SpywareQuake, the infamous trojan that downloads and installs the same named corrupt spyware remover has got a brand new variant.
The latest parasite version works in the same manner as the original. It displays a system tray icon that shows a message saying that the compromised computer is infected with dangerous spyware parasites and asking the user to download and install a removal program. Once the user clicks on that message, the trojan opens a web site distributing Spyware Quake. It may also try to download the application, change the Internet Explorer default home page and redirect the web browser to malicious web sites.
The only difference between two current SpywareQuake variants is the files that they install and use. Deleting files of the older variant will not remove the new infection! That’s why we highly recommend using updated SpywareQuake manual removal instructions.
April 20th, 2006 at 2:05 pm
This new version was even tougher to kill. The program actually ran in safe mode and I could not remove it using normal antivirus programs. Also, many of the files supposed to be a part of it were not there. Watch out for it. It downloaded like 5 programs things to my computer, including a fake sudoku puzzle game and plenty of other programs.
April 22nd, 2006 at 10:29 am
Sam-how did you finally remove this? I have tried everything.
April 23rd, 2006 at 10:18 am
Yeah, how’d you get rid of it? I’ve tried everything too :o(
April 27th, 2006 at 8:44 pm
I’ve got this new variant on my system as well. I was kind of surprised that it even loaded up in Safe Mode! I tried several different things such as…
Name: Result
HiJackThis! … Did a pretty good job of eliminating “most” of the problems
KillBox … Managed to kill ‘1′ of the processes on reboot
Autoruns (sysinternals.com) Caught things the other 2 missed
SpywareBeGone Caught another BHO and deleted it
After all said and done, I still got that damn funky icon in my tray just BEGGING me to click on it.
Once I find out where the friggin thing is loading up from I’m going to nuke the bastard with extreme prejudice! Then I’m going to write an App in Borland Delphi to get rid of the damn thing if it should EVER happen to show up again. I have the sneaky suspicion that its bound to another process on startup. Because I have MANUALLY CHECKED THROROUGHLY EVER FRING’N POSSIBLE PLACE that that icon could load up from and still haven’t found anything. I read something somewhere about wininet.dll so going to play with that.
April 28th, 2006 at 1:44 pm
I need help with this too.. i even bought a $30 virus protection to try and remove but it was worthless.