Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
theres a problem with spyware.
its called spyaxe. i dunno how to delete it. it also auto-downloaded a "security toolbar" that gives you a "remove spyware, delete adware, block popups, spam protection, and restore homepage" buttons. its very annoying. it doesnt even do anything. it just advertises SpyAxe. HELP!
SpyAxe
http://www.spywarewarrior.com/rogue_anti-spyware.htm==========================================
Download HiJackThis, install & run to get a log file. Don't fix anything.
You then post the log file at the site provided below & it will tell you what to fix.
http://www.merijn.org/downloads.html
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://tomcoyote.com/hjt/
http://www.zerosrealm.com/downloads/hjt.zipHijackThis log file analysis & repair ( online )
http://hijackthis.de/index.php?langselect=english
Or,
http://hjt.iamnotageek.com/========================================
http://www.google.com.au/search?hl=en&q=SpyAxe&btnG=Google+Search&meta=
0 
Try this download killbox from the list of tools at this link http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41 to the desktop.
Then download ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.Run this last, after everything below.
Reboot into
Boot into Safe Mode.
Double-click on Killbox.exe to run it.
Now put a tick by "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.C:\WINDOWS\System32\svchosts.dll
C:\Program Files\Spyaxe\spyaxe.exe
Exit Killbox
Then while still in safe mode navigate to and delete this folder if found: C:\Programs Files\Spyaxe
0
Hello
I have worked for 1 day to delete this spyaxe problem and still cannot.The virus alert icon is gone but still receiving pop ups and cannot get to my homepage while clicking IE.
Greetings
0
Spyaxe is a corrupt antispyware tool. Try to post your Hijackthis logs in the spyware related forums:
spywarewarrior.com
2-spyware.com
0
Help me please
Logfile of HijackThis v1.99.1
Scan saved at 5:51:17 PM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.exe
C:\Program Files\BrightEcho\LanRoad PPPoE Client\LanRoadDialupE.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spyware Nuker 2004\SWN2.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp2B83.tmp
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)
O4 - HKLM\..\Run: [LanRoadPPPoE] C:\Program Files\BrightEcho\LanRoad PPPoE Client\LanRoadDialupE.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E52091EA-57B4-48A1-95BE-8E877B05EC66}: NameServer = 203.144.207.49 203.144.207.29
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
0
1. Backup any important files in the account that the spyaxe message is in.
2. Uninstall spyaxe from the account it is attacking.
3. Boot into the administrator account in safe mode. The spyaxe message should not come up in this account.
4. Go to user accounts in the control panel and create a new account. This account will have all new and clean system files.
5. Reboot to the new account and make sure you don't get the spyaxe message.
6. Copy your important files to the new account.
7. Go to user accounts in the control panel and remove the infected account.This worked perfectly in my pc. Good luck
0
After I followed the 7 steps in my first reply, I still got the website www.yoursystemupdate.com, a spyware warning page giving advice to download spyaxe or other so-called spyware removers, instead of my homepage that should come up. If I typed in a page to go to, I had no problem getting there. I then downloaded and installed Mozilla Firefox. During installation, I did not import anything from internet explorer. Now when I open Firefox, It accepts my homepage and I get no spyware alerts. The spyaxe alert must corrupt Internet Explorer.
0
Here are some links that may help.
http://www.2-spyware.com/remove-spyaxe.html
http://www.spywaredb.com/remove-spyaxe/
Other programs to remove SpyAxe:
• eTrust Pestpatrol - Review - Tutorial - Download
http://www.2-spyware.com/review-etrust-pestpatrol.html
• SpyHunter - Review - Tutorial - Download
http://www.2-spyware.com/article-spyhunter-tutorial.html
0
noahdfear.geekstogo.com
this is the place for the spyaxe fix. I was infected on Tuesday...nothing worked to remove it until I came across this site. It's a free download and simple to run...good step by step directions. My box has been perfect for 3 days straight. Also, ewido security suite is excellent to run after the noahdfear procedure. Get the 14 day free trial copy to start and see what you think.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
