StopBadware

StopBadware Report

Click here to return to the reports page

WinFixer 2005, WinFixer 2006

We find that WinFixer 2005 and WinFixer 2006 are badware because they do not provide users with their licensing agreements during installation, they make exaggerated claims of "severe system threats" to the user's computer, and do not disclose that they will automatically launch whenever the user starts Windows. In addition, WinFixer 2005 installs a possible rootkit.

We currently recommend that users do not install the version of WinFixer that we tested, unless the user is comfortable with the level of risk we identify or until the application is updated consistent with the recommendations in this report.


OVERALL RATING

Badware Behavior
No license agreement or prompts during installation (Deceptive Installation)
Contains a possible rootkit (Deceptive Identification)
Makes exaggerated claims of "Severe System Threats" (Deceptive Functionality)
Launches automatically after reboot and scans computer (Interferes with Computer Use)

Bad or Undisclosed Behavior

No license agreement or prompts during installation

Adequate disclosure of user rights should be made in the license agreement and also in a clear human readable fashion during the install process. Licenses are terms can be found on the producer's website but not at all during the installation process. This becomes especially troublesome when WinFixer is downloaded from a third party.

Contains a possible rootkit

The 2005 version of WinFixer contains a component, df_kmd.sys, which several badware analysis websites label as a rootkit, or parasite. Rootkits may be being used to disguise an application from detection, making it difficult for a user to remove it.

Makes exaggerated claims of "Severe System Threats"

During a typical first installation, WinFixer claimed to find roughly one thousand "Severe System Threats," even though it was scanning a brand-new installation of Windows. Based on information provided by the application, it seems unlikely that most of these "severe system threats" were actually severe system threats, and it is possible that WinFixer greatly exaggerated the scope of the problem in order to increase sales of the full version of its application.

WinFixer 2005 actually provided some information on which files and components it considered severe threats. These included components that were benign (such as temporary internet files and cookies) or even beneficial. For example, WinFixer 2005 claimed that registry keys related to a legitimate research and debugging tool (HijackThis) were "spyware" and marked them as a "critical system threat." While we realize that all such claims are subjective and open to discussion, it seems likely that HijackThis was targetted because HijackThis is often used to diagnose and remove WinFixer. WinFixer 2006 no longer provides any information to the user about the nature of the "severe threats" on their computer, so it is impossible to tell whether any of the claimed threats are valid.

The same WinFixer screen that tells users that they have numerous "Severe System Threats" (or errors) also warns them that if they do not fix the system immediately the errors will "very likely create further problems" such as "lost documents and profile settings," "physical data loss," "system not starting up," and "system slowdowns, crashes and freezes." With WinFixer 2006, this screen appears not only when users start Windows or run WinFixer, but also when they attempt to shut down or restart their computer. In this latter case, WinFixer 2006 displays a dialog box stating that "shutdown is NOT recommended" due to numerous "severe system errors." According to WinFixer 2006, shutting down the computer "while it has errors in the registry database or file system ... is very likely [to cause] further problems." Since the test systems we installed WinFixer on were clean, non-badware-infected test profiles, these claims are highly unlikely.

Launches automatically after reboot and scans computer

The application does not disclose to the user that WinFixer will run each time at startup. This means that each time the user restarts her computer, a screen will pop up claiming to have identified a variety of "severe system threats" and urging her to purchase the complete version of WinFixer. Moreover, WinFixer 2006 also runs whenever the user attempts to shut down or restart her computer, warning her that shutting down the computer is "very likely" to result in further problems. These actions will continue to occur unless the user disables this option or, in the case of the shutdown pop-up, unless the user exits WinFixer 2006 in the system tray.

Recommendations

We recommend that WinFixer do the following:

Provide licensing agreements to users during installation and disclose that WinFixer will automatically launch when Windows restarts and, in the case of WinFixer 2006, at shutdown.
Do not exaggerate claims of "severe system threats" by flagging benign or beneficial files or components.
Do not install rootkits or any other form of malicious software.

For more information, visit www.stopbadware.org.

REPORT INFORMATION

APPLICATION INFORMATION

SELF-IDENTIFICATION
WinFixer's full name is "WinFixer," followed by a version year of 2005 or 2006. It advertises itself as "the ultimate solution that safeguards your system by cleaning the Windows registry, fixing damaged files, running disk cleanup and detecting hard drive errors. Winfixer protects your system against potential damages and problems, ensuring its optimal performance."

PRODUCER
winfixer.com does not publish any information about the producers of WinFixer. The winfixer.com domain is registered in Kiev, Ukraine.

OBTAINED
We obtained WinFixer 2005 from http://download.winfixer.com/ files/ Trial/ 2523/ WinFixer2005TrialSetup.exe and WinFixer 2006 from http:// download.winfixer.com/ files/ WinFixer2006FreeSetup.exe.

BUNDLING
The version of WinFixer we downloaded from the above URL is not bundled with other software.