K
Kevin James
After you run Hijackthis send a copy of your log to me too so I can update
AntiPuper if it is a new variant. Send your HJT log to
(e-mail address removed) Also try the detailed manual removal instructions
below.
SpyAxe removal
This tool will remove the Trojan that allowed the software to be installed
on your computer. PSGuard, SpyAxe, WinFixer, etc by themselves are not the
cause of this problem.
http://secured2k.home.comcast.net/tools/AntiPuper.exe If you used this tool
and you are still infected then follow the manual removal steps below.
To manually remove these applications, please Uninstall them properly using
your Control Panel -> Add/Remove Programs applet.
Spyaxe does not contain any malicious code or perform any known malicious
activity; therefore Some antivirus companies like McAfee does not categorize
it as a virus or malware.
Removal Instructions
Boot into Safe Mode with Networking
Shut the computer down so the power is off.
Wait 20 seconds or so.
Turn the computer on and immediately begin pressing the F8 key on the
keyboard once every second repeatedly. Do this until the Windows Startup
Menu appears. If you get a keyboard error, press F1 to resume and then
continue pressing the F8 key once every second.
Select option Safe Mode with Networking, and then press the Enter key on the
keyboard.
Windows will then boot into Safe Mode.
Note: This may take longer than a normal boot.
At the end of the boot process, a dialog box will appear informing you that
Windows is in Safe Mode. Click OK on this dialog box.
Windows is now in Safe Mode.
Once you are in Safe Mode with Networking do the following:
Click Start button
Click Run
Enter the following text: C:\Windows\System32
A window with a list of files will appear.
Delete the following files from the window:
Note: To delete the files single click on the file so it is highlighted and
then press the Delete key on the keyboard to delete.
mssearchnet.exe
mscornet.exe
nvctrl.exe
svchosts.dll
hpA75B.tmp or all the files similar to hpXXXX.tmp where X may be any
character.
Note: If some files do not remove please reboot again and come back to
Safemode with Networking and try removing the files again.
Remove Spyware from Add/Remove Programs
Click on the Start button
Highlight then click on Control Panel. The Control Panel will then appear.
Windows 2000 users - Highlight Settings then click on Control Panel. The
Control Panel will then appear.
Double click on the Add/Remove Programs icon. The Add/Remove Programs
Properties dialog box will then appear.
Locate SpyAxe on the list of installed programs and single click on it so it
is highlighted.
Click the Add/Remove button.
Note: If at any time you are prompted to remove Security Tool, answer Yes To
All.
Delete the Registry Keys
Backup the Registry
Note: For instructions, in how to backup the registry click here
http://www.pcbutts1.com/downloads/regbkup.htm.
Click Start, and then Run.
In the Open field, type regedit. This will open the Registry Editor.
Search for the following entries one by one and delete all the instances of
it from the registry:
Note: To find the entries Click on the Edit menu and click on Find. In the
Find What field, type the name of the entry and click on Find Next. When the
instance is found Press the Delete key on the keyboard to remove this entry.
mssearchnet.exe
mscornet.exe
nvctrl.exe
svchosts.dll
SpyAxe
Svchosts.dll
Close regedit
If you have Windows XP SP2, open Internet Explorer. If you don't have
Windows XP SP2 ignore this step.
Click on Tools
Select Manage Add Ons and click
Select HomePageBHO and disable it
Select and disable Security Update Tool bar from the Add Ons.
Check if SpyAxe folder is present in your computer
Click Start (bottom left corner of your screen)
Click Run
Enter the following text: C:\Program Files
A window with a list of files will appear.
If SpyAxe folder is present, delete it
Reboot
Your computer will start in normal mode and the issue will be resolved.
AntiPuper if it is a new variant. Send your HJT log to
(e-mail address removed) Also try the detailed manual removal instructions
below.
SpyAxe removal
This tool will remove the Trojan that allowed the software to be installed
on your computer. PSGuard, SpyAxe, WinFixer, etc by themselves are not the
cause of this problem.
http://secured2k.home.comcast.net/tools/AntiPuper.exe If you used this tool
and you are still infected then follow the manual removal steps below.
To manually remove these applications, please Uninstall them properly using
your Control Panel -> Add/Remove Programs applet.
Spyaxe does not contain any malicious code or perform any known malicious
activity; therefore Some antivirus companies like McAfee does not categorize
it as a virus or malware.
Removal Instructions
Boot into Safe Mode with Networking
Shut the computer down so the power is off.
Wait 20 seconds or so.
Turn the computer on and immediately begin pressing the F8 key on the
keyboard once every second repeatedly. Do this until the Windows Startup
Menu appears. If you get a keyboard error, press F1 to resume and then
continue pressing the F8 key once every second.
Select option Safe Mode with Networking, and then press the Enter key on the
keyboard.
Windows will then boot into Safe Mode.
Note: This may take longer than a normal boot.
At the end of the boot process, a dialog box will appear informing you that
Windows is in Safe Mode. Click OK on this dialog box.
Windows is now in Safe Mode.
Once you are in Safe Mode with Networking do the following:
Click Start button
Click Run
Enter the following text: C:\Windows\System32
A window with a list of files will appear.
Delete the following files from the window:
Note: To delete the files single click on the file so it is highlighted and
then press the Delete key on the keyboard to delete.
mssearchnet.exe
mscornet.exe
nvctrl.exe
svchosts.dll
hpA75B.tmp or all the files similar to hpXXXX.tmp where X may be any
character.
Note: If some files do not remove please reboot again and come back to
Safemode with Networking and try removing the files again.
Remove Spyware from Add/Remove Programs
Click on the Start button
Highlight then click on Control Panel. The Control Panel will then appear.
Windows 2000 users - Highlight Settings then click on Control Panel. The
Control Panel will then appear.
Double click on the Add/Remove Programs icon. The Add/Remove Programs
Properties dialog box will then appear.
Locate SpyAxe on the list of installed programs and single click on it so it
is highlighted.
Click the Add/Remove button.
Note: If at any time you are prompted to remove Security Tool, answer Yes To
All.
Delete the Registry Keys
Backup the Registry
Note: For instructions, in how to backup the registry click here
http://www.pcbutts1.com/downloads/regbkup.htm.
Click Start, and then Run.
In the Open field, type regedit. This will open the Registry Editor.
Search for the following entries one by one and delete all the instances of
it from the registry:
Note: To find the entries Click on the Edit menu and click on Find. In the
Find What field, type the name of the entry and click on Find Next. When the
instance is found Press the Delete key on the keyboard to remove this entry.
mssearchnet.exe
mscornet.exe
nvctrl.exe
svchosts.dll
SpyAxe
Svchosts.dll
Close regedit
If you have Windows XP SP2, open Internet Explorer. If you don't have
Windows XP SP2 ignore this step.
Click on Tools
Select Manage Add Ons and click
Select HomePageBHO and disable it
Select and disable Security Update Tool bar from the Add Ons.
Check if SpyAxe folder is present in your computer
Click Start (bottom left corner of your screen)
Click Run
Enter the following text: C:\Program Files
A window with a list of files will appear.
If SpyAxe folder is present, delete it
Reboot
Your computer will start in normal mode and the issue will be resolved.