How do you remove winkzink?

Answer 1

I had this issue on a PC running Windows Vista Ultimate SP2. Winkzink is a MALWARE executable that can embed itself all the way down into your OS's Registry and can be very tricky to remove but it's not impossible. Firstly, understand that this infection is primarily spread via P2P (peer-to-peer) networks with regard to viewing pirated video content using an installed browser add-on such as VShare or Zshare. These add-ons allow your browser to stream the video codecs that are required to view content from pirate-oriented websites. Be careful when attempting to view content from a "streaming" website because this is where you step into dangerous territory while increasing your computer's risk of a malware infection.

*NOTE: General Anti-Virus programs have a very difficult (if not, impossible) time detecting and removing this bug. You will get false negatives but still continue to experience the symptoms of this bug.

1. Use a clean PC to download Malwarebytes Anti-spyware to a removable drive (i.e; thumb drive). This is a FREE program that can be obtained via www.CNET.com/Dowloads. After downloading, DO NOT open and run the program (because A. You're not on the correct computer yet, and B. Once you're on the infected machine, you'll need to update to the latest malware definitions.)

2. Boot up the infected computer into "Safe Mode with Networking". This will allow the computer to not run any non-essential programs while still being able to connect to the internet. (*To run your computer in "Safe Mode", turn it on and begin pressing the F8 key repeatedly. You'll see a new screen that shows the Safe Mode options).

*If your computer refuses to boot into SAFE MODE, then the infection has already approached the proverbial "point-of-no-return" and you might have no choice but to take it to a professional technician.

3. Connect your removable drive to your infected computer and run the Malwarebytes installer that you downloaded previously. After it quickly installs, it will prompt you to Update the malware definitions. Click YES. After it has finished doing that, Re-boot the computer into SAFE MODE (without Networking).

(Safe Mode without Networking is basically the same as SAFE MODE with Networking except that it doesn't allow internet access. At this point, you do not want to be connected to the internet because you don't want the infection to have a chance to connect to any remote server hosts that might allow it to corrupt the operation of your computer while you are attempting to get rid of it.)

4. Now that your computer is in SAFE MODE (without Networking):

A. Go to: CONTROL PANEL à PROGRAMS AND FEATURES (for XP users it's ADD/REMOVE PROGRAMS)

B. Look for programs called: Vshare and/or Zshare, as well as, *Complit (*Complit may or may not be there but the other 2 will almost certainly be there.) Uninstall ALL of them.

C. Open each of the internet browsers that you have (i.e. Internet Explorer, Firefox, Chrome, etc.) and go into OPTIONS, ADD-ONS, MANAGE ADD-ONS, then DISABLE and REMOVE the Vshare/Zshare Add-ons that you find. Close the Brower(s).

5. Run the MALWAREBYTES software that you've now downloaded and installed (You can find it under ALL PROGRAMS in the START MENU.) Be sure to FIRST go into the Malwarebytes Settings to tell it Scan ALL drives (particularly the C Drive). Now let it scan without any interruption. [Depending on the size of your drive(s) this could take a while.]

(This scan should actually find at least 1 to 2 infections that it will automatically Quarantine. You can then tell it to DELETE the infectious files or to keep them Quarantined (i.e.: existing but disabled).

6. Re-boot the computer into SAFE MODE with Networking

AT THIS POINT, THE COMPUTER IS EITHER A.) COMPLETELY FREE OF INFECTION OR, B.) STILL INFECTED- BUT PRIMARILY AT THE COMPUTER'S REGISTRY LEVEL.

7. Test your internet browser(s): Open it up and do a Search within the URL field (i.e; DON'T type in "Google.com" or "bing.com". Just perform the search directly within the address field.) If you are able to perform the search successfully without winkzink.com appearing in the address field, then your PC is now clear of the infection -BUT- you'll want to do a few more things to finish up.

A. Open up your web browser(s) and go to: Tools, OPTIONS, ADD-ONs, MANAGE ADD-ONs. Make sure that Vshare/Zshare/Complit are no longer there.

B. Open your web browser(s) and go to: Tools, Internet Options, Security Tab, Restricted Sites, Sites. Add www.winkzink.com, CLOSE, APPLY, OK. REBOOT into SAFE MODE (without Networking).

C. Run the Malwarebytes full system scan again. Handle any new or remaining infections (though there shouldn't be any). REBOOT into SAFE MODE (with Networking).

D. Perform a Search test in your web browser(s). If your results are the same as before, you're good to go!

8. If your Search test was unsuccessful and WinkZink.com is still in the URL field, then it's time to pull out the "big guns" and rid the machine of the infection at the Registry level. (-This is only recommended for EXTREMELY EXPERIENCED USERS or Professional Computer Technicians because the REGISTRY controls how your whole computer functions!!! One mistake could completely cripple your machine!!!)

REGISTRY INSTRUCTIONS (Remember: This is ONLY recommended for EXTREMELY EXPERIENCED USERS or Professional Computer Technicians!!!)

1. Boot the computer into SAFE MODE without Networking

2. Go to: START, type REGEDIT into Search field, press ENTER. (For XP Users: Go to: Start, Run, type REGEDIT into field, press ENTER). This will open up the REGISTRY FILES Screen.

3. Once there, click on EDIT, FIND. Type the word "wink" into the Find field. (This will scan the entire Registry for any instances of "Wink", and will also display whatever applications or operations it's associated with.)

4. Once it finds the instances of "wink", you'll be able to Delete those Registry keys for good.

5. Now repeat step 3 using the words "zink", "complit", "vshare" and "zshare". When it finds any keys related to those terms, repeat step 4.

6. After you're comfortable that you've found every operable key associated with this infection, re-boot the computer into SAFE MODE (with Networking).

7. Open an internet browser and perform the Search test.

AT THIS POINT, YOU SHOULD BE GOOD TO GO! However, if the problem still persists, then it's time to take your computer to a Professionally Licensed Technician.

GOOD LUCK!