Hi there,

I recently had an infection on a friend's PC which I could not detect or repair with Spybot S&D, Ad-Aware, MS's Anti-Spyware beta, SpyBouncer, or AVG. It is from Spyaxe, a bogus anti-spyware product that hijacks your taskbar, pops-up an annoying message ("Windows has detected spyware", etc.), spawns and redirects IE to the Spyaxe homepage (I won't link to it for fear of spyware), and disables the Taskbar and Start Menu control panel. It infects the System32 folder. Looks like the guys at spywareinfo.com have discovered the details:

http://forums.spywareinfo.com/index.php?showtopic=61139&hl=spyaxe

My friend dug around his System32 folder and manually pulled out the offending files; since he knew when the infection occured, he could pull all files modifeid at a certain time. Most people are obviously not so lucky as to know when such infections occured.

This is a very recent problem - two weeks ago there were no posts on the Net about this via Google. Now there seem to be several.

I hope SpywareBlaster gets a blocker for this, and that someone sues or arrests the turds at Spyaxe!

Spxaxe.com themselves are offering a solution and acknowledging the problem. Follow these directions and you'll be done with it. They are easy and they worked for me.

In order to clean your PC from infections related to Spyware Axe product, please follow the instructions below:

1) Save Uninstallers.zip from http://www.spyaxe.com/uninstall/uninstallers.zip to your desktop or HDD.

2) Extract 2 files "illegal_adv_uninstall1.exe" and "illegal_adv_uninstall2.exe" to your desktop or your HDD using WinZip.

3) Execute both of them one by one by double-clicking with your mouse.
*note: they will run instantly in the background. So don't be concerned when you don't visually see anything happening.

4) Reboot your PC

5) Your PC is now clean from the infections.

If you haven't done so already, delete the entire spyaxe directory from your drive under program files. Good luck

As well as the above
I also deleted the file C:\Windows\System32\svchosts.dll
this seems to have done the trick

{QUOTE-> As well as the above
I also deleted the file C:\Windows\System32\svchosts.dll
this seems to have done the trick <-QUOTE}

Never delete svchosts.dll this is a dll who is usedby several legal programs. When deleted your system may beinstable...

Steven

{QUOTE-> Spxaxe.com themselves are offering a solution and acknowledging the problem. Follow these directions and you'll be done with it. They are easy and they worked for me.
<-QUOTE}

yep
they claim one of their affiliates has done these drive by installs
thus the uninstaller ( which seems to remove other associated malware too )

they also claim that the affiliate who did this is no longer an affiliate

thanks. it looks like it has worked so far. But now I can't delete the spyaxe folder from my program files. it says 'cannot delete dbghelp.dll. access denied.the souce file may be in use. When I try to unistall it takes me to the spyaxe website to send feedback. what should I do?thanks

you might try to delete the file in safe mode.;)

{QUOTE-> thanks. it looks like it has worked so far. But now I can't delete the spyaxe folder from my program files. it says 'cannot delete dbghelp.dll. access denied.the souce file may be in use. When I try to unistall it takes me to the spyaxe website to send feedback. what should I do?thanks <-QUOTE}

This program can tell you who/what has the files locked, and can unlock them: http://ccollomb.free.fr/unlocker/

You may want to take note of programs that are accessing the folder
and research them before unlocking/deleting anything.

Also, svchost is just that--a host for services. In this case it just happened
to be hosting something suspicious, but unless the file has been altered,
svchost in itself should not be dangerous.

And don't get carried away with 'unlocker.' <g> You only want to unlock
known offenders.

I was infected with the Spyaxe mess this morning and as with the others I couldn't seem to do much about it. I had to constantly X out of the spyaxe box just to do anything with Control panel or anything else. Finally I did a system restore to yesterday, I emptied my recycle bin, deleted the Norton protected recycle files and did a search for Spyaxe and it comes up with nothing. Could I really gotton rid it it so easy?

If you use the MVPS hostfile (http://www.mvps.org/winhelp2002/hosts.htm) you won't get this, it's on the list.:)

I found that in order to delete the malware that was redirecting my homepage I had to go in safe mode in order to effect delete. The other phoney alert kept running even in safe mode but it was easy to find and kill.

Like I said yesterday, all I had to do was do was a system restore to the previous day (I've got Windows XP Pro OS) and delete what was left in recycle bin. I didn't do any other deleting of files. It's been 36 hours and no sign of it left.

how do you go into safemode? im not really a computer elite and ive been infected by the virus

To do this with Windows XP, you can follow these steps from Microsoft (http://support.microsoft.com/default.aspx?kbid=315222):

Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.
Select an option when the Windows Advanced Options menu appears, and then press ENTER.
When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.

Well in the ongoing battle with spyaxe, the uninstallers http://www.spyaxe.com/uninstall/uninstallers.zip are now no longer available at the spyaxe website, and I just got the virus. Can anyone post the zip file so that those who get this in the future may remove the problem?

Hi all.

It appears Spyaxe has removed their web site from the internet. This makes downloading their 2 unistall files impossible. For those infected running Windoxs XP, a system restore to a previous date fixed my friend's problem.

I got it today. I tried several solutions found in various blogs and none of them worked. I tried every anti-spyware and anti-virus I could find. I have norton internet security pro which didn't get it. I did the system restore to yesterday and it worked. The svchost.dll is gone as well.

System Restore Worked!! 8)

{QUOTE-> I found that in order to delete the malware that was redirecting my homepage I had to go in safe mode in order to effect delete. The other phoney alert kept running even in safe mode but it was easy to find and kill. <-QUOTE}

Can u tell me how you got rid of the alert please? I can't find it...
thanx

{QUOTE-> Like I said yesterday, all I had to do was do was a system restore to the previous day (I've got Windows XP Pro OS) and delete what was left in recycle bin. I didn't do any other deleting of files. It's been 36 hours and no sign of it left. <-QUOTE}

Is it still gone? No need to do anything else to get rid of it permanently?

i used this and it worked for me. BTW it creates a file called svhosts.dll notice the s on the end. Also be aware i have heard reports of the uninstaller from spyaxe simply installing more crap on your computer....

http://www.sysinternals.com/Forum/forum_posts.asp?TID=2200&PN=1&TPN=5

{QUOTE->
Also, svchost is just that--a host for services. In this case it just happened
to be hosting something suspicious, but unless the file has been altered,
svchost in itself should not be dangerous.

<-QUOTE}

The windows file that you and others have referred to is svchost.dll but the file associated with spyaxe is svchosts.dll

to all spyaxe victims:

Spyware Expert Noahdfear has made a tool to remove this infection:
download smitRem.exe from
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1


after downloading doubleclick the self extractor to install it to a folder on your desktop
then reboot into safe mode ( important )

when in safe mode:

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish., then run scans with your spyware scanner , your virus-scanner and your antitrojan, allowing them to fix what they find.

it should be gone after a reboot

note that there may be other associated registry entries still remaining, you must manually remove them ( extra caution should be taken when editing the registry, errors can result in a disaster! always back up the registry before editing it )

if you experience any troubles with it ( run it on your own risk ! )
please ask for cleaning help on one of the spyware cleaning forums listed here

http://asap.maddoktor2.com/

Unfortunately there is a NEW version of SpyAxe out there that only sits there and laughs at all previous solutions. It is MUCH worse and instead of dropping extra files into your system which you can find and delete, it attacks certain critical system files and changes their function so they support the evil purposes of the creators.

Really, these guys take the cake. I am thinking evil thoughts about them, even as the little nag message sits in the lower right of my screen even now reminding me that I have not yet been able to kill this bug.

On my system, the following files are modified:

wuauclt.exe
wuauclt1.exe
ctfmon.exe

The first two you can get back from your windows install disk or from the latest service pack archive. The third one you only have if you have Microsoft Office installed (I do) so presumedly they attack a different file if you do not.

There is also at least ONE other critical file affected, and if I knew which one that is, I might be able to get ahead, but unfortunately I do NOT.

WARNING! The latest version of Adaware claims to be able to kill SpyAxe but it only works on the earlier kinds. If you have this latest one, it TELLS you that its deleting it, but as soon as you reboot it comes BACK and worse than ever.

spyaxe has no relation to Winfixer 2005 or WinAntiSpyware 2005 does it???

{QUOTE->

wuauclt.exe
wuauclt1.exe
ctfmon.exe

The first two you can get back from your windows install disk or from the latest service pack archive. The third one you only have if you have Microsoft Office installed (I do) so presumedly they attack a different file if you do not. <-QUOTE}

can you check winlogon.exe properties, post them here, thank you
also i'd like you to scan that file with jottis malware scan, http://virusscan.jotti.org

{QUOTE->
There is also at least ONE other critical file affected, and if I knew which one that is, I might be able to get ahead, but unfortunately I do NOT.
<-QUOTE}

see above, if there is something odd at your winlogon.exe, could you upload it to http://www.thespykiller.co.uk/forum/index.php?board=1.0

see instructions for uploading here:
http://www.thespykiller.co.uk/forum/index.php?topic=5.0

thank you in advance

edit: Jim, i would like to see your hijackthis log, see this page for info:
http://www.tomcoyote.org/hjt/

other victims see here:
http://www.wilderssecurity.com/showthread.php?t=42148
{QUOTE->
Please note that from time to time a HijackThis log may still be requested by a moderator (or specially titled forum expert) for use in other types of problem diagnosis. Only those logs requested by a Wilders team member will be worked on in forum.
<-QUOTE}

spyaxe removal explanation and instructions here:
spyaxe (http://www.spyware-removal-guideline.com/spyaxe-removal)

I dealed with spyaxe simply by downloading a free trial of Spy Sweeper. I ran a sweep, it caught SpyAxe, then told me to reboot. I rebooted a minute ago, and lo and behold, I have no annoying little popup at the corner of my screen, and my homepage is back to normal.

Why waste time with dangerous file deletion when Spy Sweeper can do it for you?

Here you can read latest spyaxe news (http://www.2-spyware.com/remove-spyaxe.html)

{QUOTE-> System Restore Worked!! 8) <-QUOTE}

Huzzah SPYAXE axed!

This advice worked for me ...

>Spyware Expert Noahdfear has made a tool to remove this infection:
>download smitRem.exe from
>http://noahdfear.geekstogo.com/click...click.php?id=1

... BUT the RunThis.bat file wouldn't run on my XP Pro system, until
I renamed it to RunThis.cmd (inspired by a French version of this file
I found elsewhere).

Hope this helps anyone else out there with the same problem.

Cheers

Our folks put together a spyaxe removal in our Malware Removal and Prevention Procedure:

http://wiki.castlecops.com/SpyAxe_Removal

As part of the overall MRP:

http://wiki.castlecops.com/MRP

SPYAXE SUCKS!

Dont go anywhere near this product that purports to be a free malware scanner. I did and even taking advised steps to clear it, it kept re spawning, coming up with multiple pop ups and incescent warning that my PC was infected. Yes it was Spyaxe! Going to their site for the removal tool did not allow me to download it - a pure scam. This is a gotU product in an effort to make you buy their product. After 2 or 3 hours trying to remove it from various program files and many registry entries I was still getting problems.

I tried Norton, Spybot and Adaware all to no avail although they did remove some files. Finally I dowloaded PC Tools Spyware Doctor - a first class product that finally deleted all the malware etc that had been installed from SpyAxe.

This was money well spent on Spyware Doctor as it clered up some other issues but most importantly includes "On Guard" to protect from other companies and downloads similar to SpyAXE.

Wll Spaxe refund the cost of Spyware Doctor? I think not as they are abunch of crooks.

Hi,

Tried all the various solutions to the SpyAxe problem, nothing worked, including all the older downloadable fixes and uninstallers -- this must be one of the new ones -- managed to find my way through MSInfo to a solution which seems to have worked for me.

I found that the file "wbeconm.dll" located in the folder c:\windows\system32 was creating the annoying pop-up taskbar message. This can actually be located and renamed without any recourse on your computer and seems to solve the problem. However, we found that the SpyAxe initial installation, even if not completed, leaves a trojan called Trojan.Zlob.D which creates fake entries in the registry at:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Delete the file located in the string 'Kernel32.dll - [file name]' then delete the entry in the registry, check any others here as well (I found the others were problems too).

Cheers.

Has anybody come up with a solution to this latest version of Spyaxe? Because it is really messing up my week.

{QUOTE-> Has anybody come up with a solution to this latest version of Spyaxe? Because it is really messing up my week. <-QUOTE}Have you tried the link in this post?{QUOTE-> Our folks put together a spyaxe removal in our Malware Removal and Prevention Procedure:

http://wiki.castlecops.com/SpyAxe_Removal <-QUOTE}It takes you through to this link (http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3) of which I have used the enclosed tool successfully to remove spyaxe/smitfraud.

Let us know how you go...

Cheers ;D

Hello,

I've been attacked with this stupid thingy as well since yesterday afternoon.

I've litterally tried everything proposed here, but nothing worked... it keeps coming back!
I assume it must be a new version which smitRem doesn't remove?
(BTW, the links to smitRem are dead this morning...?)

Here's my HT-log, I hope someone can help me!
THX

~snip~ removed HJT Log

Hi Stoffel, have you followed the instructions in my post above yours?

Cheers ;D

{QUOTE-> Hi Stoffel, have you followed the instructions in my post above yours? <-QUOTE}
That's what I tried, yes... didn't work though.

When I try to run the smitRem-tool, I see lots of "not found"-thingies appearing and stuff... but it doesn't remove SpyAxe :(

{QUOTE-> That's what I tried, yes... didn't work though. <-QUOTE}And this was done in Safe Mode? The instructions have to be followed precisely or they will not work.

Cheers ;D

{QUOTE-> And this was done in Safe Mode? The instructions have to be followed precisely or they will not work.

Cheers ;D <-QUOTE}
Hi :)

Yes, I did it in Safe Mode ;)


But I've found another solution now!
sienaworld wrote about it a bit earlier as well... I had to remove the wbeconm.dll first!

When I did that, the smitRem-tool and Ewido solved the problem.
(It wouldn't work without removing that dll though)

Afterwards, I also removed all values containing the name "SpyAxe" in the register.
And I removed all folders and files on my computer also containing that name.

And now it doesn't seem to come back... so: yippee :D


THX! :)

Thanks to all for your postings and help - I just got stung by this piece of turd software. I did the system restore and that seems to have worked. For those like me who are relative novices at pcs here is what to do in Windows XP:
- click on the start menu
- select "help and support"
- at the top left of this screen, there is a "search" box. In it type "system restore wizard"
- you will get two options - pick the one that says "Run the System Restore Wizard"
- choose "restore my computer to an earlier time" and click next
- you will see a calendar with some dates that are in bold type face. These are the days that you can restore your system to. Pick a date that is before the infection by spyaxe and hit "next" and then follow instructions.

i was trying to get rid of the alert for 3 days, after i downloaded the spy sweper, then it is gone. and funny thing is that spy sweeper is free for 14 days. you can download it from their official website. but still my homepage is coverded by their page( securitywarning.net). do u know how i can remove this page fom my cover. one more thing i have scanned my computer with spyware doctor, it says i have still registriesd files left from the spyaxe, but spy sweeper doesnt, how come?

In case any of you haven't mentioned it yet, there is a SpyAxe removal tool that can be found at this link:

http://bleepingcomputer.com/forums/topic/36868.html

Look for a program called smitRem (Do a search on the web site if needed), and download the file. It removed SpyAxe AND the Trojan that downloaded it.

Killerbfb12345

{QUOTE-> what to do in Windows XP:
- click on the start menu
- select "help and support"
- at the top left of this screen, there is a "search" box. In it type "system restore wizard"
- you will get two options - pick the one that says "Run the System Restore Wizard"
- choose "restore my computer to an earlier time" and click next
- you will see a calendar with some dates that are in bold type face. These are the days that you can restore your system to. Pick a date that is before the infection by spyaxe and hit "next" and then follow instructions. <-QUOTE}

Or
Start
Programs
Accessories
System Restore
"- choose "restore my computer to an earlier time" and click next"

system restore worked fine for me, piece o' cake. I run XP Pro...

Hi

It seems that I have got the same kind of new Spy Axe since yesterday morning, struggling to get rid of the sucking spyware. Now that merely using smitRem and ewido under safe mode did not improve the situation, I am trying the way posted above.
I do find the wbeconm.dll, but unable to remove it. Please help me to show the way to remove it!!

STOPzilla (www.stopzillia.com) or Spyware Doctor really work. Tried Xoftsoft, spybot, (the trio of Smitfraud, Ewido and Adware SE), McCafee virus plus sypware, Etrust Pest Control, the microsoft spyware to no evail. I am not a spokesperson for Stopzilla, but it worked. Will have to pay a few dollars though when the trial period expires, $19.95.

" do find the wbeconm.dll, but unable to remove it. Please help me to show the way to remove it!!"

Im having the same problem, I had it before... had to format my comp... i'm thinking im going to have to do this again!

Yes im in safe mode... spywear doctor removed everything but the taskbar window.... then it redownloaded itself later

Hi, there!

You have an enterprising friend, or an anti-enterprising friend. I just need help! This annoying fake has prevented me from getting my usual educational homepage, I have to set up my web page for the spring semester, and Iwant out!

I can't get in touch with my smart people at my job until after New Year -- you're right -- there should be a lawsuit!!!

xxx,

Prof. Sullivan

{QUOTE-> Hi there,

I recently had an infection on a friend's PC which I could not detect or repair with Spybot S&D, Ad-Aware, MS's Anti-Spyware beta, SpyBouncer, or AVG. It is from Spyaxe, a bogus anti-spyware product that hijacks your taskbar, pops-up an annoying message ("Windows has detected spyware", etc.), spawns and redirects IE to the Spyaxe homepage (I won't link to it for fear of spyware), and disables the Taskbar and Start Menu control panel. It infects the System32 folder. Looks like the guys at spywareinfo.com have discovered the details:

http://forums.spywareinfo.com/index.php?showtopic=61139&hl=spyaxe

My friend dug around his System32 folder and manually pulled out the offending files; since he knew when the infection occured, he could pull all files modifeid at a certain time. Most people are obviously not so lucky as to know when such infections occured.

This is a very recent problem - two weeks ago there were no posts on the Net about this via Google. Now there seem to be several.

I hope SpywareBlaster gets a blocker for this, and that someone sues or arrests the turds at Spyaxe! <-QUOTE}

{QUOTE-> Spxaxe.com themselves are offering a solution and acknowledging the problem. Follow these directions and you'll be done with it. They are easy and they worked for me.

In order to clean your PC from infections related to Spyware Axe product, please follow the instructions below:

1) Save Uninstallers.zip from http://www.spyaxe.com/uninstall/uninstallers.zip to your desktop or HDD.

2) Extract 2 files "illegal_adv_uninstall1.exe" and "illegal_adv_uninstall2.exe" to your desktop or your HDD using WinZip.

3) Execute both of them one by one by double-clicking with your mouse.
*note: they will run instantly in the background. So don't be concerned when you don't visually see anything happening.

4) Reboot your PC

5) Your PC is now clean from the infections.

If you haven't done so already, delete the entire spyaxe directory from your drive under program files. Good luck <-QUOTE}

I tried downloading the zip file but could only see one .exe inside can anyone help

using a restore point worked for me. Just wanted to thank every one for the help.

Hello . After trying just about everything for free on the net for the last 24 Hrs
I went to Target
and bought SpySweeper by Web root.
took it home installed it and 15 minutes later . Spyaxe was gone for Good! :)
plus 127 other ones.it was way to easy . dont fight it like I did.

I acquired SpyAxe and even though AdAware said it was removed, it wasn't. SpyBot found it but told me it could not delete it, suggested re-running after a reboot, but same result.

I actually used the file from Noahdfear, smitrem.exe...and it worked! Hardest part for a novice was getting into safe mode. Not sure if smitRem did any damage? Also, how the heck did SpyAxe get to my computer in the first place--any certain sites, or can it just download to any broadband-connected PC?

{QUOTE-> to all spyaxe victims:

Spyware Expert Noahdfear has made a tool to remove this infection:
download smitRem.exe from
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1


after downloading doubleclick the self extractor to install it to a folder on your desktop
then reboot into safe mode ( important )

when in safe mode:

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish., then run scans with your spyware scanner , your virus-scanner and your antitrojan, allowing them to fix what they find.

it should be gone after a reboot

note that there may be other associated registry entries still remaining, you must manually remove them ( extra caution should be taken when editing the registry, errors can result in a disaster! always back up the registry before editing it )

if you experience any troubles with it ( run it on your own risk ! )
please ask for cleaning help on one of the spyware cleaning forums listed here

http://asap.maddoktor2.com/ <-QUOTE}

The new SpywareStrike infection can be fixed using the same procedures to fix SpyAxe. SmitRem has been updated to deal with the new techniques used by the SmitFraud criminals. Ewido has also added SpywareStrike definitions, but SmitRem is the key. The link to my post is earlier in this topic, but here (http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3) it is again.

I've sent them 1,000,000 emails to spyaxe complainting about their illegal activities. Still not enough concidering the damage they have done to our network - Deakster

can some tell how this affection occu/*-rs?

drive by installs using various OS and IE vulnerabilities. like the wmf exploit

so if i use opera or firefox no problem for me?

{QUOTE-> I've sent them 1,000,000 emails to spyaxe complainting about their illegal activities. Still not enough concidering the damage they have done to our network - Deakster <-QUOTE}

Sending emails to Spyaxe is a waste of time. It is much better to send a complaint to the Federal Trade Commission (https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU0) and the Center for Democracy and Technology (http://www.cdt.org/action/spyware/). They both have online forms you can fill out to complain. The FTC will take action if enough people complain. They just shut down (http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=76&blogId=3) Spykiller and SpywareAssassin and fined them 2 million dollars.

Thanks to all of you who posted for this topic.;D

For the first time in two weeks my macine is now free of the annoying spyaxe popup balloon. I have tried Norton, Adaware and Spybot. All located and got rid of the program, but none could get rid of the taskbar trojan until smitRem fom Noahdfear.

My experience might be helful to others. I got this infection just before christmas. :'( Symantec.com does have a Spyaxe virus fix on their security response search engine. Its effective, especially in the instructions that get rid of the regedid resident reistries. for me, this was the first time removing regedid components, which was enlightening.

However, none of the Spyaxe solutions at symantec removed the taskbar trojan, and of course the infection just came back. The new Windows XP patch blocks the reinstallation, but does nothing to get rid of the taskbar Trojan. There is by the way an older Trojan that Symantec knows about called Trojan.spaxe that produces a popup window and icon that looks very similar to spyaxe. However, none of the registry values for Trojan.spaxe were on my machine so the fix does not work. I am not sure if this is a ealier version of the spyaxe trojan or not. Maybe some of you more experienced virus killers can tell me.

Anyway, my thanks again to Noahdfear for the solution to this very vexing problem. I am so impressed with the community. Its great to have creative people willing to help.

Dave Coopersmith
Vancouver, BC

This list posted yesterday at 935a works. Thanks. Robert, Mobile, AL

{QUOTE-> to all spyaxe victims:

Spyware Expert Noahdfear has made a tool to remove this infection:
download smitRem.exe from
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1


after downloading doubleclick the self extractor to install it to a folder on your desktop
then reboot into safe mode ( important )

when in safe mode:

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish., then run scans with your spyware scanner , your virus-scanner and your antitrojan, allowing them to fix what they find.

it should be gone after a reboot

note that there may be other associated registry entries still remaining, you must manually remove them ( extra caution should be taken when editing the registry, errors can result in a disaster! always back up the registry before editing it )

if you experience any troubles with it ( run it on your own risk ! )
please ask for cleaning help on one of the spyware cleaning forums listed here

http://asap.maddoktor2.com/ <-QUOTE}


Worked a treat after many days of regedit visits !

{QUOTE-> Your computer is infected!
Dangerous infection was detected on your PC. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft.
Click here to protect your computer from the biggest malware threats. <-QUOTE}

Smitrem couldn't get rid of that annoying message in systray. Spy Sweeper found all the suspicious entries. The free version doesn't delete the stuff --> removal manually ... what a job :-\

But at least it's gone now :)

Well, I just got it the other day, and I got rid of it with the smitrem.exe, but my internet explorer keeps popping up active x controls and I can't download anything or use some online stuff, such as online spyware scanners, open video and sound files.

I'm not sure how to change that.