We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

全天候無假日支援服務

我們準備隨時幫助您解決任何網際網路安全問題。

無論您選擇即時聊天或電子郵件,您都可以向我們的專家團隊求助並將迅速得到有關您問題的答覆。

啟動即時聊天 傳送電子郵件

 

 

How to remove Trojan.Downloader.Winfixer.O



THREAT NAME

Trojan.Downloader.Winfixer.O

CLEAN INSTRUCTIONS

1. Go to Start, Run, type control panel and press OK.

 

2. Double click on Add or Remove Programs.


3. Select and uninstall/remove any of the following programs:


ErrorSafe / WinAntivirus / WinAntiSpyware / SystemDoctor


SYMPTOMS
1. When Windows starts, fake popup messages will appear, telling you that the system has errors. If you want to repair the errors then you are sent to a website in order to buy the product.


DESCRIPTION
1. This trojan usually appears as one of the following programs:


ErrorSafe
WinAntivirus
WinAntiSpyware
SystemDoctor

2. When the program is run for the first time, a message appear telling you that a program will be downloader and installed.

 

3. When the download is finished, the program is automatically installed and a fake scanning window will appear.

4. After the scan is finished you are told that the computer has several critical errors and you need to repair then. If you select the Repair button, then you are sent to a website in order to buy the product.

 

5. It add several keys in the registry, including the ones to run at startup:


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
UERScw - C:\Program Files\ErrorSafe Free\UERScw.exe
was_check - C:\Program Files\ErrorSafe Free\PASmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ErrorSafeFree - C:\Program Files\ErrorSafe Free\uers.exe

Other keys are also created by the program:


HKEY_CLASSES_ROOT\CLSID\{53D5C0AF-1B61-44A1-8739-31ABD4117D8D}
HKEY_CLASSES_ROOT\CLSID\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B}
HKEY_CLASSES_ROOT\CLSID\{703BDF83-2C12-4d20-8BB0-106DDAB01B59}
HKEY_CLASSES_ROOT\CLSID\{C5531D07-22C2-418B-85B9-D829AF1498B0}
HKEY_CLASSES_ROOT\CLSID\{E0767047-9D25-4a3a-B905-852CDA087E86}
HKEY_CLASSES_ROOT\CLSID\{E7296F98-6668-419c-AE1D-04ED641E7C3E}
HKEY_CLASSES_ROOT\TypeLib\{25F43076-32B8-4828-A88C-8288EEE53396}
HKEY_CLASSES_ROOT\TypeLib\{3EB15ED2-15A6-4E1A-B84A-ACFAE64583E1}
HKEY_CLASSES_ROOT\TypeLib\{7300F6AF-78E6-4167-845A-6089879F1DB0}
HKEY_CLASSES_ROOT\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500}
HKEY_CURRENT_USER\Software\Error Safe Free
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53D5C0AF-1B61-44A1-8739-31ABD4117D8D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{703BDF83-2C12-4d20-8BB0-106DDAB01B59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5531D07-22C2-418B-85B9-D829AF1498B0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0767047-9D25-4a3a-B905-852CDA087E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7296F98-6668-419c-AE1D-04ED641E7C3E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{25F43076-32B8-4828-A88C-8288EEE53396}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EB15ED2-15A6-4E1A-B84A-ACFAE64583E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7300F6AF-78E6-4167-845A-6089879F1DB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500}
HKEY_LOCAL_MACHINE\SOFTWARE\Error Safe Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
HKEY_USERS\S-1-5-21-2052111302-789336058-854245398-500\Software\Error Safe Free


Author:
The BullGuard Team

全天候無假日支援

 


我們專門的支援團隊全天候無假日以簡單易懂的英語提供專家建議,並在特定時間內提供其他語言服務。


立即獲得幫助


升級/續訂

 


已經在使用 BullGuard 嗎?


我們希望您盡情地享用我們的產品!

僅需執行幾個簡單的步驟,您即可免費升級至我們最新的版本或續訂您訂購的產品。


升級 續訂

 
More