Although I found a very lengthy tutorial on the web to get rid of it. It didn't work for me so eventually I put my paid program on their computer and it got it i hope! Although I did have to manually delete the folder too.

I think it goes hand in hand/bundled with WinAntiVirus? in this case anyway, so I had removed that too before starting and I don't know which combination actually caused it to work.

My suggested method update all Spybot/Adware Libraries then get offline

offline..
remove WinAntiVirus 2005 and WinFixer 2005 through add/remove

run your spybot programmes (if they don't pick it up check your stickymail, I don't want to promote a paid programme even though I have no affiliation) have it fix it

then navigate to the folders and make sure they and everything they contain have gone

If you're brave which I'm not without explicit instructions - remove all registry references to it? (btw if you do this I would appreciate a bit of hand-holding to do the same)

reboot and see what happens..

Disclaimer: everything here apart from the registry tweaks would seem to be harmless even for a hack like me to try but I don't claim this is the authoritative way..

Suzy

Did a little research and this one appears to be a tough one to get rid of. Too bad I can't get to your machine, I love the challenge...

Anyway, since the mods would probably take down the link I found, but there appears to be some good advice on a Dell.com forum.

You might need to run a fairly powerful tool called Hijackthis. It's powerful because you are removing Registry entries directly which stop things from loading automatically. On the down side, a mistake can cook you machine (although you really have to mess up).

Go to your favorite search engine and look for:
Winfixer hijackthis

Like I said, the Dell forum seems to offer good advice.

Alternatively, you can find a hijackthis forum, where experts look at your hijackthis log and walk you through the process.

Good luck, follow directions closely and take your time if you don't understand something (better safe than sorry).

We use Secretmaker, Adaware, Spybot Search & Destroy, McAfee, AOL spyware remover, and about 3 others that I would have to look up. None of them permanently removes ALL the files associated with Winfixer. Many of them reload themselves upon booting up the computer, even though you removed them just prior to shut down.

The one file that I think is the kingpin is (I hope I wrote it correctly cause it's from memory) jkhii.dll You can not rename it, delete it, quarantine it, nothing. We did a system restore to a date 2 weeks before we acquired these files and due to that .dll file, the restore was not successful. We would have to do a complete full computer-back-to-factory-specs restore (again!). We won't be doing this for another few weeks due to current work I'm doing that would take up way too many CDs to copy over.

Now, we also have Virtumonde coming up all over the place. It's ridiculous!