Hi,

My Spyaxe problem appears to have been corrected. SpySweeper showed that I
had several adware items again last night: SpyAxe, SpyAxe Fakealert and
Trojan-downloader-zlob. So I ran SpySweeper after upgrading to the latest
definitions file and deleted the adware items. No more pop-up balloon or
icon in the task tray. Re-booted several times, with no problems. I did
this with my Internet connetion disabled. Next, I ran SpySweeper several
more times, with no adware being found. Then, I (hesitantly) enabled my
Internet connection again--no problems.

Ran Ad-Aware SE which showed a bunch of malware-items in my registry;
quarantined those. Everything still works. Fingers crossed, of course...

Many thanks to everyone for your input!
--
Harry Keijzer


"David H. Lipman" wrote:

> From: "Harry Keijzer" <HarryKeijzer@discussions.microsoft.com>
>
> | My system is infected with a "program" called Spyaxe and I cannot remove it.
> | I keep seeing a little balloon in my taskbar that says I am infected. This
> | stays around, even after I remove the program and its shortcut. When I
> | restart the system, it re-installs itself. It also appears to bring in other
> | trouble, such as something called "antivirus gold". Is there some
> | step-by-step removal procedure "for dummies"? Somebody mentioned a
> | noahdfear--any comments?
> |
> | Many thanks in advance, and best wishes for the New Year,
> |
>
>
>
> Two part reply..
>
> Perform Part 1 then perform Part 2.
>
> It is suggested that you execute each tool in Normal Mode then in Safe Mode.
>
> If you are using any version of Sun Java that is prior to JRE Version 5.0,
> then you are strongly urged to remove any/all versions that are prior to JRE
> Version 5.0. There are vulnerabilities in them and they are actively being exploited.
> It is possible that is how you got infected with malware.
>
> Therefore, it is highly suggested that if there are any prior versions of Sun Java
> to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
> be installed ASAP.
>
> http://www.java.com/en/download/manual.jsp
>
>
>
>
> Use the alternate if the first two parts are ineffective...
> Note: Alternate only for Win2K, WinXP and Win2003 Server
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click...click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before performing another scan.
>
> Alternate:
>
> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
>
> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>
> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>
>
> Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
> reply.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "Harry Keijzer" <HarryKeijzer@discussions.microsoft.com>

| Hi,
|
| My Spyaxe problem appears to have been corrected. SpySweeper showed that I
| had several adware items again last night: SpyAxe, SpyAxe Fakealert and
| Trojan-downloader-zlob. So I ran SpySweeper after upgrading to the latest
| definitions file and deleted the adware items. No more pop-up balloon or
| icon in the task tray. Re-booted several times, with no problems. I did
| this with my Internet connetion disabled. Next, I ran SpySweeper several
| more times, with no adware being found. Then, I (hesitantly) enabled my
| Internet connection again--no problems.
|
| Ran Ad-Aware SE which showed a bunch of malware-items in my registry;
| quarantined those. Everything still works. Fingers crossed, of course...
|
| Many thanks to everyone for your input!

And your version of of Sun Java is the latest ?

Since you had one Downloader Trojan, you may have other Trojans or virsues that SpySweeper
won't find.

If you had applied my SmitFraud.exe tool, you would have permed a McAfee anti virus command
line scan of your computer.

Please use the following tool and and use the McAfee module.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Leythos wrote:

> If you have SpyAxe, PSGuard, Smitfraud, Sinnaka Advertisments or detections
> for Puper or Alemod that can not seem to be removed automatically, please
> try this automated removal tool.

PCbutts troll alert posting as Leythos.

--
Rock
MS MVP Windows - Shell/User

In article <eAf#TfkDGHA.1088@tk2msftngp13.phx.gbl>, rock@mail.nospam.net
says...
>
> Leythos wrote:
>
> > If you have SpyAxe, PSGuard, Smitfraud, Sinnaka Advertisments or detections
> > for Puper or Alemod that can not seem to be removed automatically, please
> > try this automated removal tool.
>
> PCbutts troll alert posting as Leythos.

Thanks Rock, I'm not sure why he likes posting as my Nickname so much,
while I think it's funny, he's not fooling anyone. It's just another
nail in his ethics coffin.

--

spam999free@rrohio.com
remove 999 in order to email me

Leythos wrote:

> In article <eAf#TfkDGHA.1088@tk2msftngp13.phx.gbl>, rock@mail.nospam.net
> says...
>
>>Leythos wrote:
>>
>>
>>>If you have SpyAxe, PSGuard, Smitfraud, Sinnaka Advertisments or detections
>>>for Puper or Alemod that can not seem to be removed automatically, please
>>>try this automated removal tool.
>>
>>PCbutts troll alert posting as Leythos.
>
>
> Thanks Rock, I'm not sure why he likes posting as my Nickname so much,
> while I think it's funny, he's not fooling anyone. It's just another
> nail in his ethics coffin.
>

No problem. That coffin was buried a long time ago.

--
Rock
MS MVP Windows - Shell/User

Sorry, but your question "And your version of of Sun Java is the latest ?" is
way over my head--how do you even check this?

Harry Keijzer

--
Harry Keijzer


"David H. Lipman" wrote:

> From: "Harry Keijzer" <HarryKeijzer@discussions.microsoft.com>
>
> | Hi,
> |
> | My Spyaxe problem appears to have been corrected. SpySweeper showed that I
> | had several adware items again last night: SpyAxe, SpyAxe Fakealert and
> | Trojan-downloader-zlob. So I ran SpySweeper after upgrading to the latest
> | definitions file and deleted the adware items. No more pop-up balloon or
> | icon in the task tray. Re-booted several times, with no problems. I did
> | this with my Internet connetion disabled. Next, I ran SpySweeper several
> | more times, with no adware being found. Then, I (hesitantly) enabled my
> | Internet connection again--no problems.
> |
> | Ran Ad-Aware SE which showed a bunch of malware-items in my registry;
> | quarantined those. Everything still works. Fingers crossed, of course...
> |
> | Many thanks to everyone for your input!
>
> And your version of of Sun Java is the latest ?
>
> Since you had one Downloader Trojan, you may have other Trojans or virsues that SpySweeper
> won't find.
>
> If you had applied my SmitFraud.exe tool, you would have permed a McAfee anti virus command
> line scan of your computer.
>
> Please use the following tool and and use the McAfee module.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "Harry Keijzer" <HarryKeijzer@discussions.microsoft.com>

| Sorry, but your question "And your version of of Sun Java is the latest ?" is
| way over my head--how do you even check this?
|
| Harry Keijzer
|
Easiest way is to look in...

C:\Program Files\Java\

You'll see a folder such as;

C:\Program Files\Java\jre1.5.0_06


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

I can't find any folder named Java under Program Files. I do have a folder
named Java under Windows; it contains two empty folders named "classes" and
"trustlib".

I think I will just keep an eye on things for the next few days; SpySweeper,
Ad-Aware and NoAdware all tell me I'm OK. Maybe one of these days I'll have
my PC looked at by somebody who does know his stuff (as opposed to myself...
;-()

Many thanks for your help, though, and best wishes for 2006!
--
Harry Keijzer


"David H. Lipman" wrote:

> From: "Harry Keijzer" <HarryKeijzer@discussions.microsoft.com>
>
> | Sorry, but your question "And your version of of Sun Java is the latest ?" is
> | way over my head--how do you even check this?
> |
> | Harry Keijzer
> |
> Easiest way is to look in...
>
> C:\Program Files\Java\
>
> You'll see a folder such as;
>
> C:\Program Files\Java\jre1.5.0_06
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "Harry Keijzer" <HarryKeijzer@discussions.microsoft.com>

| I can't find any folder named Java under Program Files. I do have a folder
| named Java under Windows; it contains two empty folders named "classes" and
| "trustlib".
|
| I think I will just keep an eye on things for the next few days; SpySweeper,
| Ad-Aware and NoAdware all tell me I'm OK. Maybe one of these days I'll have
| my PC looked at by somebody who does know his stuff (as opposed to myself...
| ;-()
|
| Many thanks for your help, though, and best wishes for 2006!

Tha's means you are still using Microsoft's version of Sun Java that was licensed to
Microsoft..

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm