Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87514 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

SpyAxe removal procedure


  • This topic is locked This topic is locked
1 reply to this topic

#1 Runsi

Runsi

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 08 January 2006 - 11:37 AM

I came across this procedure somwere and I just had to spread the joy. This worked fine on my macine, I was dealing with this stupid thing for 3 day´s and I am so happy to have gotten rid of this. B)
Also AdAware seamed to delete some part of this SpyAxe thing so run that also when you are in safe mode.

REMOVAL OF SPYAXE and the new variant:

Hi everyone. Just got hit with this stupid Spyaxe garbage and figured out it was a new variant that has had little coverage across the forums. I was on the verge of a full format and Windows reload when I came upon the post by user "Thanst" at Sysinternals Forums here at:

»www.sysinternals.com/Forum/forum···=1&TPN=5

The "new" file in question that causes this variant to regenerate is: webconm.dll . Please see the attached screenshot of the new popup that comes with this variant.

For the newbie, I have below the essential checklist of programs that you will need to totally remove this SH** and blast them back to hell where they belong!

Programs Needed:
================

1. Smitrem.exe from:
»noahdfear.geekstogo.com/

Download to desktop, then run the .EXE. It will extract files to a new folder. DON'T RUN ANYTHING YET.

2. killbox.exe - I downloaded it from:
»www.softpedia.com/get/Security/S···ox.shtml

Download to desktop, and extract using WinZip/WinRAR. DON'T RUN ANYTHING YET.

Procedure:
==========

1. Boot into SAFE mode (Reboot, wait for the single beep, then hit F8 - choose SAFE, not SAFE WITH NETWORKING - you don't want the stupid thing to come back while you're trying to get rid of it).

2. In the SmitRem folder that was created, run the 'RunThis' batch file. Read, and then follow the instructions - carefully.

3. Run REGEDIT, do a search in the registry for 'spyaxe'. Delete all entries that you find. Make sure to FIND NEXT (F3) and keep going until everything is gone.

4. Go to START, and then SEARCH. Search for 'spyaxe'. Delete all files that come up.

5. Empty RECYCLE BIN. Repeat steps 2, 3 and 4. Remember that after you've performed the search for 'spyaxe' files in step 4, there will be a new registry entry for the search. No worries.

6. Run Killbox.exe. (see screenshot). Click on the folder icon and browse to find the file: C:\WINDOWS\SYSTEM32\netwrap.dll . (note: this file could change when SpyAxe updates, some variants have the webconm.dll file.)

Put a check beside:
- End Explorer Shell While Killing File AND
- Unregister .dll Before Killing

Click on the red 'X' icon. Click on YES to backup and then delete. After deleting, go to: FILE - CLEANUP - Delete All Backups, and then delete. Click on EXIT when you're done.

7. Reboot into NORMAL mode (i.e. regular reboot) and things are just peachy. wavey.gif

#2 illukka

illukka

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPip
  • 834 posts

Posted 23 January 2006 - 01:18 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php



Similar Topics: SpyAxe removal procedure     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users