Winfixer got to me, but I had the last word

I run Linux with Firefox exclusively. Hence, I don’t need a product which supposedly fixes Windows. Such a product, called Winfixer, has managed to install a popup in my Firefox. Every time I start Firefox, a Winfixer popup tells me they found several problems on my machine (yeah! right!), I searched on the web for help, but all I see are ways to seek and destroy a trojan under Windows. The thing is, under Linux, I only run Firefox as an unpriviliged user, so it is very unlikely that a Linux trojan written by Winfixer infested my system. What is more likely is that Firefox, or an extension I use, has a fault of some sort allowing web sites to leave JavaScript commands to be executed whenever I start Firefox. I suspect the SessionSaver extension to be guilty.

In any case, why should I tolerate these popups?

To get rid of them, I added the following line in /etc/hosts

(You can do something similar under Windows by editing the LMHOSTS file. I suspect you can also do something similar under MacOS.)

That’s it. No more insanity. It is now impossible for any script on my machine to query their domain.

Hint to system administrators: blacklist the winfixer domain now.

This leaves two questions:

  • Is it morality acceptable for a company like Winfixer to use such means to sell their product? Is it even legal?
  • Who are the idiots buying Winfixer?

Daniel Lemire, "Winfixer got to me, but I had the last word," in Daniel Lemire's blog, September 2, 2005.

Published by

Daniel Lemire

A computer science professor at the University of Quebec (TELUQ).

20 thoughts on “Winfixer got to me, but I had the last word”

  1. I just had a run in with too, using Firefox on Wintel. Interesting it managed to popup at all as I already have listed as courtesy of Spybot S&D.

    I am running Firefox while typing this, and since the last time I closed the Firefox session with Task Manager it has not re-appeared.

    It continued to popup while visiting sites advertising torrents.

    I think you might find (my experience) the popups are more likely related to the site/s you were visiting at the time of the popup. Just my .02c worth.

  2. I’ve scanned there website, there are no contact details. I think that their practises are shadey to say the least. Really like to find someway of shutting them down.

  3. I knew it! I am having the same problem with Winfixer, and it is getting incredibly worse. After quite a bit of work, I did find some contact information and sent them a lengthy and angry e-mail, which of course I have yet to hear a response. Anyway, I am writing you to see if you know of anything I can do to get rid of the darn pop-ups. The only “solutions” I found online were to download other spyware software; no thanks. I would appreciate any help you can give me, or if you know of any trustworthy program I can get. I read what you did, and unfortunatly I am not computer savy enough to have any idea all what you were talking about.

  4. I have this stupid winfixer thingy appearing in my computer too. I got this shit installed on my windows machine without any knowledge where it comes from. Its pretty annoying. I hope it would not hit my linux machine since the first post said it hit his linux. I hate spyware and adware. Such shit shouldn’t even have existed. Really hope these idiots should be penalised and punished.

    Anyway, I think I am lucky enough that my system is protected by a recivery card. So after this session of usage, I will reboot my computer and everything will be removed.

    Once again, whoever own this winfixer thing, you shouldn’t even be existed in this world. No body will say that you are great for doing such destroy. Please! do something constructive with the knowledge you have.

  5. I when through both Firefox and Explorer on Wintel and checked the trusted sites on the security settings. Sure enough, there’s winfixer. I changed it to block. Also found it it in the cookies. Damn… someone nuke that site.

  6. I have winfixer popups that are driving me nuts. How exactly do I get rid of this. What is etc/hosts and how did you add the line to it.
    I am not computer savvy so I need help. I would appreciate your feedback. THanks, Kiki

  7. Please can you tell me how to get rid of these very
    annoying winfixer pop ups,i have only had a computer about 3 weeks & been on the internet about the same amount of time.It`s getting to be that annoying that i`m considering giving it up all together,because there is no enjoyment in trying to do whatever it is your trying to do with these stupid pop ups appearing every few seconds.
    Thanks Jamie

  8. Norma: the solution I offered was specific to Linux. For Windows, it would also work, but I don’t know exactly how to do it. Might have to do with the c:windowslmhosts file though I don’t use Windows much myself.

  9. HiDaniel… I am so computer “out of it” Can you please provide step by step direction on how to add the information to etc/hosts. Will it work on Explorer?

  10. Winfixer tried hijacking my IE session and took me to:

    And there was an error on the page:
    Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING,
    expecting ‘)’ in /var/www/html/trafc/db_sdate.php on line 8

    I knew this was not legit, and I never consented to downloading any
    software from these guys.

    I looked at the directory where the script is:

    … and found interesting files there. One has IP addresses. Another
    has something with the word Administrator in it. And one has code
    written in perl to manage their campaigns…

    What would be the best way to inform people that their computer
    address is some company’s advertising target, and to also notify the
    world that these guys are not legitimate?

    By the way, in their perl code, it seems SpyBot S&D is an accomplice…..not necessarily a threat to WinFixer (I may be misreading perl code, so go check it for yourself.)

  11. Hi Daniel

    I’ve just got stung by this too. Same deal, firefox on linux and I’m also using the Sessionsaver extension. I found clearing the cache/cookies/saved passwords etc did not work BUT if I did that, restarted firefox, closed the popup then opened several new tabs, recleared the cache etc and restarted firefox then the pop up did not resurface. This leads me to suspect that Sessionsaver is the culprit and that the pop-up code is getting pushed onto the end of the Sessionsaver stack (or queue or however this is implemented); since Sessionsaver does not know about this new javascript code, it will overwrite it with the details of new tabs/windows when you open them. (This is just speculation)

    I’ve blocked their domain at the firewall to save myself editing /etc/hosts on both desktop and laptop but if I ever get time I may unblock and have a play with reinfecting myself and looking at the Sessionsaver source to see if I can work out how it is doing this.

    After years of pop-up/virus/malware free computing it’s a pain to deal with the kind of crap that bothers Windows users on a daily basis. My arrogant “I use linux and I’m immune” stance has been sorely dented by this!

    Damn these people.

  12. Can we slam the winfixer site with massive hits…or send a million or 2 emails to jam them….just a thought

  13. Winfixer is nothing but a HUGE FRAUD!… My computer tech told me that they are known to ruin your system and do NOTHING of what they say it does! I called WinFix at 800-755-5909 and gave them a piece of my mind (even got a Complaint Number!) and told them that I have stopped payment, and that I will report them.
    I flagged the payment and my bank is doing an investigation on them. I reported the charge as fraud and I tried file a complaint with the Better Business Bureau but since I dont have a city for them it won’t register. Everybody should call them and complain …we need to stand up to companies like that, who are ripping people off left and right!

  14. Just posted this on wikipedia:

    Winfixer is also known to exploit the SessionSaver extension for the Firefox browser. If you are experiencing popups on every startup asking you to downliad winfixer, you should open your prefs.js file and delete all lines containing the word ‘winfixer’ (just do a search for the word and delete the whole lines). The prefs.js file is located at:

    Windows: C:Documents and Settings_username_Application DataMozillaFirefoxProfiles_profile_prefs.js

    Linux: ~.FirefoxProfiles_profile_prefs.js

  15. Winfixer is also known to exploit the SessionSaver extension for the Firefox browser. If you are experiencing popups on every startup asking you to downliad winfixer, you should open your prefs.js file and delete all lines containing the word ‘winfixer’ (just do a search for the word and delete the whole lines). The prefs.js file is located at:

    Windows: C:Documents and Settings_username_Application DataMozillaFirefoxProfiles_profile_prefs.js

    Linux: ~.FirefoxProfiles_profile_prefs.js

  16. If you do a whois search for the domain, you will find their address and contact details… they are located in Kiev!
    if you dont know how to do it go to a domain availability checker.. there is one at (a very good hosting company btw) and search for the domain.. when you get your result click the whois link..


    I wish winfixer woul die!

  17. I also run Linux with Firefox. I turned off my session saver, cleared all private data, cookies, history, etc. Closed firefox and restarted it. I started my session saver again and no more winfix popup. Thanks for the tip and I hope this helps.

  18. winfixer is me of bigest pile of i have know went on 2 da website nothin on there to get rid of da me of and der no contact number to call them so i can rip at dem down the phone how can i remove winwanker from my pc when i didnt even put it on der

  19. In Firefox Select Options from the Tools menu and then choose Privacy and Cookies. Add an exception to block

Comments are closed.