Spyaxe & Superadblocker

[Guest]

Superadblocker did remove Spyaxe, and I got my homepage back.
But ......
(1) the icon on the taskbar saying "Your computer is infected!" is still
there and constantly poping up. Cannot shut it off.
(2) the background/wallpaper to my computer screen is still gone, and the
option to choose a background for my desktop is not working.

Can anyone help?

 

[David H. Lipman]

From: "zatman" <[email protected]>

| Superadblocker did remove Spyaxe, and I got my homepage back.
| But ......
| (1) the icon on the taskbar saying "Your computer is infected!" is still
| there and constantly poping up. Cannot shut it off.
| (2) the background/wallpaper to my computer screen is still gone, and the
| option to choose a background for my desktop is not working.
|
| Can anyone help?



Two part reply..

Perform Part 1 then perform Part 2.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0, then
you are are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp




Use the alternate if the first two parts are ineffective...
Note: Alternate only for Win2K, WinXP and Win2003 Server

Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.

Alternate:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

* * * Please report back your results * * *

 

[Julie Armstrong]

You are still infected. Use this automated removal tool it has just been
updated to catch the new variant.

AntiPuper v1.1 by secured2k
http://secured2k.home.comcast.net/tools/AntiPuper.exe

This tool will attempt to delete several known Trojan files. These files are
modified by the malware authors and encrypted to avoid detection.
Fortunately, many of these tend to use the exact same file names. If the
files are in use, locked, protected, etc, this program will schedule Windows
to remove the files upon restarting.

This program will also remove some common security policies that are changed
by viruses and worms. Policies that lock out your desktop changes, windows
update, Windows Firewall, Explorer Run policies, Registry editing, and more
are all reset.

The tool only unlocks the ability to change or disable the desktop
background image or active web desktop background. You will need to manually
change your desktop background.

Go to Control Panel > Display > Desktop Tab > Customize Desktop > Web Tab.
If you see any entries that are checked, uncheck them. Click OK. If you want
to change the desktop background, do so now. Click OK.

 

[Guest]

Thanks for the quick reply, David.
That sounds like a lot of work, and somewhat complex.
I will keep your suggestions in mind.
I hope someone will post a simpler method. If not, I might try your
suggestion.

David, did U have the same/similar problem, or are U speaking from expertise?

Anyone out there had the same problem and was able to successfully remove
the problem and retrieve all their original settings?

Some help would be appreciated.

 

[nskrepetos]

Superadblocker did remove Spyaxe, and I got my homepage back.
But ......
(1) the icon on the taskbar saying "Your computer is infected!" is still
there and constantly poping up. Cannot shut it off.
(2) the background/wallpaper to my computer screen is still gone, and the
option to choose a background for my desktop is not working.

Can anyone help?

Hello,

Did you perform the scan in Safe Mode? If not, you should do the scan
again with Super Ad Blocker in Safe Mode. If that does not solve the
problem, I will have you submit a diagnostic and we can find out what
is going on.

Nick Skrepetos
SuperAdBlocker.com
http://www.superadblocker.com

SUPERFileRecover - Recover Deleted Files
http://www.superfilerecover.com

 

[Leythos]

NNTP-Posting-Host: ppp-69-237-53-123.dsl.bkfd14.pacbell.net 69.237.53.123

Why do you even bother posting someone else's information. I've not seen
a single original work from you yet. With David and a few others posting
for almost every malware that can be found, and you constantly morphing
for some unknown reason, you're not really helping anyone.

 

[David H. Lipman]

From: "zatman" <[email protected]>

| Thanks for the quick reply, David.
| That sounds like a lot of work, and somewhat complex.
| I will keep your suggestions in mind.
| I hope someone will post a simpler method. If not, I might try your
| suggestion.
|
| David, did U have the same/similar problem, or are U speaking from expertise?
|
| Anyone out there had the same problem and was able to successfully remove
| the problem and retrieve all their original settings?
|
| Some help would be appreciated.

I'm speaking from expertise.

The following tool was written by me.
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Haven't you ever heard that an ounce of prevention is wortyh a pound of cure ?

It is easier to prevent being indfected with malware then cleaing it up. There are no *easy
fixes". You have to work at them.

Either that or bring the PC to a local, reputable, PC repaire shop and pay them to remove
malware.

 

[David H. Lipman]

From: "David H. Lipman" <[email protected]>


|
| I'm speaking from expertise.
|
| The following tool was written by me.
| http://www.ik-cs.com/programs/virtools/SmitFraud.exe
|
| Haven't you ever heard that an ounce of prevention is wortyh a pound of cure ?
|
| It is easier to prevent being indfected with malware then cleaing it up. There are no
| *easy fixes". You have to work at them.
|
| Either that or bring the PC to a local, reputable, PC repaire shop and pay them to remove
| malware.
|

I wish I could repair my own spelling errors
{ sigh }

 

[Wayne Redick]

I got hit with Spyaxe and its Trojan cohort 2 days ago.I tried manual and
other removals to no avail.Finally tried this:
http://www.infopackets.com/channels...051220_remove_spyaxe_removal_instructions.htm

It involved a few Demo downloads of Spyware and Malware scanning programs
but it cured my PC with WinXP running.Follow the directions closely.
Been running smoothely and all the System32 registeries are clean now of
Spyaxe foolishness.All needs links to demo programs are included also on
that site.

Hope this helps
WKR
ps- smitrem and not smitfraud should be used.

 

[David H. Lipman]

From: "Wayne Redick" <[email protected]>

| I got hit with Spyaxe and its Trojan cohort 2 days ago.I tried manual and
| other removals to no avail.Finally tried this:
|
http://www.infopackets.com/channels...051220_remove_spyaxe_removal_instructions.htm
|
| It involved a few Demo downloads of Spyware and Malware scanning programs
| but it cured my PC with WinXP running.Follow the directions closely.
| Been running smoothely and all the System32 registeries are clean now of
| Spyaxe foolishness.All needs links to demo programs are included also on
| that site.
|
| Hope this helps
| WKR
| ps- smitrem and not smitfraud should be used.



SmitRem is Dave's (aka; noahdfear) ustility

SmitFraud.exe is MY utility. It does work and does more that noahdfear's utility due to the
inclusion of the McAfee AV command line scanner. It also works differently thatn the other
so the cumulative effect is greater than either singular tool.

BOTH should be used.

 

[maitre]

Hi,
This site could help you:
http://www40.brinkster.com/spyaxe/spyaxe-info.asp


thanks Maitre