Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 3/25/2006 10:20:51 AM EDT
[Last Edit: 3/25/2006 10:21:35 AM EDT by Tango7]
Not that I'd ever surf for boobies... uh.. err..

There's a new ad/spyware out - SpywareQuake v2.0. It not only changes your home page to the standard about:what BS, but it installs an "antivirus" program in your computer, which will pop up a window with:

Your computer is infected!
Critical system error!
System deteced virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software.

Of course, the only one which comes up is... SpywareQuake!

In addition, it boots itself up at startup, and tells you that you're infected.

No shit - and you're the problem.

And of course, the "uninstall" instructions in the malware and at their website simply refer you to the "unistall programs" wizard in Windows. Conveniently enough, it re-installs itself, so it never really goes away.

According to the code I sorted through, this shit was first excreted earlier this month.

Tried Stopzilla - it will ID the world (but you pay if you want the stuff removed)
Tried Lavasoft and Trend Micro.
Avast! was working ok, but it was only running in partial capacity because of a conflict with Macaffee. This Spyware disabled the Avast, and shut off my Google and Yahoo toolbars (both had antispy capabilities)

All of the "testimonials" comes from Canada, New Zealand, or other BFE locations (no offense to our northern neighbors intended) - IOW, no US testimonials.

While it may have started out as completely legit software, I have a feeling that most of the "customers" these days are actually extortion victims who pay the "registration fee" just to be able to effectively unistall it once and for all.

Just a heads up. Going to Security tango, then to Geekstogo.

Will update with SITREP if anything changes.

Link Posted: 3/25/2006 10:27:04 AM EDT
we've been seeing this at the shop for a few months. it doesn't seem to be comming from porn sites though. i think from clicking a popup banner about "you PC may be infected by Blackworm virus".

google "SMITREM" download the smitrem.exe tool and run it in safe mode. problem solved.

this spyware also goes by the names spyaxe, spysheriff, and a few others.
Link Posted: 3/25/2006 6:49:55 PM EDT
[Last Edit: 3/25/2006 7:24:59 PM EDT by Tango7]
Thanks, Griz. That helped.

Along with deleting certain files in the windows/prefetch folder...

ETA - Sunnavabitch is back in my taksbar.
Link Posted: 3/26/2006 9:35:36 AM EDT

Originally Posted By Tango7:
Thanks, Griz. That helped.

Along with deleting certain files in the windows/prefetch folder...

ETA - Sunnavabitch is back in my taksbar.



if it keeps comming back after removing it you probably have a downloader trojan on your system. try running AVG Free antivirus. go to downloads.com and search for "AVG Free". it works better than nortons, pccillin, and mcaffees.
Link Posted: 3/26/2006 9:38:14 AM EDT
it should be an executable offense for anyone to buy anything advertised through spam and spyware. if they didnt get a return on their spamming, they wouldnt do it!
Link Posted: 3/26/2006 9:38:18 AM EDT

Originally Posted By grizzlyarms:

Originally Posted By Tango7:
Thanks, Griz. That helped.

Along with deleting certain files in the windows/prefetch folder...

ETA - Sunnavabitch is back in my taksbar.



if it keeps comming back after removing it you probably have a downloader trojan on your system. try running AVG Free antivirus. go to downloads.com and search for "AVG Free". Linux. it works better than nortons, pccillin, and mcaffees.



fixed.
Link Posted: 3/26/2006 9:41:53 AM EDT

Originally Posted By grizzlyarms:

Originally Posted By Tango7:
Thanks, Griz. That helped.

Along with deleting certain files in the windows/prefetch folder...

ETA - Sunnavabitch is back in my taksbar.



if it keeps comming back after removing it you probably have a downloader trojan on your system. try running AVG Free antivirus. go to downloads.com and search for "AVG Free". it works better than nortons, pccillin, and mcaffees.



THANK YOU ! AVG is by far the best.
I have a friend that gets nuked every other month! I am tired of fixing his machine!
He calls me up "dude I caught a virus"
Me: How do you know?
Him: Norton told me
ME: WTF is Norton doing on that box?
Him: I installed as a precautionary meausure
Me: Dumbass! just use AVG
I'll be over tomorrow to fix it, AND STOP USIING SHITWARE!!!!
Link Posted: 3/26/2006 9:48:21 AM EDT
I'll put in a second vote for AVG. Gave up on Norton and McAfee when they became bloatware.

Been *much* happier however since I switched my primary machine to a PowerBook.
Link Posted: 3/26/2006 9:50:11 AM EDT
never had that problem
Link Posted: 3/26/2006 9:52:04 AM EDT
Fuck install just go into the hard drive and delete all the files.
Link Posted: 3/26/2006 9:57:21 AM EDT
Had the problem on my fathers computer and ended up doing a system restore to 2 weeks previous. Fixed the problem and it hasn't come back. Damn well should have tried that first instead of killing myself for 2 days trying to remove it.
Link Posted: 3/26/2006 10:02:39 AM EDT
Link Posted: 3/26/2006 10:05:38 AM EDT
+1 for system restore, I had spyaxe for four days driving me up a wall trying to get rid of it. Then the lightbulb blinked on! five minutes later, no more problem.
Link Posted: 3/26/2006 10:16:10 AM EDT
+ 1,000,000 AVG is Amazing stuff.....the main company is in Czechslovakia so they really have the heads up on the virus thing.....
Link Posted: 3/26/2006 10:21:55 AM EDT
I picked up spyaxe back in Dec and Norton was all but useless. I updated and ran Lavasoft and it canned it with a quickness; I'm pretty happy with it overall.
Link Posted: 3/27/2006 1:23:08 PM EDT
UPDATE - Thank Ja for "system restore".

Tried AVG,
Tried AdAware
Tried STOPzilla (ID'd a bunch of stuff, but freeware won't do anything else - worthless)
Tried SmitRem (helped for about .5 min)
Tried Trend Micro
Tried Hijack this!

(Basically everything on Kim Komando's website, and the procedures @ Security Tango)

Nothing worked.

Apparantly this bug is so new, the script isn't recognized yet. Wow... finally, I'm on the cutting edge of something.

The wife got Macaffee and tried it. Took 5 minutes to load, and then she couldn't get online. If she can't access her work site from home, she can't day-sit Mom.

Of course she calls me to bitch when I'm on duty and can't come home to fix it.

Get home this am, and try to reinstall the broadband driver. The PC won't recognize my CDROM.

FAYA, spam muthafuckas. (picture Samuel L. Jackson in Pulp Fiction as a tech nerd)


[Ezekiel 25:17 ]
Jules: The path of the innocent user is beset on all sites by the iniquities of the greedy, and the tyranny of evil programmers. Blessed is he, who in the name of charity and good will, shepherds the clueless through the Internet valley of Spam, for he is truly his brother's keeper and the finder of lost registry keys. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison, corrupt and destroy the systems of my brothers. And you will know my name is the Lord when I lay my software upon thee.



I am a cold blooded system deleting nerdy bastid sent by Gawd hizzelf with a little bit o' knowledge and a short temper.

Now it's working just fine, thank you.
Link Posted: 3/27/2006 1:26:49 PM EDT
I have AD-Aware, never had a problem with this shit, and it does find stuff like this every week I use it. Not to mention all the crap my wife gets on using her profile.
Link Posted: 3/27/2006 1:28:14 PM EDT
Try Spyware Doctor. I had something that would re-direct my first two Google search selections to other sites. Adaware did not remove it, but Spyware Doctor did.
Link Posted: 3/27/2006 1:32:34 PM EDT
you have been root-kitted..

just another 'winfixer' type bug.

people that make these things deserve taliban justice.
Link Posted: 3/27/2006 1:40:50 PM EDT
tag
Link Posted: 3/27/2006 2:00:04 PM EDT
Link Posted: 3/27/2006 3:02:55 PM EDT
tag
Top Top