SpyAxe 3.0 Malware...

jamesclarke555 · 07-12-2005, 17:33

Just a heads up for people. My PC was infected with this joker today and it's rather a pain in the ar$e.

I've also lost faith in MS AntiSpyware, as the program did absolutely nothing to stop it and woudn't even detect its presence when running a full scan! Even manually blocking each process didn't work and it reared its ugly head in the form of browser hijacks, constant pop-ups and generally weird behaviour! The irony is that this malware claims to be an anti-spyware solution

Anyway, a quick Ad-Aware scan later determined the culprit, although the program detects the malware, it has trouble removing it.

So here's how:

1. Search for a file called svchosts.dll (not to be confused with the legitimate process svchosts.exe).

2. Rename this file to something else, like pain.dll (you can't delete svchosts.dll directly, as it's "in use").

3. Reboot the machine and go to Control Panel / Internet Options / Programs / Manage Add - Ons.

4. Disable HomepageBHO.

5. Don't forget to delete the .dll file.

Paul · 07-12-2005, 17:43

Sounds nasty but at least Google hit those instructions on it's first link from a search
Google search link
Looks like it's a new kid on the malware block, christmas must be arriving early or something with all the new gifts people are finding on their PCs lately lol.

jamesclarke555 · 07-12-2005, 17:49

Seems there's still leftovers

Quote:

SpyAxe is a trojan, which displays one or two icons in the system tray. These icons show a message saying that the compromised system is infected with spyware parasites and asking the user to download and install an anti-spyware program, which actually is the infamous SpyAxe, corrupt illegally distributed spyware remover. Once the user clicks on such message, the trojan opens the anti-spyware's official web site. It may also try to download the application automatically. SpyAxe may also change the desktop background. The trojan automatically runs on every Windows startup.

Gonna try this:
http://forums.majorgeeks.com/showthread.php?t=78572

fireman328 · 07-12-2005, 19:24

There is an update dated 02/12/2005 to MS AntiSpyware if you are using the earlier version.

jamesclarke555 · 07-12-2005, 23:01

Quote:

Originally Posted by fireman328

There is an update dated 02/12/2005 to MS AntiSpyware if you are using the earlier version.

Got the latest build with the latest definitions.

50420 · 08-12-2005, 01:08

funny thing...just a few minutes after reading the original post on this thread, a friend called with a problem he's been having with popups. he brought the pc down for me to take alook at it....set it up here and booted it

boots into a spy axe scan.. managed to get ms antispyware, adaware,spybot, ewido, avast, zonealarm, CCleaner and hijack this onto the pc...which in the 2yrs he's had it, has not had any AV or firewall !!!! managed to update any that needed updating and rebooted into safe mode. ran all the apps in safe mode...and they all found huge amount of trojans, virus, spyware, adware...and spyaxe, and appeared to succesfully remove anything that needed removal,and i also renamed the svchosts.dll file... checked the homepage setting via ctrl panel and ms antispyware advanced tools, and everything seemed cool

rebooted pc... up poped the spyaxe scanner and additional spyaxe popups!!! msconfig shows nothing suspicious? anyways am currently working my way through the info on this site http://forums.spywareinfo.com/index....=&#entry325148

will let u guys know how i get off with it..

---------- Post added at 02:08 ---------- Previous post was at 01:03 ----------

well... looks to have done the trick. went through the step by step info on the link above... took a while, mainly due to the duration of the ewido scan... but so far all seems sweet

antispy · 13-12-2005, 06:21

here is spyaxe removal guide: manual spyaxe removal