How do you remove winkzink?
I had this issue on a PC running Windows Vista Ultimate SP2.
Winkzink is a MALWARE executable that can embed itself all the way
down into your OS's Registry and can be very tricky to remove but
it's not impossible. Firstly, understand that this infection is
primarily spread via P2P (peer-to-peer) networks with regard to
viewing pirated video content using an installed browser add-on
such as VShare or Zshare. These add-ons allow your browser to
stream the video codecs that are required to view content from
pirate-oriented websites. Be careful when attempting to view
content from a "streaming" website because this is where you step
into dangerous territory while increasing your computer's risk of a
malware infection.
*NOTE: General Anti-Virus programs have a very difficult (if
not, impossible) time detecting and removing this bug. You will get
false negatives but still continue to experience the symptoms of
this bug.
1. Use a clean PC to download Malwarebytes Anti-spyware to a
removable drive (i.e; thumb drive). This is a FREE program that can
be obtained via www.CNET.com/Dowloads. After downloading, DO NOT
open and run the program (because A. You're not on the correct
computer yet, and B. Once you're on the infected machine, you'll
need to update to the latest malware definitions.)
2. Boot up the infected computer into "Safe Mode with
Networking". This will allow the computer to not run any
non-essential programs while still being able to connect to the
internet. (*To run your computer in "Safe Mode", turn it on and
begin pressing the F8 key repeatedly. You'll see a new screen that
shows the Safe Mode options).
*If your computer refuses to boot into SAFE MODE, then the
infection has already approached the proverbial
"point-of-no-return" and you might have no choice but to take it to
a professional technician.
3. Connect your removable drive to your infected computer and
run the Malwarebytes installer that you downloaded previously.
After it quickly installs, it will prompt you to Update the malware
definitions. Click YES. After it has finished doing that, Re-boot
the computer into SAFE MODE (without Networking).
(Safe Mode without Networking is basically the same as SAFE MODE
with Networking except that it doesn't allow internet access. At
this point, you do not want to be connected to the internet because
you don't want the infection to have a chance to connect to any
remote server hosts that might allow it to corrupt the operation of
your computer while you are attempting to get rid of it.)
4. Now that your computer is in SAFE MODE (without
Networking):
A. Go to: CONTROL PANEL à PROGRAMS AND FEATURES (for XP users
it's ADD/REMOVE PROGRAMS)
B. Look for programs called: Vshare and/or Zshare, as well as,
*Complit (*Complit may or may not be there but the other 2 will
almost certainly be there.) Uninstall ALL of them.
C. Open each of the internet browsers that you have (i.e.
Internet Explorer, Firefox, Chrome, etc.) and go into OPTIONS,
ADD-ONS, MANAGE ADD-ONS, then DISABLE and REMOVE the Vshare/Zshare
Add-ons that you find. Close the Brower(s).
5. Run the MALWAREBYTES software that you've now downloaded and
installed (You can find it under ALL PROGRAMS in the START MENU.)
Be sure to FIRST go into the Malwarebytes Settings to tell it Scan
ALL drives (particularly the C Drive). Now let it scan without any
interruption. [Depending on the size of your drive(s) this could
take a while.]
(This scan should actually find at least 1 to 2 infections that
it will automatically Quarantine. You can then tell it to DELETE
the infectious files or to keep them Quarantined (i.e.: existing
but disabled).
6. Re-boot the computer into SAFE MODE with Networking
AT THIS POINT, THE COMPUTER IS EITHER A.) COMPLETELY FREE OF
INFECTION OR, B.) STILL INFECTED- BUT PRIMARILY AT THE COMPUTER'S
REGISTRY LEVEL.
7. Test your internet browser(s): Open it up and do a Search
within the URL field (i.e; DON'T type in "google.com" or
"bing.com". Just perform the search directly within the address
field.) If you are able to perform the search successfully without
winkzink.com appearing in the address field, then your PC is now
clear of the infection -BUT- you'll want to do a few more things to
finish up.
A. Open up your web browser(s) and go to: Tools, OPTIONS,
ADD-ONs, MANAGE ADD-ONs. Make sure that Vshare/Zshare/Complit are
no longer there.
B. Open your web browser(s) and go to: Tools, Internet Options,
Security Tab, Restricted Sites, Sites. Add www.winkzink.com, CLOSE,
APPLY, OK. REBOOT into SAFE MODE (without Networking).
C. Run the Malwarebytes full system scan again. Handle any new
or remaining infections (though there shouldn't be any). REBOOT
into SAFE MODE (with Networking).
D. Perform a Search test in your web browser(s). If your results
are the same as before, you're good to go!
8. If your Search test was unsuccessful and WinkZink.com is
still in the URL field, then it's time to pull out the "big guns"
and rid the machine of the infection at the Registry level. (-This
is only recommended for EXTREMELY EXPERIENCED USERS or Professional
Computer Technicians because the REGISTRY controls how your whole
computer functions!!! One mistake could completely cripple your
machine!!!)
REGISTRY INSTRUCTIONS (Remember: This is ONLY recommended for
EXTREMELY EXPERIENCED USERS or Professional Computer
Technicians!!!)
1. Boot the computer into SAFE MODE without Networking
2. Go to: START, type REGEDIT into Search field, press ENTER.
(For XP Users: Go to: Start, Run, type REGEDIT into field, press
ENTER). This will open up the REGISTRY FILES Screen.
3. Once there, click on EDIT, FIND. Type the word "wink" into
the Find field. (This will scan the entire Registry for any
instances of "Wink", and will also display whatever applications or
operations it's associated with.)
4. Once it finds the instances of "wink", you'll be able to
Delete those Registry keys for good.
5. Now repeat step 3 using the words "zink", "complit", "vshare"
and "zshare". When it finds any keys related to those terms, repeat
step 4.
6. After you're comfortable that you've found every operable key
associated with this infection, re-boot the computer into SAFE MODE
(with Networking).
7. Open an internet browser and perform the Search test.
AT THIS POINT, YOU SHOULD BE GOOD TO GO! However, if the problem
still persists, then it's time to take your computer to a
Professionally Licensed Technician.
GOOD LUCK!