Phew. Spent all of last night and most of this morning trying to kill this thing, but I finally managed to nix it. A lot of my work was blindly fumbling about in the dark here, but I'll recount as best I can. I'm sure there are ways to more efficiently get rid of this thing, but this method is something easier than downloading three programs, editing thirty or fourty registry keys, learning linux in 3 easy steps, beating mother Teresea in a contest to decide who can be the most passivley resistant, you get the idea.
Firstly: I panicked. You might want to skip this step, as I assure you it leads to unecessary unpleasantess.
Secondly: I ran checks with Mcafee and MSanti, MSanti picked it up, but didn't successfully clean it, Mcafee deleted a few temporary files that were apparently causing trouble, but didn't solve the problem either.
After this, MSanti (or perhaps it was Mcafee, but I'm 90% sure it was MSanti) popped up saying that it was cleaning Spyaxe from my computer. (And it in fact did.) I'm going to guess this is what saved me from the brunt of the infection. Unfortunatley, I still had mssearchnet, nvcrtl, and Security Toolbar. So I went to work. Google revealed a post on this site made by Weshemp, which gave me the names of the files that were causing the trouble, the same names I'd figured looked out of place in the process manager.
First I did the regedit (which I never would have done unless I had checked the post) deleting two keys tied to a search for mssearchnet and another tied to nvctrl. After that, I whipped out the weapons, in this case DrDelete, and, in the words of George Carlin, I waxxed the mother f***ers. I deleted every instance of nvctrl and mssearchnet I could get my paws on, and then, as an afterthought, killed Security Toolbar as well. I rebooted, and nvsctrl and mssearchnet were gone from the active processes list (and indeed the machine), but STB remained. After trying a number of things which are insignificant because they didn't work, I decided to try doing a system restore. I only had to restore to two days ago (because I contracted this vile thing last night) but I ended up restoring to sometime last week.
After the restore, everything is working nominally, I imagine I could have just restored to begin with and it would have fixed the problem, but, also in the words of George Carlin, we don't have time for rational solutions.
I hope this helps at least one person, this thing was bloody frustrating to get rid of.
--Polar
Firstly: I panicked. You might want to skip this step, as I assure you it leads to unecessary unpleasantess.
Secondly: I ran checks with Mcafee and MSanti, MSanti picked it up, but didn't successfully clean it, Mcafee deleted a few temporary files that were apparently causing trouble, but didn't solve the problem either.
After this, MSanti (or perhaps it was Mcafee, but I'm 90% sure it was MSanti) popped up saying that it was cleaning Spyaxe from my computer. (And it in fact did.) I'm going to guess this is what saved me from the brunt of the infection. Unfortunatley, I still had mssearchnet, nvcrtl, and Security Toolbar. So I went to work. Google revealed a post on this site made by Weshemp, which gave me the names of the files that were causing the trouble, the same names I'd figured looked out of place in the process manager.
First I did the regedit (which I never would have done unless I had checked the post) deleting two keys tied to a search for mssearchnet and another tied to nvctrl. After that, I whipped out the weapons, in this case DrDelete, and, in the words of George Carlin, I waxxed the mother f***ers. I deleted every instance of nvctrl and mssearchnet I could get my paws on, and then, as an afterthought, killed Security Toolbar as well. I rebooted, and nvsctrl and mssearchnet were gone from the active processes list (and indeed the machine), but STB remained. After trying a number of things which are insignificant because they didn't work, I decided to try doing a system restore. I only had to restore to two days ago (because I contracted this vile thing last night) but I ended up restoring to sometime last week.
After the restore, everything is working nominally, I imagine I could have just restored to begin with and it would have fixed the problem, but, also in the words of George Carlin, we don't have time for rational solutions.
I hope this helps at least one person, this thing was bloody frustrating to get rid of.
--Polar
