Can anyone help?
Posted on 12/06/2005 6:38:12 PM PST by CAWats
My computer apparently picked up a virus from spyaxe.net. I have a pop-up window saying I have spyware and "it is recommended to use antispyware tools to prevent data loss." Everytime I close the popup it pops up again. I got tired of closing it and installed it then removed it with "Add/Remove Software" in the control panel. The pop-up is back.
Can anyone help?
you must have Firefox.
You might want to install SpyBot and run it. It's free. Pinging Backhoe who might have more ideas.
YES!!
Is your computer on?
also try adaware by lavasoft also free. do it and spybot both.
I would think that message itself is a spyware wolf-in-sheeps-clothing. It 'says' it's from Windows, but I don't think so...
I'd recommend you download Microsoft Anti-Spyware Beta and give your pc a good cleaning.
http://www.microsoft.com/athome/security/spyware/spywareremove.mspx
I did a Google search, and found this site with some recommendations:
http://www.spywareguide.com/product_show.php?id=2361
If that doesn't work, then I would recommend going to HiJackThis and getting some expert help. They are pretty good with persistent spyware that refused to let itself be deleted.
... FWIW I like Spybot and Ad-Aware too. They're also less intrusive.
Get a Mac. You don't have to waste your time with this stuff.
I agree about the Mac. I've got a PowerBook G4 behind a NAT Router, Intego NetBarrier firewall, Norton Antivirus for a belt & suspenders approach. Never had any spyware, virus or trojans. Not one.
The personal version is free, I believe.
Windows let it install, let windows clean it up!
and stop surfing porn sites.
Thanks for all the help!!
Trust me - Adaware, MS Anti-Spyware, Spybot S&D - none of them get rid of it. They look like they might, but don't. Adaware finds it and says it will delete it, but it comes back.
The instructions I found say to start Windows in safe mode (press F8 while booting), then delete the file svchosts.dll (not svchost.exe) from c:\windows\system32, then run Adaware or some other scanner that knows about Spyaxe.
Sometimes you can't delete svchosts.dll and you need a program like killbox.exe (Google it) because the dll is in memory and locked.
There is also a SpyAxeFix.exe out there that will supposedly get rid of it.
I haven't tried any of these things yet - I am heading over to his house tomorrow night to try them. Trying to talk him (actually anyone) through the instructions is painful when you can't see what is going on.
You could give this guy some grief...
Domain name: SPYAXE.COM
Registrant Contact:
U-12
Joshua Veronimo (admin@spyaxe.net) +632.8323123 Fax: +632.8323123 U-12 Gamma Commercial Complex # 47 Rizal Highway cor. Manila
Olongapo City, 1300
PH
Administrative Contact:
U-12
Joshua Veronimo (admin@spyaxe.net)
+632.8323123
Fax: +632.8323123
U-12 Gamma Commercial Complex # 47 Rizal Highway cor. Manila
Olongapo City, 1300
PH
..yeah bumps and grins make for nnnnaarrrley waves man
Doogle
My computer isn't on, but it is running.
Should I try to catch it?
Hate to tell you, but generally a firewall only stops incoming connections. It won't stop drive-by-downloads, unless your firewall has content filtering and knows about this particular spyware/malware. Reports are that this comes in as baggage in a codec download. If you choose to download the codec (and I'm not even sure if you are asked, especially if Media Player is configured for automatic codec downloads), it's normal http traffic and a firewall won't stop it.
My dad got this Spyaxe today, and I set up his system and he does have a firewall and anti-virus softare and anti-spyware software - and it got through. I can't say whether or not he did something dumb to let it download or not, but nothing stopped it.
and stop surfing porn sites.
I don't goto moveon.org
Ah! Hahaha! Good attitude! :)
You really need to do some homework.
If you have a firewall you might look to see how to eliminate traffic from that address. I switched to Zone Alarm and it would remove it.
Windows let it install, let windows clean it up!
I tried that. It didn't work. (and it installed itself anyway!!)
If all else fails reboot your machine in safe mode then run your spy ware. This will sometimes get rid of these pesky pop-ups
ping
--b--
Come on guys, don't do that. I am a lifelong mac user and advocate, but when people post things like this, they don't want to hear "get a mac".
I agree with you, and don't even use virus protection, but this guy is looking for a solution to the problem he's got.
I hate it when people come into a mac thread and jump on with their usual remarks that have nothing to do with the subject at hand. Let's not do it to them.
Almost half of all Internet use is directed toward porn sites.
The virus producers know this, and a high percentage of virus, worms and trojans come from porn sites.
Many others come from emails. My anti-virus stopped a virus today. I got an email about "your new user name and password". Since I just had to get a new user name and password for a credit card I lost, I thought this was legit. As soon as I opened the file, my anti-virus program caught it and I was able to delete the file before downloading.
1] I am not saying you visit porn sites, but about half of all time spent on the Internet is at porn sites.
2] Get a AV program and make sure it is up to date.
Even though I have my AV program set for auto-updates, I do Live Update every single time I start my computer.
3] Do not open ANY email that you are not 100% sure is legit.
This all sounds simple, but even the "pros" get caught now and then by letting their guard down.
I had one of these last year that about drove me crazy....but I prevailed. You might want to post your problem or read one of the many computer forums on the net. That is the approach I took.
Just do a google search for computer forums.
Yo should try the program called Hijack This. Be careful though. It also displays legitiment registry entries.
You make a good point, though, most viruses are let in because users open themselves up to the potential.
Glad to know you got rid of "SpyAxe". People who create spyware and pop-ups should face the same penalties as those who create viruses.
bump that !
Got Unix ?
True. Most computer viruses are spread by human behavior patterns.
I can tell you how to get rid of the popup...but not the SpyAxe.
Check freep mail please. :-)
You are right, of course. But you never know when somebody is thinking about making a change, especially during the Christmas season.
I've used PCs for years at work and always keep up with latest OS and browser patches, keep antispyware tools running, defrag, clean up registry, keep AV running. I've had pretty good luck keeping my machines clean, but I understand how awful it can be when you've something like this. It may be such a deeply buried and hidden rootkit that the only solution is to reinstall Windows.
Only if you find it running to Windows......
bumping in case I catch it.
Google 'spyaxe'... DON'T go to the 'spyaxe.com' site, they made the thing so who trusts them to get rid of it... Other places mention that the active part is called "svchosts.dll" (as differing from legitimate windows 'svchost.exe'). The popup seems to come from a file called "hpE951.tmp". Both reside in the windows/system32 folder. You might try to delete them as they sit, but if they are active, you won't be allowed. Try starting in safe mode and then see if they can be removed. Remember, DO NOT delete svchost.EXE or you won't even be able to get back online!
This is one of the sources for this information I found on Google:
Hope this is of some help...
I use both AdAware and Spybot S&D. It seems though that as of right now, neither of these find or remove this.
I have Process Explorer, have Zone Alarm pro and keep my stuff updated, use Norton 2005 which detects 'threats'.. I haven't picked up anything on my machine in 7 years...
Now, my daughter managed to get something on her machine (we suspect it was on an .mp3 she listened to) but Norton grabbed it when it tried to execute when the machine was next restarted. It just took a bit of convincing to get it out of there since it acted like a rootkit.. (Scared her enough to make her quit using IE though!) I'm going to be watching this one, since it seems to be 'off the radar' as far as the spyware/virus/adware people are concerned.
Oh, and as for things Microsoft... I've had very unpleasant experiences with MS betas and I will never use another one no matter how inviting. I follow the rule "don't install any MS software until SP1..."
However, I am sure that your comments will be of help to others... (probably a good thing you didn't mention mucking around in the reg HKLM/software/windows/etc/etc/etc stuff! Imagine the mess they could get themselves in doing that!)
I use Firefox. Click the link and give it a try. Re: Sygate Firewall...
Sygate has been swallowed whole by Symantec, and all consumer firewall software is discontinued.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.