Also AdAware seamed to delete some part of this SpyAxe thing so run that also when you are in safe mode.
REMOVAL OF SPYAXE and the new variant:
Hi everyone. Just got hit with this stupid Spyaxe garbage and figured out it was a new variant that has had little coverage across the forums. I was on the verge of a full format and Windows reload when I came upon the post by user "Thanst" at Sysinternals Forums here at:
The "new" file in question that causes this variant to regenerate is: webconm.dll . Please see the attached screenshot of the new popup that comes with this variant.
For the newbie, I have below the essential checklist of programs that you will need to totally remove this SH** and blast them back to hell where they belong!
1. Smitrem.exe from:
Download to desktop, then run the .EXE. It will extract files to a new folder. DON'T RUN ANYTHING YET.
2. killbox.exe - I downloaded it from:
Download to desktop, and extract using WinZip/WinRAR. DON'T RUN ANYTHING YET.
1. Boot into SAFE mode (Reboot, wait for the single beep, then hit F8 - choose SAFE, not SAFE WITH NETWORKING - you don't want the stupid thing to come back while you're trying to get rid of it).
2. In the SmitRem folder that was created, run the 'RunThis' batch file. Read, and then follow the instructions - carefully.
3. Run REGEDIT, do a search in the registry for 'spyaxe'. Delete all entries that you find. Make sure to FIND NEXT (F3) and keep going until everything is gone.
4. Go to START, and then SEARCH. Search for 'spyaxe'. Delete all files that come up.
5. Empty RECYCLE BIN. Repeat steps 2, 3 and 4. Remember that after you've performed the search for 'spyaxe' files in step 4, there will be a new registry entry for the search. No worries.
6. Run Killbox.exe. (see screenshot). Click on the folder icon and browse to find the file: C:\WINDOWS\SYSTEM32\netwrap.dll . (note: this file could change when SpyAxe updates, some variants have the webconm.dll file.)
Put a check beside:
- End Explorer Shell While Killing File AND
- Unregister .dll Before Killing
Click on the red 'X' icon. Click on YES to backup and then delete. After deleting, go to: FILE - CLEANUP - Delete All Backups, and then delete. Click on EXIT when you're done.
7. Reboot into NORMAL mode (i.e. regular reboot) and things are just peachy. wavey.gif