwinfixer.wordpress.com/, this is a personal blog, and therefore not verifiable, by wikipedia standards. However, the link in the article to a news release is good, and the information seems verifiable. I have no issue creating a new section for this

Sephiroth storm (talk) 03:11, 3 October 2008 (UTC)Reply

The removed link was Lawsuit Filed Against Winfixer though this computerworld.com article is probably better. Both of these should count as sources for the statement that WinFixer makes a system unusable.

Symantec and McAfee should not be used as reliable sources, both have a long history of not protecting systems from WinFixer. Specifically, manual procedures to remove it were provided precisely because their software was not able to.

McAfee says

• Winfixer is a "potentially unwanted program", not a virus or a trojan
• Winfixer has been known to get installed silently through code exploiting Microsoft Internet Explorer vulnerabilities
• Additional overhead in bandwidth due to possible download of updates or other content
• You can not get rid of this without special instructions. Originally, you had to edit the registry, now you search for "joke" programs.

Translation - it gets on you machine without your permission, there is no way to get rid of it without special help, the "increased bandwidth" means that you are no longer able to use your browser or mouse - but it is just a "joke", not a problem.

It is interesting that McAfee lists the discovery date as 9/1/2005 - My records show that I first encountered WinFixer in the wild before 7/26/2005. In addition, the registry keys that had to be modified to remove it were not the same keys that McAfee or Symantec give. Apparently, there are several versions they still don't detect. Another possibility is that they provide instructions for removing only the purchased copy, not the one that simply appears on someone's system.

The "neutral point of view" argument was had a long time ago and the article was toned down a lot back then. Now you want to tone it down even more. I guess that you can call a piece of software that destroys your computer "potentially unwanted". And when it requests money so that the system will be useable, I guess I don't know the definition of "extortion". Please suggest something more politically correct. Personally, it would be better to delete this article than to understate the problem.

As for other references, this article used to have a lot of references. However, information rot has crept in over time as one reference after another was removed.

Q Science (talk) 06:56, 3 October 2008 (UTC)Reply

It's not about what I want to put in the article, its about what can be referenced. It's been said before, wikipedia doesn't want the truth, it wants what can be verified. Personally, I dont use McAfee or Symantic, but I can't put personal experience in a article.

As for those articles, I have to say, that one of the confirmed effects of most Adware, and other Rouge programs to bog down the CPU, with startup processes, and multiple popups. To specificly state that, would add unnesesary heat to the article, don't you agree? Anyone who wanted to know what the potential effects of these types of application could check the articals on Malware, and Rouge programs, both linked in the article. Sephiroth storm (talk) 12:35, 3 October 2008 (UTC)Reply

How is this for a comprimise?

On September 29, 2006, a San Jose man filed a lawsuit over WinFixer and related "fraudware" in Santa Clara County Superior Court, however, in 2007 the lawsuit was dropped. In the lawsuit, the plaitiffs charged that the WinFixer software "eventually rendered her computer's hard drive unusable." KTVU (Channel 2 in Oakland, CA) carried a special report. —Preceding unsigned comment added by Sephiroth storm (talk • contribs) 12:51, 3 October 2008 (UTC)Reply

The "San Jose man" is lawyer Joseph M. Bochner who has documented the case in his blog, one of the references you deleted a few minutes ago, probably without bothering to read it. Note - this was a primary reference written by one of the people this WinFixer article is about.

In the original (before you changed it), the article referred to the woman who's computer was attacked. But I agree with you that the wording was poor at best.

And at least, if you are going to say that the suit was dropped, explain the it was because Bochner ran out of money.

You removed info on cd drives failing, try this reference. Like I said, there used to be lots of references, but they have disappeared over time. WikiPedia needs an article on information rot and how it tends to reduce WikiPedia's usefulness. I have also seen this happen in other articles.

I strongly suggest that you read this entire discussion page. (Just scroll up.) I went through it last night. The comments themselves reveal how bad WinFixer is. Even the old POV discussions are there. If it is true that the legal system now requires viruses to be called by some politically correct term, then there should be a page somewhere documenting that. And ALL related pages should have a link to it. It is a sad day when courts say that you have to call a crook a friend. It is even worse when the WikiPedia POV style guide supports that.

As for Symantec, their site is anything but unbiased - they have a closed settlement with the people behind WinFixer. I assume that they have toned down their comments about how bad this software is as part of the settlement.

Q Science (talk) 17:23, 3 October 2008 (UTC)Reply

As for the blog, generally they cannot be used as reliable sources, as we cannot verify who the blog belongs to. I can create a blog and sign up as George W. Bush, it doesn't mean that I am. As for the better Anti-Virus article, it does not say that the drive was rendered useless, simply that it popped open. I have seen no other reports of the program exibiting such behavior. Generally a program can send such a command to a machine, but it is rare. While I will not argue with including it on the section of the article reguarding the lawsuit, we would need more references of other incidents in order to put in the larger article.

As for the previous comments, I understand how bad WinFixer can be. Any user is free to look at the Talk page and see these comments, however, we cannot use the accounts of people whose identities and experiences cannot be verified in Wikipedia.Sephiroth storm (talk) 12:46, 20 October 2008 (UTC)Reply

My thoughts

Latest comment: 15 years ago2 comments2 people in discussion

Hello. Reading through this page, I suggest the following changes:

• Either Image:WinAntiVirus Pop-Up.png or Image:Winfixer-message.png should be used, but not both, because they mainly have duplicate content. (WP:FUC 3a)
• This article is severely biased. (WP:BIAS) One example is the requirement to verify information from WinFixer but not other sources: "The WinFixer web page [claims...] but its claims have not been verified".
• The avoiding infection section is not encyclopedic and should be removed or refactored to be encyclopedic. (WP:NOT)
• Quotes from WinFixer and Microsoft must have references. (WP:CITE)
• Lots of the domain ownership section focuses on trivial details, such as the exact fake address used.
• The winfixer.com domain name information is supported by a dead link to dnsstuff.com. (WP:DEADLINK) DNS records are primary sources requiring additional analysis, secondary sources should be used (WP:SYN)
• Castlecops.com is a forum which is normally not a reliable source. (WP:RS)
• Lots of potentially controversial statements are not supported by references. (WP:CITE)

--h2g2bob (talk) 18:05, 26 October 2008 (UTC)Reply

I'll take a look tomorrow. Sephiroth storm (talk) 20:18, 26 October 2008 (UTC)Reply

WP is not a how to

Latest comment: 15 years ago1 comment1 person in discussion

Parts of this article reads a lot like a how to, and WP is not a how to guide. Shouldn't someone do something to clean this up? PCHS-NJROTC ^(Messages) 01:17, 12 December 2008 (UTC)Reply

watch net protection

Latest comment: 15 years ago3 comments2 people in discussion

came across watchnetprotection.com/scan/index2.php?affid=07000 which seems to have the same MO. any relation?--Mongreilf (talk) 16:34, 5 January 2009 (UTC)Reply

Apparently, that domain name was created today. How did you find it so fast?

From Godaddy

Domain name: watchnetprotection.com

Registrar: Regtime Ltd.
Creation   date: 2009-01-05
Expiration date: 2010-01-05

Registrant:
  Howard Brooks
  Email: howardcbrooks@gmail.com
  Organization: Private person
  Address: 1387 Andell Road
  City: Nashville
  State: TN
  ZIP: 37201

This person is already associated with another scam/virus - System Security.

Domain name: websecurityexamine.com

Registrar: Regtime Ltd.
Creation   date: 2009-01-02
Expiration date: 2010-01-02

Registrant:
  Howard Brooks
  Email: howardcbrooks@gmail.com
  Organization: Private person
  Address: 1387 Andell Road
  City: Nashville
  State: TN
  ZIP: 37201

Unfortunately, this data is only found via unreliable (blog) sources and, therefore, can not be included in wikipedia until a "reliable" source, like Symantec, decides to include it on their web page ... probably in 6 to 12 months. Q Science (talk) 17:52, 5 January 2009 (UTC)Reply

i was looking for recipes for a pimms martini is how--Mongreilf (talk) 19:34, 6 January 2009 (UTC)Reply

scareware sellers facing charges

Latest comment: 13 years ago1 comment1 person in discussion

Three men are facing federal fraud charges for allegedly raking in more than US$100 million while running an illegal "scareware" business that tricked victims into installing bogus software.

Two of the men, Bjorn Sundin and Shaileshkumar Jain, operated an antivirus company called Innovative Marketing, which sold products such as WinFixer, Antivirus 2008, Malware Alarm and VirusRemover 2008. The third man charged, James Reno, ran Byte Hosting Internet Services, the company that operated Innovative Marketing's call centers. NetworkWorld article Michael (talk) 19:08, 20 June 2010 (UTC)Reply

Norton Safe Web

Latest comment: 13 years ago2 comments2 people in discussion

Norton Safe Web said that winfixer.com is a safe web site since it's start of WInFixer. This should be apart of the article, unless it doesn't mean anything to the others. Norton Safe Web rated the site as "Safe without computer threats, and identity threats" even though the website wants people to install malware. From Me, WiiRocks566 □ 18:55, 16 January 2011 (UTC)Reply

That is currently correct. However, this was once a very dangerous site. Q Science (talk) 22:55, 19 January 2011 (UTC)Reply

External links modified

Latest comment: 8 years ago1 comment1 person in discussion

Hello fellow Wikipedians,

I have just added archive links to 2 external links on WinFixer. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

• Added archive https://web.archive.org/20071118122531/http://www.stopbadware.org:80/reports/reportdisplay?reportname=winfixer to http://www.stopbadware.org/reports/reportdisplay?reportname=winfixer
• Added archive https://web.archive.org/20080705081003/http://msmvps.com:80/blogs/spywaresucks/archive/2007/02/18/591493.aspx? to http://msmvps.com/blogs/spywaresucks/archive/2007/02/18/591493.aspx

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 16:37, 13 January 2016 (UTC)Reply

External links modified

Latest comment: 8 years ago1 comment1 person in discussion

Hello fellow Wikipedians,

I have just added archive links to one external link on WinFixer. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

• Added archive http://web.archive.org/web/20070930122058/http://www.trojanguide.com/spydet_2339_vundo.html to http://www.trojanguide.com/spydet_2339_vundo.html

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 16:17, 29 February 2016 (UTC)Reply