"Your computer is infected! Windows has detected spyware infection."

DLL issues

This is a follow up to my previous posting...the error message I receive when I start up my computer is the following:

c:\windows\microsoft.net\Framework\v1.1.4322\mscorwks.dll could not be loaded

I did a google search on this message and found only very complicated things that seem to be unrelated to my start up. I also tried downloading the latest v1.1, but my computer wouldn't accept it for some reason.

I need help!!

Time to read the stickies at the top of the forum. Probably start with this one http://www.techspot.com/vb/topic17297.html . You might also want to read the sticky on how to run and post a HJT log someone will help.

Thanks DirtyWolf,
That worked great getting rid of spyaxe, but iv now got a new, pretty much identical problem, with a new "X" icon in the notification area but this one is for SpywareStrike 2.5. Tried getting rid of it the same way but it didn't work.

Do you (or anyone else) know about fixing this one?

hallmark sign of the spysherriff virus or a variant. Read the sticky.

new spyaxe now called spywarestrike?

seems like I have a new version of spyaxe, now called spywarestrike. I've tried most of the posted suggestion (like deleting sa1.exe files (also others like sad.exe etc.)) and deleting in savemode and runed regedit (used most of the day) but the program seem to escape. I would be very happy if anyone could help getting of with this. thanks

C:\WINDOWS\System32\dllhost.exe
See this: http://www.pchell.com/virus/welchia.shtml

Fix these with HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp64A5.tmp (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

SpyWare Strike

Managed to get rid of most of the spyware strike using rededit in safe mode. Searched for any registry entries with "SpyWare Strike" and got rid of them. The only thing iv got left now is the "X" in the notification area. Does anyone know how to get rid of that? Cheers

spywarestrike 2.5 help

i still didn’t mange to get rid of this spywarestrike thing and would be happy for any help and suggestions. in the toolbar i get the message: “system instruction detected! dangerous infection was detected on your pc. the system will now download and install most efficient antimalware program to prevent data loss and your private information threft. click here to protect your computer from biggest malware threats.” if clicking your are send to the spywarestrike homepage. I’ve tried all the suggested things (in safe mode deleting files and run regedit) but still the program tries to setup automatic startup at start with sa1.exe, sad.exe saf0.exe etc. (files \\ local settings\temp) and/or au_.exe (in ..\\local setting\temp\~uns.tmp\) (is prevented with zonealarm) and ones in half hour the program (spywarestrike 2.5) is installed. any help is very welcome

similar problem

It seems like I'm having the same problem but my annoying box keeps directing me to spywarestrike.com. Does anyone have any fixes for this problem. anything would be helpful, thanks.

olem

fix with HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: COM+-systeemtoepassing (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)

I have the same problem. My homepage has been set to a blue screen on C:\system or something like that and then Spysheriff installed on my computer. I followed their instructions for uninstalling but the tray icon, my desktop and homepage are all still messed up. I'm really pissed!!

Jm

Try this link to remove spystrike, it has an automatic removal tool.http://www.2-spyware.com/remove-spywarestrike.html

My computer is affected slightly different to most in here, i have the red X on the bottom right that pops up with "your computer is infected etc etc.." However there is no mention of sywarestrike or the other one.. instead, in mozilla its reset all my settings to default with no bookmarks. And i get a scrolling message at the top of my screen over applications and on desktop that says "Warning! Your computer is infected! Press here for help!"

if i click on it i get directed to :
teslaplus.com <----anyone else getting this??

Any help would be GREATLY apreciated..
thanks.

avg

I ran avg and Spyware doctor to remove the error

i ran the avg program you mentioned and went through each problem individually since im not paying for it!! (took ages!!).. i then started windows in safe mode and deleted a file that sits in the root directory "winstall.exe" or something like that.. on rebooting the red "X" is gone so i hope thats the last of it

no actually i've still got that anoying scrolling message at the top of my screen does anyone know a program similar to NoAdware that doesnt require registering ie. paying money
thanks..

Sorry to say this, SpyAe and SpySheriff are scams. And ***** would know not to put an uninstall guide on they're own scam's site.

Not only do have have the blue screen with the Infection msg, the red circle with the X, and the constant pop-up with another "infection" msg.... BUT I ALSO have something that's sending Spam out faster than I can count. Norton antivirus is catching them, and presumably stopping many, then alerting me with it's own pop-up warnings. The net result is that my screen is totally filled with messages. I've changed the SMTP address on my mail system to try to short circuit the outgoing messages, but they just keep flying out! If I open a Firefox window, the virus forces it to some other URL. So now I'm at the library doing research. HELP! I'll try the suggestions I've read here, but they don't address the outgoing spam issue. Can anyone address this issue for me? BTW, I've run Norton AV and Spybot multiple times in SafeMode, but the problems still exist. Grrrr.
Thanks!

This works but the URL has been changed to

http://www.spyaxe.com/uninstall/cmer_uninstallers.zip

When you uninstaill the two programs and run them they don't seem to do anything, but restart your machine and HAY PRESTO!!!! They are gone.

Thanks alot for the fix

How do you know that? AS I said, its insane to have an uninstaller on a criminals site.
Do it the old fashioned way. Never fails.