Home / malwarePDF  

Application.Winfixer.J


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Application.Winfixer.J is also known as WinFixer, ErrorSafe,WinAntiSpyware.

Explanation :

Application.Winfixer.J is a name given to a set of 3 similar applications: Winfixer,ErrorSafe and WinAntiSpyware that have aproximately the same strategy:
They get installed either by the user or by some other application like a downloader.
They start scanning the system as soon as you install them and then report to you a series of system critical errors that need fixing and tell you to buy the application if you want it to fix your errors. Even on a clean windows installation these programs report threats and errors. and WinAntiSpyware detects Winfixer as being a threat.
Depending on the program installed these files and registry keys will appear in your computer:
For Winfixer:
Files and folders:
%DocumentsandSettings%All UsersDesktopWin Fixer 2006.lnk
%DocumentsandSettings%All UsersDesktopInstall WinFixer 2006.lnk
%DocumentsandSettings%All UsersStart MenuProgramsWinFixerFree
%ProgramFiles%WinFixerFree
Registry keys:
HKEY_CLASSES_ROOTFFxr_21.FFixr21
HKEY_CLASSES_ROOTFWrape_r.FFEnginWrape_r.1
HKEY_CLASSES_ROOTFWrape_r.FFEnginWrape_r
HKEY_CLASSES_ROOTFxCor_e.MMFixCor_e.1
HKEY_CLASSES_ROOTFxCor_e.MMFixCor_e
HKEY_CLASSES_ROOTMMFxCtr_l.CoFixEngin_e.1
HKEY_CLASSES_ROOTMMFxCtr_l.CoFixEngin_e
HKEY_CLASSES_ROOTUWFX6PCheck.UWFX6PCheck.2
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunWin_Fixer_Free
HKEY_CURRENT_USERSoftwareWinFixer_Free
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunNI.UWFX6_0001_N68M2301
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallUWinFX6_is1
HKEY_LOCAL_MACHINESOFTWAREWinFixer_2006
HKEY_LOCAL_MACHINESOFTWAREWinFixer_Free
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumSW{b7eafdc0-a680-11d0-96d8-00aa0051e51d}{9B365890-165F-11D0-A195-0020AFD156E4}ControlDeviceReference
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceskmixerEnum

For ErrorSafe:
Files and folders:
%DocumentsandSettings%Noob SaibotDesktopError Safe.lnk
%DocumentsandSettings%All UsersStart MenuProgramsError Safe Unregistered Version
%ProgramFiles%Error Safe Free
Registry keys:
HKEY_CLASSES_ROOTESSPChck.ESSPChck.1
HKEY_CLASSES_ROOTESSPChck.ESSPChck
HKEY_CLASSES_ROOTFlFxr15.FlFixer15
HKEY_CLASSES_ROOTFWraper.FFEnginWraper.1
HKEY_CLASSES_ROOTFWraper.FFEnginWraper
HKEY_CLASSES_ROOTFxCore.MMFixCore.1
HKEY_CLASSES_ROOTFxCore.MMFixCore
HKEY_CLASSES_ROOTMMFxCtrl.CoFixEngine.1
HKEY_CLASSES_ROOTMMFxCtrl.CoFixEngine
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunError Safe with value ""%ProgramFiles%Error Safe FreeERS.exe" /scan"
HKEY_LOCAL_MACHINESOFTWAREError Safe Free
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunError Safe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunError Safe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs"%ProgramFiles%Error Safe FreeESSPChck.dll"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallUERS_is1

For WinAntiSpyware:
Files and folders:
%DocumentsandSettings%All UsersDesktopWinAntiSpyware 2006 Scanner.lnk
%DocumentsandSettings%All UsersLocal SettingsTempWinAntiSpyware2006Setup.exe
%DocumentsandSettings%All UsersStart MenuProgramsWinAntiSpyware 2006 Scanner
%ProgramFiles%WinAntiSpyware 2006 Scanner
%System%driversuwasfsd.sys
Registry keys:
HKEY_CLASSES_ROOT*shellexContextMenuHandlersExplorerUWAS
HKEY_CLASSES_ROOTDirectoryshellexContextMenuHandlersExplorerUWAS
HKEY_CLASSES_ROOTDriveshellexContextMenuHandlersExplorerUWAS
HKEY_CLASSES_ROOTUWAS6.UWAS6
HKEY_CLASSES_ROOTuwasfsd.CreationNotifier.1
HKEY_CLASSES_ROOTuwasfsd.CreationNotifier
HKEY_CLASSES_ROOTuwashellext.ShellHook.1
HKEY_CLASSES_ROOTuwashellext.ShellHook
HKEY_CLASSES_ROOTuwashellext.WASContextMenu.1
HKEY_CLASSES_ROOTuwashellext.WASContextMenu
HKEY_CURRENT_USERSoftwareWinAntiSpyware 2006 Scanner
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs\%programfiles%WinAntiSpyware 2006 ScanneruwasffNT.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs\%system%driversuwasfsd.sys
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWinAntiSpyware 2006 Scanner with value "C:Program FilesWinAntiSpyware 2006 Scannerwas6.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{1230649B-B980-44A5-B259-9B09EBEA6331}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallWinAntiSpyware 2006 Scanner_is1
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun"WinAntiSpyware 2006 Scanner"
HKEY_LOCAL_MACHINESOFTWAREWinAntiSpyware 2006 Scanner
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesuwasfsd
where:
%DocumentsandSettings% is the current Documents and Settings folder
%ProgramFiles% is the current Program Files folder
%System% is the current System folder

Last update 21 November 2011

 

TOP

Malware :

Family: