We've had two customers in the last couple of weeks who have fallen prey to a particularly aggressive piece of bogus software known as Winfixer. WinFixer - is a bogus antispyware and spam blocking application that attempts to market itself by surreptitiously installing adware on the user's PC. This adware aggressively and incessantly displays popup notifications in an attempt to convince the user that something (other than its own existence) may be amiss with the computer. The problem is typically initiated via a popup ad displayed during a visit to a distributing web site. Reports suggest that this initial popup is constructed such that any attempt to dismiss it (including clicking the 'X' in the upper right-hand corner) actually causes the adware to be installed on the workstation. From this point on, WinFixer popups are launched from the PC itself. Because of the intricate way in which the adware insinuates itself into its host (including making dozens of registry edits), successful removal is a tedious, manual process. When running, it can be found in Windows Task Manager and stopped, but before long it will start up again.
Ultimately what this piece of malware is trying to do is to tempt you into registering the software for $49.99 in order to "fix" the problems your PC is experiencing (which are caused by Winfixer). Needless to say, after registering the product, nothing much changes - you've just been conned out of $49.99. Indeed it may not end there. There are unconfirmed reports that the credit card that you used to purchase the subscription may be compromised and may be subject to unauthorized use and that the operation works out of the Ukraine, though neither of my customers reported this happening to them.
If you come across Winfixer on your PC, DO NOT buy the subscription - get a reputable anti-spyware program and let it try to deal with it, but be warned that many anti-spyware programs have difficulty completely removing it and pop-ups may still occur. If in doubt, contact us here at PC Medic.