Re: Spy Axe
- From: DennyG <DennyG@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 05:03:22 -0800
Dave can this work
I have been smitten . . . Although MS Antispyware Beta1 has detectected this
PITA malware it has not been able to remove it.
Thanks to MS Anti Spyware Beta 1 tools, I have been albe to identify all of
the Registry keys where it does exists in my Registry. Can I just go to
REGEDIT in safemode and delete them without doing any harm.
I have read and printed all of the other suggestions but they seem so
involved.
Here is the list;
Spyware Scan Details
Start Date: 12/13/2005 2:00:19 AM
End Date: 12/13/2005 2:07:53 AM
Total Time: 7 mins 34 secs
Detected Threats
SpyAxe Potentially Unwanted Software more information...
Details: SpyAxe is an antivirus/antispyware program confirmed to be
installed via Trojan Exploit on some websites. In addition to the application
itself, a toolbar may be installed as well.
Status: Quarantined
High threat - High-risk items have a large potential for harm, such as loss
of computer control, and should be removed unless knowingly installed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\rNrbzZvPyd
FRROq_bvYOS@ekPzrGs@qsZ~[]w
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\yhqvezzchizG
UEYsCvGtSyW]yxVMfB
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F} PSFactoryBuffer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyAxe
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe DisplayName SpyAxe 3.0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe UninstallString C:\Program Files\SpyAxe\uninst.exe
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe DisplayIcon C:\Program Files\SpyAxe\spyaxe.exe
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe DisplayVersion 3.0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe NSIS:StartMenuDir SpyAxe
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\fuqiG
aqeKCG]eDgd{~DiF
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe URLInfoAbout http://www.spyaxe.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SpyAxe Publisher SpyAxe
HKEY_LOCAL_MACHINE\Software\SpyAxe
HKEY_LOCAL_MACHINE\Software\SpyAxe ref 100064
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\gcwvhfkxjkZ
xtfk_yqplgtCb\[eNNkP@z
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\InprocServer32 C:\WINDOWS\system32\els.dll
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\iqhXv
hbAUre~AVZ{R}mIW
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\lOPmamTtw
^x[PsLYxMQtc{v|Zj`t
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\PdwUXijhKmsku
``IwUYyRmOpxWBsxWKJf}
HKEY_CLASSES_ROOT\clsid\{957BAB51-81FF-8195-F273-D7E286EA702F}\qsJdZTmtD
AHE\^cC[TuGKlrTqqLxINl
Detected Spyware Cookies
No spyware cookies were found during this scan.
--
Long ago when men cursed and beat the ground
with sticks, it was called witchcraft..
Today, it''s called golf
Was this post helpful to you?
"David H. Lipman" wrote:
> From: "Alan" <alan111@xxxxxxxxxxxx>
>
> | Hi,
> | I've been infected by a program called Spy Axe which is telling me that I
> | have dangerous malware on my system. Its a New Zealand based company whose
> | Web Page looks quite legitimate.
> | I have both Webroot Spy Sweeper and Microsoft Anti Spyware running and they
> | are finding nothing. There is an icon on my bottom toolbar which flashes and
> | gives the message in a balloon. If I close this balloon down, it pops up
> | again within five seconds.
> | I've tried everything I know to get rid of it without success. This scum
> | company is effectively blackmailing me into buying their product which I
> | will not do, I'll reinstall Windows or buy a new computer before I give this
> | scum one penny. I cant be the only one with this, anyone have any ideas how
> | to get rid of it?
> | Regards,
> | Alan.
> |
>
> Two part reply...
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before performing another scan.
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
.
- Follow-Ups:
- Re: Spy Axe
- From: David H. Lipman
- Re: Spy Axe
- References:
- Spy Axe
- From: Alan
- Re: Spy Axe
- From: David H. Lipman
- Spy Axe
- Prev by Date: No Task Manager
- Next by Date: RE: Runtime Error
- Previous by thread: Re: Spy Axe
- Next by thread: Re: Spy Axe
- Index(es):
Relevant Pages
|
