2 replies to this topic

[SpySentinel]

Symantec Write up about WinIFixer

http://www.symantec.com/business/security_...-99&tabid=2


Installation
When the program is executed, it creates the following folders:
%UserProfile%\Application Data\WinIFixer.com\
%UserProfile%\Application Data\WinIFixer.com\WinIFixer\
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\
%ProgramFiles%\WinIFixer\

It then creates the following files:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\WinIFixer.lnk
C:\Documents and Settings\All Users\Desktop\WinIFixer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Register.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\WinIFixer.lnk
%ProgramFiles%\WinIFixer\database.dat
%ProgramFiles%\WinIFixer\MFC71.dll
%ProgramFiles%\WinIFixer\MFC71ENU.DLL
%ProgramFiles%\WinIFixer\msvcp71.dll
%ProgramFiles%\WinIFixer\msvcr71.dll
%ProgramFiles%\WinIFixer\Uninstall.exe
%ProgramFiles%\WinIFixer\WinIFixer.exe
%ProgramFiles%\WinIFixer\WinIFixer.exe.local
%ProgramFiles%\WinIFixer\WinIFixerSkin.dll

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"WinIFixer" = "%ProgramFiles%\WinIFixer\WinIFixer.exe"

It also creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinIFixer
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com

[Hardhead]

Already listed here.

Thanks

[SwampDiner]

Added to RR 168