Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > SpyAxe Removal

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

SpyAxe Removal

Reply to Message Icon

Name: amigo72 (by bongkph)
Date: December 19, 2005 at 00:21:34 Pacific
OS: winxp
CPU/Ram: 512
Comment:

Spyaxe Removal tools is already available for download, created by noahdfear. For download instruction please visit:
http://www.precisesecurity.com/adware-spy/awsax-008dec.htm



Sponsored Link
Ads by Google

Response Number 1
Name: Bob (by BigBob)
Date: December 19, 2005 at 04:19:53 Pacific
Reply:

Here is another link for you
SpyAxe Removal

" You're only as safe as your last update "


0

Response Number 2
Name: andy1
Date: December 19, 2005 at 12:03:03 Pacific
Reply:

here is another useful source for dealing with SpyAxe Removal


0

Response Number 3
Name: Robbo
Date: December 20, 2005 at 08:01:51 Pacific
Reply:

Spyware Doctor removes Spy Axe completely.

You need to purchase it, unfortunately, but it appears to be a solid antispyware program--at least to me.

rob


0

Response Number 4
Name: paul3
Date: December 21, 2005 at 00:10:16 Pacific
Reply:

noahdfear offers really a necessary tool for spyaxe removal


0

Response Number 5
Name: ugnius
Date: December 21, 2005 at 02:53:54 Pacific
Reply:

Here is the latest news regarding Spyaxe
Updated almost everyday.


0

Related Posts

See More



Response Number 6
Name: shawn decker
Date: December 26, 2005 at 19:39:46 Pacific
Reply:

Spyware sucks, and so does the scum that generates it.After I fell victum to the crap Spyaxe hijacked onto my computer, it took me hours to just get back onto my homepage which was hijacked as well. It amazes me that there are so many low watt people out there actually buying their software to remove the @#$%! THEY put on your computer without permission! For those people, I have a bridge for sale, good price! Even the latest antivirus/spam software doesn't recognize these attacks. That will soon change. For now, I had success with the "reboot in safe mode" approach. Just press the F8 key during start up, boot in safe mode, and locate the mssearchnet and nvctrl exe's in your system 32 folder. Delete them here and also delete them out of your recycle bin. Then restart in normal mode. Simple enough, something I will definitely remember. I'm sure I'm not alone in saying that I hate trying to end a process in task manager that will not die or let you delete it. This way worked for me. Thanks and good luck!


0

Response Number 7
Name: jackhenryiv
Date: December 27, 2005 at 10:45:27 Pacific
Reply:

Hey guys,

Any idea of Spyaxe's 30 day return policy? I emailed a couple people and of course their isn't a phone number. I got so scared that my computer was going to get messed up I bought the software. They're clever little b---tards, but b---tards none the less. I called my credit card company, but they can't cancel the charge, I have to post a claim in a few days and see what happens. Any advice for getting my 50 bucks back. I know I'm a complete fool, but seriously, what a bunch of dicks.


0

Response Number 8
Name: uniqueshadow08
Date: December 27, 2005 at 21:24:43 Pacific
Reply:


hey may someone help me with this please :( tell me what to do i get the message doskbdlv.exe will not run because ace.dll was not found reinstalling it may fix the problem i ran a hijack report please someone tell me what to do ....... this report was in safe mode... please email me telling me what today please thankyou ..... my email is xboxshadow@hotmail.com

Logfile of HijackThis v1.99.1
Scan saved at 12:21:35 AM, on 12/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.exe
C:\Documents and Settings\sam stephens\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\System32\awtss.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [ANLR] C:\WINDOWS\ANLR.exe
O4 - HKLM\..\Run: [cczskczj] C:\WINDOWS\cfrxrpcq.exe
O4 - HKLM\..\Run: [BLVSNH] C:\WINDOWS\BLVSNH.exe
O4 - HKLM\..\Run: [HKRXEYBI] C:\WINDOWS\HKRXEYBI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zkyA] C:\documents and settings\sam stephens\local settings\temp\zkyA.exe
O4 - HKLM\..\Run: [uUk7RR01] C:\documents and settings\sam stephens\local settings\temp\uUk7RR01.exe
O4 - HKLM\..\Run: [wLR] C:\documents and settings\sam stephens\local settings\temp\wLR.exe
O4 - HKLM\..\Run: [msc] C:\WINDOWS\System32\Microsoft.NET
O4 - HKLM\..\Run: [hjrxbxt] C:\WINDOWS\System32\xowwcou.exe r
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [gws6RfJtg] adpctr.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [routetab] C:\WINDOWS\System32\routetab.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.exe" /boot
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109380586546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtss - C:\WINDOWS\System32\awtss.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: UC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\SAMSTE~1\LOCALS~1\Temp\UC.exe
O23 - Service: VZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\SAMSTE~1\LOCALS~1\Temp\VZ.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)



0

Response Number 9
Name: uniqueshadow08
Date: December 27, 2005 at 21:25:29 Pacific
Reply:


hey may someone help me with this please :( tell me what to do i get the message doskbdlv.exe will not run because ace.dll was not found reinstalling it may fix the problem i ran a hijack report please someone tell me what to do ....... this report was in safe mode... please email me telling me what today please thankyou ..... my email is xboxshadow@hotmail.com

Logfile of HijackThis v1.99.1
Scan saved at 12:21:35 AM, on 12/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.exe
C:\Documents and Settings\sam stephens\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\System32\awtss.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [ANLR] C:\WINDOWS\ANLR.exe
O4 - HKLM\..\Run: [cczskczj] C:\WINDOWS\cfrxrpcq.exe
O4 - HKLM\..\Run: [BLVSNH] C:\WINDOWS\BLVSNH.exe
O4 - HKLM\..\Run: [HKRXEYBI] C:\WINDOWS\HKRXEYBI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zkyA] C:\documents and settings\sam stephens\local settings\temp\zkyA.exe
O4 - HKLM\..\Run: [uUk7RR01] C:\documents and settings\sam stephens\local settings\temp\uUk7RR01.exe
O4 - HKLM\..\Run: [wLR] C:\documents and settings\sam stephens\local settings\temp\wLR.exe
O4 - HKLM\..\Run: [msc] C:\WINDOWS\System32\Microsoft.NET
O4 - HKLM\..\Run: [hjrxbxt] C:\WINDOWS\System32\xowwcou.exe r
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [gws6RfJtg] adpctr.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [routetab] C:\WINDOWS\System32\routetab.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.exe" /boot
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109380586546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtss - C:\WINDOWS\System32\awtss.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: UC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\SAMSTE~1\LOCALS~1\Temp\UC.exe
O23 - Service: VZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\SAMSTE~1\LOCALS~1\Temp\VZ.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)



0

Response Number 10
Name: Natz
Date: January 2, 2006 at 14:32:56 Pacific
Reply:

I had been pulling my hair out over this spyaxe thing but have now seemingly got rid of it using this method:


Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


* Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar.If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

from this forum:

http://forums.techguy.org/security/376692-attention-hjt-log-helpers-new-canned-fix-spysherrif-smitfraud-antivirusgold.html

hope it works for you but can any1 tell me how I can be positive the virus is gone and where I can get hijack this from? is it free? thanks


0

Response Number 11
Name: amigo72 (by bongkph)
Date: January 8, 2006 at 18:02:46 Pacific
Reply:

Spyaxe Removal recent update for latest variants. SpyAxe Removal


0

Response Number 12
Name: MarkAustralia
Date: January 9, 2006 at 12:08:08 Pacific
Reply:

The noahdfear smitfraud/spyaxe removal tool works very well, but do be aware that it contains its own infection, namely 4 registry entries related to (CWS) Cool Web Search Desktop Hijack. Having said that, CWS is much easier to remove, so running noahdfear followed by something like Spyware Begone will have your system running properly again in no time, ad/spy/malware free.

Regards


Mark
Microsoft Certified Prof. A+ Certified, Compaq & HP Accredited


0

Response Number 13
Name: noahdfear
Date: January 16, 2006 at 19:17:38 Pacific
Reply:

To:MarkAustralia

The smitRem tool contains no infections, especially none related to CWS. Because of the packing process used to create the self-extracting file, it has at one time or another been detected as suspicious by several antivirus programs, but was quickly removed from their databases when notified of the false positive. It was also flagged as suspicious by others for the use of the file process.exe, due to it sometimes being used also by malware authors. Again, the tool has been given approval and removed from detection by those applications.
Would you care to share with me why you believe it contains infections?


Dave

noahdfear@msn.com


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: SpyAxe Removal
spyaxe can;t remove www.computing.net/answers/security/spyaxe-cant-remove/17147.html

SpywareStrike - Similar to Spyaxe www.computing.net/answers/security/spywarestrike-similar-to-spyaxe/17467.html

Problem with Spyaxe.. www.computing.net/answers/security/problem-with-spyaxe/17085.html