SpyAxe removal procedure
Posted 08 January 2006 - 11:37 AM
Also AdAware seamed to delete some part of this SpyAxe thing so run that also when you are in safe mode.
REMOVAL OF SPYAXE and the new variant:
Hi everyone. Just got hit with this stupid Spyaxe garbage and figured out it was a new variant that has had little coverage across the forums. I was on the verge of a full format and Windows reload when I came upon the post by user "Thanst" at Sysinternals Forums here at:
The "new" file in question that causes this variant to regenerate is: webconm.dll . Please see the attached screenshot of the new popup that comes with this variant.
For the newbie, I have below the essential checklist of programs that you will need to totally remove this SH** and blast them back to hell where they belong!
1. Smitrem.exe from:
Download to desktop, then run the .EXE. It will extract files to a new folder. DON'T RUN ANYTHING YET.
2. killbox.exe - I downloaded it from:
Download to desktop, and extract using WinZip/WinRAR. DON'T RUN ANYTHING YET.
1. Boot into SAFE mode (Reboot, wait for the single beep, then hit F8 - choose SAFE, not SAFE WITH NETWORKING - you don't want the stupid thing to come back while you're trying to get rid of it).
2. In the SmitRem folder that was created, run the 'RunThis' batch file. Read, and then follow the instructions - carefully.
3. Run REGEDIT, do a search in the registry for 'spyaxe'. Delete all entries that you find. Make sure to FIND NEXT (F3) and keep going until everything is gone.
4. Go to START, and then SEARCH. Search for 'spyaxe'. Delete all files that come up.
5. Empty RECYCLE BIN. Repeat steps 2, 3 and 4. Remember that after you've performed the search for 'spyaxe' files in step 4, there will be a new registry entry for the search. No worries.
6. Run Killbox.exe. (see screenshot). Click on the folder icon and browse to find the file: C:\WINDOWS\SYSTEM32\netwrap.dll . (note: this file could change when SpyAxe updates, some variants have the webconm.dll file.)
Put a check beside:
- End Explorer Shell While Killing File AND
- Unregister .dll Before Killing
Click on the red 'X' icon. Click on YES to backup and then delete. After deleting, go to: FILE - CLEANUP - Delete All Backups, and then delete. Click on EXIT when you're done.
7. Reboot into NORMAL mode (i.e. regular reboot) and things are just peachy. wavey.gif
Posted 23 January 2006 - 01:18 PM
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users