"Your computer is infected! Windows has detected spyware infection."

I'm getting this message along with a blinking red X in the bottom right of my screen. When I try to close it out, it opens Firefox and sends me to the website www.spyaxe.com. My IE page was being messed with as well, but it appears to have went away. I read the locked pinned thread about removing CWS and other "nasties", but I'm afraid I'm going to remove something that I need. Can anyone take a look at my HJT log and help me out? Thanks...

Have you tried running adaware and see what it comes up with?

Ad-Aware scan in progress. I'll update this post with the results. Also, everytime the computer starts, a program called SpyAxe 3.0 installs. When I uninstall it, Firefox opens and I'm shown the SpyAxe website.

EDIT: Nothing found in Ad-Aware scan. I'll try Spybot and Spysweeper next.

hmm your post sounds like a scam, if your computer isnt runnibg slow then i wouldnt worry about it, some comapnys use those pop ups and try to get you to buy there product

Scam or not, I want it gone from my computer. And I don't want a random program installed on every startup. Spybot and SpySweeper both removed a couple things, but I'm still getting the big message on my screen.

As for the PC running slow, that's not the problem. The thing is that out of nowhere it starts sounding like a jet because of this crap I got.

post un updated hijack this log form safemode and maybe someone will take alook aat it,,id also recomend looking at microsoft anti spyware beta as it work well for me

Swiped this from another forum thought it might help.




Found the cure to the SpyAxe popup activity! I actually got desperate enough to complain last night through their website email form. Tonight I got a reply from them stating a lot of complaints came thru due to affiliate's illegal advertising of their product. They provide a simple fix that really worked. Here is the instructions they sent:
------------------
In order to clean your PC from infections related to Spyware Axe product, please follow the instructions below:

1) Save Uninstallers.zip from http://www.spyaxe.com/uninstall/uninstallers.zip to your desktop or HDD.

2) Extract 2 files "illegal_adv_uninstall1.exe" and "illegal_adv_uninstall2.exe" to your desktop or your HDD using WinZip.

3) Execute both of them one by one by double-clicking with your mouse.

4) Reboot your PC

5) Your PC is now clean

Son of a.......it worked! Thanks a lot beerabuser30! Now I can get back to watching the game in GORGEOUS ESPN HD.

Hi,

I'm having the exact same problem. I have the blinking red X at the botton right of my screen with a pop up that is VERY annoying. Also, many words on website are actualy advertising links. I cannot change my default homepage and I get many pop ups. I ran Norton 2005 and also Spybot - Search & Destroy. I tried to downlaod the http://www.spyaxe.com/uninstall/uninstallers.zip but it didn't work for me. It was just an empty .exe.

This is the default homepage I have right now http://www.pcadprotector.cc/?qq&pin=44768

If anyone can help please let me know cuz I'm going crazy with this

Hi,

I'm having the exact same problem. I have the blinking red X at the botton right of my screen with a pop up that is VERY annoying. Also, many words on website are actualy advertising links. I cannot change my default homepage and I get many pop ups. I ran Norton 2005 and also Spybot - Search & Destroy. I tried to downlaod the http://www.spyaxe.com/uninstall/uninstallers.zip but it didn't work for me. It was just an empty .exe.

This is the default homepage I have right now http://www.pcadprotector.cc/?qq&pin=44768

If anyone can help please let me know cuz I'm going crazy with this

Make sure that after you download the .zip file, you extract both .exe files to the desktop. Click on the first .exe, then on the second (it appears as if nothing happens). Restart your computer and it should be gone. That's what worked for me...

Hi, when I extract the folder, I only get 1 file. Where is the other?

I have the same problem with my computer at home, I as an IT person have had many times tried to remove this software from my computer, even gone into the register and did remove there. I am glad that someone out there has figured out how to stop this. Thanks

Seems like the website is no longer available. I'm sorry but I didn't keep the two .exe files after I got rid of this crap, I'll see if anyone still has them.

http://knights.orgfree.com/spyaxe_removal.htm Haven't tried this, but it's worth a shot since it doesn't appear as though the site will return.

http://www.spywaredb.com/remove-spyaxe/

anyone tried the uninstall as above???

I am having exactly the same problem and it's driving me mad. Every two seconds the "Your computer is infected" message pops up from the red and white cross in the bottom right hand corner. The link http://knights.orgfree.com/spyaxe_removal.htm
was just an empty white box.
The link http://www.spywaredb.com/remove-spyaxe/ would have been helpful if I had more of an idea what I'm doing but I'm pretty PC-illiterate when it comes to this sort of thing. It gives instructions on how to remove SpyAxe but I have no idea how to do it! If anyone can help me out by explaining exactly how I'm supposed to:


Kill the following processesspyaxe.exe
sa1.exe
scvhosts.dll

Unregister the following DLLs and rebootWindows\SYSTEM32\svchosts.dll

Remove the following filesProgram Files\SpyAxe\spyaxe.exe
Windows\system32\hpE951.tmp

Remove the following directoriesC:\Program Files\SpyAxe

...then it would be greatly appreciated!! What program should I be in??

I removed it from my computer useing the above program and it worked great. so good luck it took may differant programs try to remove before Techspot saved me :bounce:

Kill the following process: winstall.exe

Remove the following file: C:\winstall.exe

and that´s it... :D

scan your comp with Ad-Aware SE Personal.... or some other similar program ... :D

my web site (http://www.pozezani.com)

;) I just want to thank you for the help with fixing my computer with the spyaxe as well!! You are all awesome!

Seems like the website is no longer available. I'm sorry but I didn't keep the two .exe files after I got rid of this crap, I'll see if anyone still has them.

http://knights.orgfree.com/spyaxe_removal.htm Haven't tried this, but it's worth a shot since it doesn't appear as though the site will return.

The above link will only unistall spyaxe, but it will not keep it from coming back. I have spent 3 days 12hrs plus a day trying to get rid of this darn thing.

Not to worry. Here is the fix and you can do it in your sleep.

Oh and just to let you all know...Mcafee and Norton are wrong...this thing is malicious. It attacked my antivirus and changed settings, attack Spybot TeaTimer, and changed a whole mess of values in the registry for other programs so that you can't get rid of it. In all total in an Ad-aware scan I found over 60 entries for spyaxe and its dropper files.

Use both programs. One as I said before will only uninstall spyaxe, but the other will erase all trace of spyaxe, its dropper files, and all entries found in the registry as well as restoring all values that were changed.

use this one first Link to Antipuper Fix (http://forums.mcafeehelp.com/viewtopic.php?t=65072) (This will erase all traces of spyaxe and other exploites from the registry and system files and restore your registry values).

Then use the link provided by DGutierrez32 Link to Spyaxe Fix (http://knights.orgfree.com/spyaxe_removal.htm) (This will totally uninstall spyaxe).

Be sure to close all programs and windows before using both as they will both cause your computer to restart.

Oh and if you can, please donate to the person who came up with this fix. The person provides it through Mcafee's support forum, but it is not a Mcafee product. You can donate by selecting the donate button when the program starts.

See ya.

I had the same exact problem, and I got rid of the little "X" icon and the pop-up messages, BUT...my wallpaper has been replaced by a blue screen with a black box in the middle of it with text telling me that my computer has been infected by spyware.

When my computer loads up, I initially see the original wallpaper, but then it grays out, and then the aforementioned background/text comes up.

This problem persists even AFTER I ran Ad-Aware several times, AND downloaded PC-cillin and scanned my computer several times.

And I don't know if this is related, but when I start my computer, an error message appears telling me that some kind of .net framework file is missing. I don't have the exact text right now, but I'll post it later if someone can help me with it. The two issues might be related as they appeared at the same time.

Anybody out there with this same problem? :(

This is a follow up to my previous posting...the error message I receive when I start up my computer is the following:

c:\windows\microsoft.net\Framework\v1.1.4322\mscorwks.dll could not be loaded

I did a google search on this message and found only very complicated things that seem to be unrelated to my start up. I also tried downloading the latest v1.1, but my computer wouldn't accept it for some reason.

I need help!!

Time to read the stickies at the top of the forum. Probably start with this one http://www.techspot.com/vb/topic17297.html . You might also want to read the sticky on how to run and post a HJT log someone will help.

Thanks DirtyWolf,
That worked great getting rid of spyaxe, but iv now got a new, pretty much identical problem, with a new "X" icon in the notification area but this one is for SpywareStrike 2.5. Tried getting rid of it the same way but it didn't work.

Do you (or anyone else) know about fixing this one?

hallmark sign of the spysherriff virus or a variant. Read the sticky.

seems like I have a new version of spyaxe, now called spywarestrike. I've tried most of the posted suggestion (like deleting sa1.exe files (also others like sad.exe etc.)) and deleting in savemode and runed regedit (used most of the day) but the program seem to escape. I would be very happy if anyone could help getting of with this. thanks

C:\WINDOWS\System32\dllhost.exe
See this: http://www.pchell.com/virus/welchia.shtml

Fix these with HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp64A5.tmp (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Managed to get rid of most of the spyware strike using rededit in safe mode. Searched for any registry entries with "SpyWare Strike" and got rid of them. The only thing iv got left now is the "X" in the notification area. Does anyone know how to get rid of that? Cheers

i still didn’t mange to get rid of this spywarestrike thing and would be happy for any help and suggestions. in the toolbar i get the message: “system instruction detected! dangerous infection was detected on your pc. the system will now download and install most efficient antimalware program to prevent data loss and your private information threft. click here to protect your computer from biggest malware threats.” if clicking your are send to the spywarestrike homepage. I’ve tried all the suggested things (in safe mode deleting files and run regedit) but still the program tries to setup automatic startup at start with sa1.exe, sad.exe saf0.exe etc. (files \\ local settings\temp) and/or au_.exe (in ..\\local setting\temp\~uns.tmp\) (is prevented with zonealarm) and ones in half hour the program (spywarestrike 2.5) is installed. any help is very welcome

It seems like I'm having the same problem but my annoying box keeps directing me to spywarestrike.com. Does anyone have any fixes for this problem. anything would be helpful, thanks.

olem

fix with HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: COM+-systeemtoepassing (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)

I had the same exact problem, and I got rid of the little "X" icon and the pop-up messages, BUT...my wallpaper has been replaced by a blue screen with a black box in the middle of it with text telling me that my computer has been infected by spyware.

When my computer loads up, I initially see the original wallpaper, but then it grays out, and then the aforementioned background/text comes up.

This problem persists even AFTER I ran Ad-Aware several times, AND downloaded PC-cillin and scanned my computer several times.

And I don't know if this is related, but when I start my computer, an error message appears telling me that some kind of .net framework file is missing. I don't have the exact text right now, but I'll post it later if someone can help me with it. The two issues might be related as they appeared at the same time.

Anybody out there with this same problem? :(

I have the same problem. My homepage has been set to a blue screen on C:\system or something like that and then Spysheriff installed on my computer. I followed their instructions for uninstalling but the tray icon, my desktop and homepage are all still messed up. I'm really pissed!!

Try this link to remove spystrike, it has an automatic removal tool.http://www.2-spyware.com/remove-spywarestrike.html

My computer is affected slightly different to most in here, i have the red X on the bottom right that pops up with "your computer is infected etc etc.." However there is no mention of sywarestrike or the other one.. instead, in mozilla its reset all my settings to default with no bookmarks. And i get a scrolling message at the top of my screen over applications and on desktop that says "Warning! Your computer is infected! Press here for help!"

if i click on it i get directed to :
teslaplus.com <----anyone else getting this??

Any help would be GREATLY apreciated..
thanks.

I ran avg and Spyware doctor to remove the error

i ran the avg program you mentioned and went through each problem individually since im not paying for it!! (took ages!!).. i then started windows in safe mode and deleted a file that sits in the root directory "winstall.exe" or something like that.. on rebooting the red "X" is gone so i hope thats the last of it :)

no actually i've still got that anoying scrolling message at the top of my screen :( does anyone know a program similar to NoAdware that doesnt require registering ie. paying money
thanks..

I removed it from my computer useing the above program and it worked great. so good luck it took may differant programs try to remove before Techspot saved me :bounce:
Sorry to say this, SpyAe and SpySheriff are scams. And idiot would know not to put an uninstall guide on they're own scam's site.

Not only do have have the blue screen with the Infection msg, the red circle with the X, and the constant pop-up with another "infection" msg.... BUT I ALSO have something that's sending Spam out faster than I can count. Norton antivirus is catching them, and presumably stopping many, then alerting me with it's own pop-up warnings. The net result is that my screen is totally filled with messages. I've changed the SMTP address on my mail system to try to short circuit the outgoing messages, but they just keep flying out! If I open a Firefox window, the virus forces it to some other URL. So now I'm at the library doing research. HELP! I'll try the suggestions I've read here, but they don't address the outgoing spam issue. Can anyone address this issue for me? BTW, I've run Norton AV and Spybot multiple times in SafeMode, but the problems still exist. Grrrr.
Thanks!

This works but the URL has been changed to

http://www.spyaxe.com/uninstall/cmer_uninstallers.zip

When you uninstaill the two programs and run them they don't seem to do anything, but restart your machine and HAY PRESTO!!!! They are gone.

Thanks alot for the fix

How do you know that? AS I said, its insane to have an uninstaller on a criminals site. ;)
Do it the old fashioned way. Never fails.

Im left with my second major problem. I cant open my task manager.

I get a "Task manager has been disabled by your admin" message when i try to access the task manager. Anyone know how to fix this?

i just got what you guy are having problems with, even my task manager has been diabled


CURE
just do a restore back to before you got it, should sort it out - it sorted it out for me

i think i got it from www.isohunt.com there is a page that the site goes when you first go there, some sort of spy ware software site, anyway i pressed ok or something like that, think thats where i got the problem from - but not sure

Logfile of HijackThis v1.99.1
Scan saved at 3:27:19 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Still not reading the Read: How to... posts!

the systems are infected with malware, several of our clients have had a simillar problem, the easiest option to remove it is to go to add & remove programs and uninstall SpyAxe, SpySweeper etc then perform a complete system scan is safemode using Ad-Aware (http://www.lavasoft.com/) reboot then do an Ads scan using Ad-Aware (http://www.lavasoft.com/) again in saf mode.

also microsft have released a removal tool not sure how good it is yet?
http://www.microsoft.com/security/malwareremove/default.mspx

also it would be a good idea to run Hi-Jack This, Registry Repair Pro just to tie up loose ends etc.

i would recomend a well know AV rather then a free download as they are free for a reason

I'm having the same problems, though in a slightly different format, and am hoping someone could help me out.

I've been getting the "Your computer is Infected" message popping up from the red circle with the white X in my taskbar.

I ran Ad-Aware which seemed to take care of the problem, but when I restarted my computer the next morning. The circle and message reappeared. I ran Ad-Aware again and they disappeared before the program finished running.

Also, I can't uninstal the program because I can't find it.

If you have any suggestions they'd be much appreciated.

Hello and welcome to Techspot.

I'm having the same problems, though in a slightly different format, and am hoping someone could help me out.

I've been getting the "Your computer is Infected" message popping up from the red circle with the white X in my taskbar.

I ran Ad-Aware which seemed to take care of the problem, but when I restarted my computer the next morning. The circle and message reappeared. I ran Ad-Aware again and they disappeared before the program finished running.

Also, I can't uninstal the program because I can't find it.

If you have any suggestions they'd be much appreciated.


First, go HERE (http://www.bleepingcomputer.com/forums/topic22402.html) and follow the instructions.

Then, go HERE (http://www.techspot.com/vb/topic47014.html) and follow the instructions in the order they are given.

Open a new thread in the security and the web forum and post a fresh HJT, only after doing the above.

Regards Howard :wave: :wave:

This thread is being closed, due to the amount of replies it has.

If anyone has a problem with viruses/spyware etc. Open a new thread in the security and the web forum, after following these instructions. Thankyou.

Go and follow the instructions in this thread. Before posting your HijackThis log, please read this. (http://www.techspot.com/vb/topic47014.html)

Then, post a fresh HJT log as a .txt attachment, only after doing the above.

Regards Howard :)