Home Malware Programs Rogue Defragmenter Programs Windows Fix

Windows Fix

Posted: November 22, 2011

Threat Metric

Threat Level: 8/10
Infected PCs: 30
First Seen: November 22, 2011
Last Seen: April 15, 2021
OS(es) Affected: Windows

Windows Fix Screenshot 1Copied from previously-existing types of rogue diagnostic programs, Windows Fix follows typical scamware strategies by creating fake system scans, fake pop-up alerts and other types of misleading data that identify nonexistent infections on your PC. SpywareRemove.com malware researchers have noted that most Windows Fix infections are the result of drive-by-download attacks from malicious websites or payloads from previously-installed rootkits. Protecting your PC from Windows Fix should, accordingly, take the form of using a secure web browser, avoiding risky websites and keeping active anti-malware software that can ward off imminent Trojan attacks. If you see symptoms of a Windows Fix infection, you should never take Windows Fix at its word or try to purchase a Windows Fix activation key; instead, just remove Windows Fix with a competent anti-malware product.

Five Reasons to Walk Away from Windows Fix's Proffered Help

Even though Windows Fix offers such services as memory analysis and file-cleaning, Windows Fix isn't able to provide any of the features that Windows Fix claims to have. This doesn't slow Windows Fix down, however, as Windows Fix makes up for that lack by causing actual problems that Windows Fix can later blame on fake Trojans, keyloggers and other infections. SpywareRemove.com malware researchers have found the following issues to be symptomatic of infection by Windows Fix or a related type of fake system diagnostic program:

  • Missing program shortcuts; Windows Fix may move them to unusual locations (such as the Windows Temp folder) or delete them.
  • Issues with file-viewing in Windows Explorer; your files and folders may appear to be moved or deleted.
  • Blocked access to security and anti-virus programs, or malfunctions in said programs that prevent them from removing Windows Fix.
  • Web browser redirects to Windows Fix's website, as well as redirects that block you from visiting PC security sites.
  • Fake alerts, errors and system scan results, as noted with the following examples that are endemic to Windows Fix's scamware family:

    A problem detected while reading boot operation system files

    System Restore
    The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

    Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition

    Windows – No Disk
    Exception Processing Message 0×0000013

    Why Windows Fix May Be Dangerous, but Not Very Original

    All of Windows Fix's attacks are typical for other forms of rogue diagnostic programs in its subgroup, and each of these Windows Fix clones from the FakeSysDef family should be considered just as potentially-harmful to your PC as Windows Fix would be. Close cousins of Windows Fix that SpywareRemove.com malware researchers have unearthed include (among others)System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low and Hdd Fix.

    In most cases, removing Windows Fix can only be accomplished after disabling Windows Fix's startup routine to allow an anti-malware program to be used. You may find Safe Mode to be the most convenient method of doing this, although other options are also available. Removal of Windows Fix via manual methods should be considered only as a final resort, since Windows Fix does alter the Windows Registry and other components of Windows that easily can be permanently harmed if tampered with in an inexpert fashion.

    Technical Details

    File System Modifications

    Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

    The following files were created in the system:

    %StartMenu%\Programs\Windows Fix\Uninstall System Fix.lnk File name: %StartMenu%\Programs\Windows Fix\Uninstall System Fix.lnk
    File type: Shortcut
    Mime Type: unknown/lnk
    Group: Malware file
    %StartMenu%\Programs\Windows Fix\System Fix.lnk File name: %StartMenu%\Programs\Windows Fix\System Fix.lnk
    File type: Shortcut
    Mime Type: unknown/lnk
    Group: Malware file
    %StartMenu%\Programs\Windows Fix\ File name: %StartMenu%\Programs\Windows Fix\
    Group: Malware file
    %Desktop%\Computer Fix.lnk File name: %Desktop%\Computer Fix.lnk
    File type: Shortcut
    Mime Type: unknown/lnk
    Group: Malware file
    %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Fix.lnk File name: %AppData%\Microsoft\Internet Explorer\Quick Launch\Windows Fix.lnk
    File type: Shortcut
    Mime Type: unknown/lnk
    Group: Malware file
    %AllUsersProfile%\.exe File name: %AllUsersProfile%\.exe
    File type: Executable File
    Mime Type: unknown/exe
    Group: Malware file
    %Temp%\smtmp\ File name: %Temp%\smtmp\
    Group: Malware file
    %Temp%\smtmp\1 File name: %Temp%\smtmp\1
    Group: Malware file
    %Temp%\smtmp\2 File name: %Temp%\smtmp\2
    Group: Malware file
    %Temp%\smtmp\3 File name: %Temp%\smtmp\3
    Group: Malware file
    %Temp%\smtmp\4 File name: %Temp%\smtmp\4
    Group: Malware file

    Registry Modifications

    The following newly produced Registry Values are:

    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""

Related Posts

One Comment

  • brian says:

    i cannot download your file or ainy oters i recieve a message this file has a virus and is deleated sometimes instatly other times after a full download attempt con u help me please? thankyou brian ps naturally i cannot reload the avg antivirus i had nor uninstall although it doesnt work.