SpyAxe & Related Smitfraud Trojans

[Dave M]

There has been a large number of reports of SpyAxe and Smitfraud recently. Why
wait for your machine to become infected?

Microsoft/Windows Security Updates made available on December 13th helps prevent
this Trojan installation. Update now.

If you have a current SpyAxe infection, it should be removed first, then
followed with an immediate Security Update with all missing Security updates
found. Following that update, you should not be subject to SpyAxe again. Be
good to yourself, take some pro-active measures today.

 

[Guest]

Well said Dave ;-)

Engel

 

[Guest]

Dave, I have MSAS Version 1.0.701, with Definition Version 5787 installed and
I still got SpyAxe and mssearchnet on my computer - did NOT protect me. I
updated to 5787 yesterday afternoon and got SpyAxe and mssearchnet this
afternoon - go figure!

 

[Dave M]

Huh?

I said nothing in my OP about MSAS updates or upgrades. This thread is about
Windows Critical Security Updates usually available the second Tuesday of each
Month, and as recently as December 13th. Are you up to date on ALL Windows
Security Updates? Let's try this link... not sure if it's going to work.

%SystemRoot%\system32\wupdmgr.exe

 

[Guest]

Yes - I am on automatic update for Windows - plus I check a couple times per
week - and I have no critical updates pending - my last update was Tuesday,
December 13. Sorry I misunderstood - but I AM up to date there too and
still got SpyAxe and mssearchnet. Wonder why?

 

[Guest]

Hello John,
Might want to read the notes:
http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

Engel

 

[Dave M]

Automatic downloads with automated installation, right?

Perhaps the author modified the distribution/installation mechanism to avoid the
Dec 13th Ms patches by now... I'm speculating John, but they've had two weeks or
so to work on getting past it. Good report. I'd take this directly to
Microsoft if your having those problems on a fully patched system. I think
they'd be interested in hearing what happened.

If you are in the U.S. or Canada, you can call Microsoft Product Support
Services (PSS) at 1-866-pcsafety for help with removal issues or problems
related to security patches. Tell them you're using MSAS as well as being fully
patched. Notice also, that the new zero day WMF exploit installs a
Smitfraud-like infection, although I don't particularly think that's what hit
you.

 

[Guest]

Right, Dave - automatic downloads with automated installation - also, I am
running (all are up to date) MSAS, Spybot S&D, Lavasoft Adaware,
SpywareBlaster, WinPatrol Plus, AND I run AVG "Pay"Antivirus and ZoneAlarm
Firewall. I THINK I got infected because of a movie download site I visited
- against my better judgement. So, it probably was my own fault - but I
finally succeeded in getting rid of the infection - thanks mainly to my
installed AntiSpyware programs installed at the time of infection. Took me
three hours, but they appear to be gone. Thanks for your input - it was
helpful.

 

[Dave M]

John, here's the reference that lead to my original post about the need to
update Critical Security Updates... this, and all the reports we are getting of
SpyAxe being installed. There's removal information here as well :

http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3

 

[Dave M]

Hi John;

Here's something else you should take a look at. Are you current on Sun Java
(JRE 5.0 update 6):

Your first line of defense against contracting a Smitfraud infection is to
obtain all Windows Security Updates in a timely manner and to obtain the most
recent version of the Sun Java Platform which is JRE 5.0 Update 6. All previous
versions of the Sun Java Platform should be uninstalled because some are known
to contain security vulnerabilities, especially Java 2 Runtime Environment, SE
v1.4.2_03. An active and updated antivirus program and firewall is a must. It is
also a good idea to take preventative security measures by installing programs
such as SpywareBlaster, IESpyAds and the MVPS host file.
http://castlecops.com/article-6430--0-0.html

JRE version can be checked in Control Panel > Add/Remove
All previous versions of Java should be removed once you have updated to the
latest release level.