|
-
May 10th, 2006, 09:56 AM
#1
Green Wheelchair / Spyaxe variant
Hey Guys,
Long time no talk. How is all?? For those memebers who know me, i miss you guys heaps.... not that the feeling is mutual 
I have a pain-in-the-ass piece of malware i cant seem to remove. I have done plenty of research and followed all the comments people have made but to no avail.
I believe it comes under many different names including spywarequake, spyaxe, spyfalcon etc. Currently it is a green wheelchair that changes to a red circle with a slash (think Quit Smoking) and back again. It also pops up saying that i am infected and to download antimalware software..... duh!
http://malwarecomplaints.info/viewto...687a16c8856f7c
http://www.bleepingcomputer.com/foru...hp/t49830.html (Contains picture of spyware popup)
God, there are so many places i have looked... but one thing the majority of posts had was using the following software to remove it;
HJT
Software called "SmitREM" (previously spyaxefix.exe)
Ewido Malware remover
Everything i have read tells me that the above should fix my problem and that is that.... however after reading many many posts and following instructions and being very severe in items being removed from HJT, it is still appearing.
I am at a loss. I am also thinking that this is a new variant which has not been included into any definitions or taken into account when writing intructions....
Anyway... any help would be much appreciated.
Look forward to hearing from you all !!!
CTO
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
-
May 10th, 2006, 10:55 AM
#2
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
May 10th, 2006, 02:18 PM
#3
Junior Member
See also :
http://forums.spywareinfo.com/lofive...hp/t74684.html
http://forums.spybot.info/showthread.php?t=4015
Both found using the following search string in Google :
?how do I remove green wheelchair spyware?
Just an FYI on the search string. If everyone knew about it, life would be easier. 
Misery is not my friend, but I\'ll break before I bend.
-
May 11th, 2006, 01:55 AM
#4
CybertecOne, I have dealt with SpyAxe and from what you're saying, it sounds identical. The system I was on was an XP box with 2 Administrative accounts. SpyAxe infected one user account and had all the same attributes you are describing. Let me say for starters that I tried nearly every program out there and this bastage of a spyware program wasn't budging.
What I wound up doing was booting into SafeMode and logging on as the Administrator (not the infected account). This stopped SpyAxe from running on bootup. I believe I ran Ewido and Symantec Corporate Edition which removed the files. What kills me is I can't remember the damn .dll file I deleted that eventually wound up killing this thing. I'll do some more research and see if I can find exactly what else I did. In any event. good luck.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
May 11th, 2006, 02:01 AM
#5
Hi Guys,
Thanks for those links, but i had already read those.... i had done plenty of looking around.
Just thought i would add that the 'green wheelchair' is also in safe mode in the same shape and form. I imagine this would cut down the number of files that it could be.
Anyways, im trying to search files through date order and look for anything suspicous over the last few days....
Let me know if you have any new ideas, particularly about it being in safe mode.
CTO
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
-
May 11th, 2006, 02:10 AM
#6
Did you do any of the online AV scans? I've found Panda to be the best for identifying rogue files.
Search for any and all recent .exe's and .dll's, and any .tmp files or null files (a "~" extension).
Sadly sounds like a new variant...
edit -- you might also try RootkitRevealer. It's not going to remove anything though, and might throw up some false positives (google is your friend). Removal will have to be done manually.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
May 11th, 2006, 11:17 PM
#7
I know this might sound really obvious, but have you tried add/remove programs? most people don't (myself included)... I have spent literally hours trying to remove spyware on PC's, then went to add/remove prog's and it was gone *kicks self*
I\'m Dying To Find Out The Hard Way
-
May 11th, 2006, 11:24 PM
#8
oh yeah and if that fails, as I general rule I do the following
install counterspy/avg
start in safe mode
check task manager for anything unrecognised and kill it
run hjt/counterspy/avg and remove all stuff nasty (in counterspy be sure to run all the system tools, they are very very useful)
reboot into normal mode
reboot into safe mode
run hjt/counterspy/avg
manually remove any files/registry keys that are found (I often find that you get access denied while deleting registry keys, if this is the case right click the key, goto permissions and add yourself with full access)
and (in most cases) all the nasties are gone
i think i have covered everythig here, its not the same trying to think of it in your head as to when your doing it... any problems let me know, I am yet to find something I can't remove, and I often do about 5-10 spyware removals per week
edit: don't forget to back up the registry and it is better to rename/move the files than delete them just incase it screws your PC up
I\'m Dying To Find Out The Hard Way
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
