Announcement

Collapse
No announcement yet.

Spyaxe

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spyaxe

    Hi all,

    Anyone encounter this violent trojan ?

    Try all : spybot, adaware, nav 2005
    I succeed to kill it but it keep comming back and reinstall itself.
    followed the instructions here http://securityresponse.symantec.com...jan.spaxe.html
    no good.

    Format and reinstall windows ?
    Last edited by ronker; 29th December 2005, 14:38.
    crocus

  • #2
    Re: Spyaxe

    And what version of Windows might one be using?
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Spyaxe

      Sory,

      Updated Xp pro sp2.
      crocus

      Comment


      • #4
        Re: Spyaxe

        Did you turn OFF the Restore Point, boot into Safe Mode, clean virus and then reboot again?
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Spyaxe

          I try scanning on safe mode.
          What surprised me is that it is also active on safe mode.
          After scanning I deleted its folder on program files but after reboot it is actualy reinstall itself and the folder goes back to program files folder.
          crocus

          Comment


          • #6
            Re: Spyaxe

            disable system restore.
            remove virus via nav or other products.
            look into the regisrty (hkcu\software\microsoft\windows\currenversion\run and HKLM\software\microsoft\windows\currentversion\run ) for anything unusual

            also see

            http://vil.mcafeesecurity.com/vil/content/v_137422.htm
            http://www.scanforfree.com/paretologic/
            http://vil.nai.com/vil/content/v_137512.htm
            http://forums.mcafeehelp.com/viewtopic.php?t=65072
            http://www.2-spyware.com/remove-spya...FQRuOAod6SOWjQ
            Last edited by Dumber; 29th December 2005, 22:24. Reason: added urls.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Spyaxe

              Thanks Dumber for this useful links I will use them for sure.
              Happy hanukkah / christmas for you all.
              crocus

              Comment


              • #8
                Re: Spyaxe

                I had a bad virus i couldnt get rid of when i was under win 98 SE only way i found to completey get rid of it so it couldnt reinstall itself was to set a NoRun on the files in the win.ini file in msconfig,, i dont know if this will work for xp tho.
                Life's a breeze, so spread your wings and fly baby

                Comment


                • #9
                  Re: Spyaxe

                  Have you tried deleting the local user accounts from c:\Cocuments and Settings? It could be reloading from a user account when you login. If you use roaming profiles check in the roaming profile home as well to be safe.

                  Clendeni

                  Comment


                  • #10
                    Re: Spyaxe

                    I had a user who had that.

                    No tools I found will get rid of it for you, MS Anti-Spyware detects it then removes it (or so it says) then it comes back.

                    The main file you need to get rid of is nvctrl.exe in C:\windows\system32

                    This file then fires of mssearchnet.exe and ntcompat.lib

                    Search for nvctrl in the registry and check msconfig for it, remove any instance.

                    Then restart your computer in safe mode, delete all the above mentioned files, and search registry for

                    spyaxe
                    nvctrl.exe
                    mssearchnet.exe

                    Delete any occurances, after I did this I ran Spyboy, Ad-aware, and MS AS, they picked up a couple of left overs but nothing to do with Spyaxe, it's been fine since.

                    Also check the installed\enabled add-ins for IE, Spyaxe is usually installed when someone installs something off the web (if think it was a video codec for this particular user..............and I didn't want to ask what video it was for !!!).

                    topper
                    * Shamelessly mentioning "Don't forget to add reputation!"

                    Comment


                    • #11
                      Re: Spyaxe

                      Hi,
                      Hope this help, SpyAxe info & removal instructions:

                      http://www40.brinkster.com/spyaxe/spyaxe-info.asp

                      Comment

                      Working...
                      X