I believe to have uncovered what looks like to be a huge ongoing Crime Ring on the internet. I decided to do some digging on a malware “winfixer” I was recently infected with. My first research uncovered that winfixer was not just a piece of maleware but winfixer itself is a virus that comes in through Java. You can become infected through various sites that direct you to the winfixer site and the winfixer virus is automatically installed even if you opt out of it’s “system scan”. This virus is getting a lot of people but isn’t cleaned through any antivirus yet. and very difficult to remove.

You get a screen that looks like this- (I used firefox and killed the process it would have normally loaded up the virust immediately after this screen)
http://members.mscwar.com/sniperx/winfixervirus.jpg

I find out Winfixer is just one of other software products sold by the company “winsoftware”, Winfixer is a blatant virus (not adware or maleware) with the purpose of slowing down you system and trying to get you to buy the “winfixer” antispam/popup program. I read around and find various people saying the winfixer program itself doesn’t do anything but is just a front. I don't see how this could be possible from a LEGIT company so I research this company and thier other products..

I research into the company that makes winfixer, “winsoftware” and find they are listed to be Liverpool UK.
http://www.downloadjunction.com/company/store/8661/

Upon researching this. The company doesn’t exist and never has in Liverpool! I do international directory assistance and company profile searches for them.. they don’t exist.

I begin checking out various links and claims on their main site
http://www.winsoftware.com/
http://www.winantivirus.com/

and find their claims very suspicious to say the least.. I reverse lookup their domain and find it registered in the Kieve Ukraine (not a good sign)
http://www.dnsstuff.com/tools/whois.ch?ip=http%3A%2F%2Fwww.winantivirus.com%2F


So at this point we have a blatant Virus made by a fictional company in Liverpool that is used as a front claiming to be a company that makes antivirus and popupblocker software. The plot thickens.. I look up to see about their other product “winantivirus” and find post after post like this…
http://www.dslreports.com/forum/remark,9410021~root=scambusters and
http://www.tek-tips.com/viewthread.cfm?qid=744567 all indications you will find from uses indicated it’s another bogus front.. It’s obvious to me at this point “winsoftware” looks to be a criminal front that uses various illegal tactics including malicious virus code for a scam.

Whats amazing is how complex this criminal organization is. They have deep ties everywhere.

I use the “tech support number” number listed on their website and get through to “BillingNOW” customer support.. They tell me they are a third party unassociated with winsoftware and offer downloading tech support.. I find it hard to believe and imagine they are part of the scam.. and are state side (I called an ohio number)

I look up billingnow.com and find
https://secure.billingnow.com/epayment/win_la.php?site_id=98&prod_id=163&aid=gcn2&lid=spyware
As you can see this looks to be spread international.

/postx41389-0-15.html

“as other programs these guys came out with.”
This organization has been around for awhile.. I see links at least as old as 2003..

Why are they allowed to go on with IMPUNITY?? What authorities can be contacted to further research and shut this outfit down? AS of today they still have many website, still have “phone support” and still take your money.. This looks to be a highly sophisticated criminal organization that has enough fronts it somehow slips below the radar, even gets written off as just another spyware.. which it clearly is not..

Please advise..

Mlmcasual

I also had problems with winsoftware. They ripped me off. Kept finding "problems" that needed to be fixed, I finally gave in and tried to register. It took my money but would not load the program. Glad it didn't because when I upgraded my McAfee, it found winsoftware to be an "unwanted program, possible adware." But now I am out 50 bucks and probably haven't a chance in hell of ever getting my money back. My account showed the payment went to winsoftware-singapore, so they must have banks all over the world. This is very disconcerting to me and not sure what I can do about it.

Meanwhile, I run my McAfee and now it no longer finds any problems. However, occasionally my computer monitor screen just goes blank. The green light on the monitor changes to yellow and screen blacks out. I end up having to turn computer off and then back on to reboot in order to get it to work. Is there some file in my computer that McAfee can't find? What is this Hijack This I see mentioned? I am new to this page and wondering if there is something I can do to fix my computer without having to spend more money... having financial problems enuf as it is! Appreciate whatever help you can provide, thanks!

meancat

If you paid them 2 Things and do both IMMEDIATELY.

1.Call you Credit Card Company and cancel the charges.

2. Inform you card company that the payment was made to a malicios party and you may be subject to un-authorized charges.

Your card company SHOULD give you advice on ID/card theft and follow ALL of thier advice. Contact Experion @ 1 888 397 3742 ( actually should call all 3 bigs, but thats the only number I have handy ) and ask for their fraud dept. Put a lock on all new credit issuance without written approval so that a fraud alert is placed on your credit report. Also, ask them for a free copy of your current report and review it carefully. They should provide this at no charge. I think if you are subject to fraud, you can get future reports at no charge. They are going to try and sell you a service... thats a personal call. If yer gonna be lazy agout this, get the service, if not... don't. My advice is as a beginner and I am sure other here will have other steps for you to follow. BE DILEGENT!! If you let this have the potential to grow, it can haunt you for years and many 1000's of $ worth trying to clean it up.

I appreciate your comments and concern. I am calling the bank tomorrow. This just happened last week so hopefully I can catch it before any real damage is done.

But I still don't know what to do about my screen going blank all of a sudden. I can be on any web page, or even just sorting my files and not even on the internet, and all of a sudden my screen will go blank like I described above and I end up having to turn power strip off and back on to reboot. I don't know what to do. I ran the CCleaner and also my SpyBot S&D and deleted bad files found, but it just did it again before I came to this page tonite. If someone can tell me what I can do about this, I sure would appreciate it!

Thanks for your advice davidf!
meancat

Run through this, if there is still a problem post a HJT log in the appropriate forum. http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

I have seen these type of fraud accounts setup. They look very convincing to an average user, I hope they are busted soon and hauled off to jail.

Arenlor,
I followed the steps and am still having problem with screen going blank. Ran another HiJackThis and am pasting report below. I do not know what you mean by "the appropriate forum" I am not sure which forum I should post this report. So because of the conn problems I'm having, will post here and hope you can offer some advice.

Thank you very much.

Logfile of HijackThis v1.99.1
Scan saved at 7:19:00 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

HJT Log deleted - Ikeb

Please refer to http://wiki.castlecops.com/MRP and follow the procedure to check for malware. The procedure includes instructions as to how to post a HJT log if still required.

OK I admit it freely, I am computer-ignorant. But I followed your directions and it merely said to "post to the appropriate forum." My question is, what exactly is "the appropriate forum?" I am new to this site and was hoping for a little help.

Thank you. You are correct, I did follow all the other steps but did not see that I needed to click the Link to read what to do next. Chalk it up to panic and inexperience!

Sorry bout that. I will post a new topic on the HJT forum.