Windows Fix

Posted: November 22, 2011
Threat Metric
Threat Level: 8/10
Infected PCs 30

Windows Fix Description

Windows Fix Screenshot 1Copied from previously-existing types of rogue diagnostic programs, Windows Fix follows typical scamware strategies by creating fake system scans, fake pop-up alerts and other types of misleading data that identify nonexistent infections on your PC. SpywareRemove.com malware researchers have noted that most Windows Fix infections are the result of drive-by-download attacks from malicious websites or payloads from previously-installed rootkits. Protecting your PC from Windows Fix should, accordingly, take the form of using a secure web browser, avoiding risky websites and keeping active anti-malware software that can ward off imminent Trojan attacks. If you see symptoms of a Windows Fix infection, you should never take Windows Fix at its word or try to purchase a Windows Fix activation key; instead, just remove Windows Fix with a competent anti-malware product.

Five Reasons to Walk Away from Windows Fix's Proffered Help

Even though Windows Fix offers such services as memory analysis and file-cleaning, Windows Fix isn't able to provide any of the features that Windows Fix claims to have. This doesn't slow Windows Fix down, however, as Windows Fix makes up for that lack by causing actual problems that Windows Fix can later blame on fake Trojans, keyloggers and other infections. SpywareRemove.com malware researchers have found the following issues to be symptomatic of infection by Windows Fix or a related type of fake system diagnostic program:

  • Missing program shortcuts; Windows Fix may move them to unusual locations (such as the Windows Temp folder) or delete them.
  • Issues with file-viewing in Windows Explorer; your files and folders may appear to be moved or deleted.
  • Blocked access to security and anti-virus programs, or malfunctions in said programs that prevent them from removing Windows Fix.
  • Web browser redirects to Windows Fix's website, as well as redirects that block you from visiting PC security sites.
  • Fake alerts, errors and system scan results, as noted with the following examples that are endemic to Windows Fix's scamware family:

    A problem detected while reading boot operation system files

    System Restore
    The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

    Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition

    Windows – No Disk
    Exception Processing Message 0×0000013

    Why Windows Fix May Be Dangerous, but Not Very Original

    All of Windows Fix's attacks are typical for other forms of rogue diagnostic programs in its subgroup, and each of these Windows Fix clones from the FakeSysDef family should be considered just as potentially-harmful to your PC as Windows Fix would be. Close cousins of Windows Fix that SpywareRemove.com malware researchers have unearthed include (among others)System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low and Hdd Fix.

    In most cases, removing Windows Fix can only be accomplished after disabling Windows Fix's startup routine to allow an anti-malware program to be used. You may find Safe Mode to be the most convenient method of doing this, although other options are also available. Removal of Windows Fix via manual methods should be considered only as a final resort, since Windows Fix does alter the Windows Registry and other components of Windows that easily can be permanently harmed if tampered with in an inexpert fashion.

    Use SpyHunter to Detect and Remove PC Threats

    If you are concerned that malware or PC threats similar to Windows Fix may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

    Download SpyHunter's Malware Scanner

    Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

    Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

    Technical Details

    Registry Modifications


    The following newly produced Registry Values are:

    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""

    Related Posts

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.