WizYo Blog ! WizYo Sytes Net Tech Support
What a great place to share :) Here you will find flashes of brilliance caught for all the world to enjoy. .. Actually, these are brief articles describing how I fixed a problem. Every day, I find information online that helps me solve a mystery. So this is me giving back to the community. Thanks for stopping by.. and don't forget to tell your friends!

SpyAxe removal

This one was tricky. It took me about 3 hours on a Windows XP Pro system that is less than a year old. This system had many other spyware items, but this one refused to leave:


Virus Alert! your computer is infected dangerous malware infection was detected on your pc the system will now download and install most efficient antimalware program to prevent data loss and your private information theft. click here to protect your computer from the biggest malware threats.

A little trick I've been doing lately is toggling between SysInternals' Process Explorer and HiJack This! (both are free pieces of software) for tackling the greazy beasts and following up with SpyBot and Trend Micro's online virus scanner. This seems to be the most fun way to shove a foot right up in the spyware nice and proper and makes it gasp for air.

HiJack This! has a handy feature for deleting a file during the boot process. This is especially handy for files that are locked because either they are running or another running process has them locked. Using HiJack This, select the file to be removed during reboot and then reboot the system. If the file comes back, locate it's "buddy" and select them both to be removed and then reboot. Again, if they come back, look for another "buddy" program that is making these files reappear.

After working my magic, I still received that strange popup from the system tray and Norton Antivirus was gimping along. I ran across an article mentioning several online virus scanners and then it had a download for smitRem.exe. Whatever smitRem is, it is now in my pocket and will be the first tool I use on the next infestation.

This system also appeared to have SmitFraud-C trojan; kill and remove MSSearchnet.exe and mscornet.exe using Process Explorer and HiJack This!

In researching these items, I ran across the following articles:

Here's a link to the HiJack This! log of the system before making any changes. Notice all the funky stuff running from temp folders.

 

 

( removing Spyaks )

Sunday, January 01, 2006


0 Comments:

Post a Comment

Back to top.

Home
WizYo
Sytes Net

Links
~hot~ Links


this site !

GuestBook
Guests

Free Hit Counter

Blog!

Tell a friend about Tech Support available here !

Free Phone with iTunes
- Previous -
 
- Domain Security Policy
 
- ASP.net Compiler Error BC30138 Solution
 
- Free eBay item listing template
 
- Adware and auto-run registry key (notes)
 
- Veritas 9.0 handy Reinstallation Patches
 
- Windows XP wouldn't allow network access
 
- Cheap website domain hosting
 
- Server 2003 Backup at your own risk !
 
- Norton Internet Security may go *bump* in the night
 
- unsolved emachine
 
- Search -
 

 


it's private

 

This page is powered by Blogger. Isn't yours?