Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Got Spyaxe Help please.

0 views
Skip to first unread message

frustrated

unread,
Dec 8, 2005, 1:28:02 PM12/8/05
to
I think I can get rid of the harmful items (though it will be a task) but
will this also fix the redirction of my browser?

Or would it be better to just reformat the disk and start over? I run
Norton and this slipped by.

PA Bear

unread,
Dec 8, 2005, 1:34:24 PM12/8/05
to
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

nskre...@yahoo.com

unread,
Dec 8, 2005, 4:03:22 PM12/8/05
to
Hello,

To remove SpyAxe, you may wish to try Super Ad Blocker with
SUPERAntiSpyware:
http://www.superadblocker.com

I would perform your scan in Safe Mode. If you need help with starting
in Safe Mode, try our FREE BootSafe application, it makes it very easy:
http://www.superadblocker.com/bootsafe.html

Super Ad Blocker is designed to be quick and easy for end-users with no
complicated setup or configuration. On a technical side, Super Ad
Blocker | SUPERAntiSpyware offers several unique features such as using
a system level driver to delete detected items, so pests do not come
back once detected and cleaned.

Super Ad Blocker offers a fully functional 15-day trial. You can scan
and clean your computer and then remove Super Ad Blocker if you do not
wish to keep it. We do appreciate when users support our development
efforts by purchasing the product :)

If that does not find and/or remove the spyware/adware on your machine,
you can submit a diagnostic and I will diagnose your machine for free
and post the results back to the group and update our rules with
anything found:
http://www.superadblocker.com/diagnostic.html?id=nicks

You may also wish to "see" what is running on your computer here:
http://www.fileresearchcenter.com

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

BootSafe - Making booting to Safe Mode a snap! 100% free product.
http://www.superadblocker.com/bootsafe.html


** Please note that I am the author of the above programs and sites and
I do have a vested interest in Super Ad Blocker, SUPERAntiSpyware and
FileResearchCenter.com. You, the user, have no obligation to purchase
the software and are free to try the software, clean/fix your system,
and then uninstall.

rich...@yahoo.com

unread,
Dec 9, 2005, 12:26:05 PM12/9/05
to
After a few hours of research and working on a infected machine, I came
up with these few steps that require no external tools, hope this help.

1- Reboot machine to safe mode.
2- Run regedit and delete the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run

3- While still in regedit, use Find to locate: mssearchnet.exe and
nvctrl.exe, if you find them delete the key. Close regedit.
4- Go to folder C:\windows\system32 and remove svchosts.dll and folder
1024.
5- Use Windows search and locate mssearchnet.exe and nvctrl.exe and
delete them. I found these files under C:\windows\system32.
6- List the content of folder C:\windows\system32 with dir /od which
will list all files in chronological order (oldest date first), and if
possible compare the last few entries with one that's not infected,
move the suspicious files to a temporary location (i.e. c:\temp). In my
case, any file created after Dec 5 were suspicious, but not all of
them.
7- Reboot computer.
8-If machine reboot normally, delete the temporary location created in
step 7.
9- As a safety precaution, go to Internet Explorer's Options, clear all
cache under the General tab, and Reset Web Settings under Programs tab
(not sure what it does, but I've seen it mentioned in several posts,
and I guess it does not hurt anything in doing so).

Steps 4 and 5, seemed to clear the web re-direct, and this is my best
recollection in working on a Windows XP Pro machine.

Balarka

unread,
Dec 12, 2005, 10:28:02 AM12/12/05
to
Please install Spyware Doctor ..search in google and u can get it. Run a full
system scan and u shall be thru

BigE

unread,
Dec 12, 2005, 1:35:03 PM12/12/05
to
Go to http://securityresponse.symantec.com/avcenter/venc/data/trojan.spaxe.html
0 new messages