Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Spyaxe Or Variant

  • Please log in to reply
2 replies to this topic

#1 lpmiller


  • Members
  • 2 posts
  • Local time:01:21 PM

Posted 06 January 2006 - 03:31 PM

ok, I've been battling this sucker all day, and I think I've got it licked. You helped, by the way.

First, I had Ewido Anti Malware quarrentine SpywareStrike.exe, though I think I could have just deleted the file. DO NOT USE THE UNINSTALLER.

Then I used killbox to delete and unregister the netwrap.dll. Before that I had been been using it to kill svchost.exe, assuming it was infected. This would also delay that pop up ballon, which made me think there is a relationship there. Then I saw your post, and killed both of them.

Once Killbox finished with netwrap, I then used hijack this to delete any reference to spyware striker.

So far, the system seems free of reinfection.

However, I had to clear the system of a few trojans before I did any of this, so if you are getting it again, I imagine there is still a trojan on the system somewhere, reinstalling it. I guess we'll see if this system stays free of reinfection.

I should mention that this is so new, Spybot, Adaware, Microsoft - none of them even see it. Only Ewido even detects Spyware Striker, though all it does is quarrintine the exe file, it doesn't kill that balloon. I should also mention stopped system restore from saving checkpoints and purged it, because from what I could tell, it was reinstalling from the restore file.

Edited by lpmiller, 06 January 2006 - 03:34 PM.

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:21 PM

Posted 06 January 2006 - 03:51 PM

This post was orignially added to a post in the HJT forum.

Help! Infected With Spyaxe Or Variant And, the Noahdfear fix will not work

I split it away and reposted here for it's possible value to others.

At the top of every HJT forum page is this note:

:thumbsup: Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Please do not post to HJT logs.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 lpmiller

  • Topic Starter

  • Members
  • 2 posts
  • Local time:01:21 PM

Posted 06 January 2006 - 03:54 PM

ah, sorry. Moderate a forum myself, you'd think I'd know better.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users