SpyAxe manual removal:
Kill processes:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe
Delete registry values:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E802FFFF-8E58-4D2C-A435-8BEEFB10AB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObject\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CURRENT_USER\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CAF96A2-C556-460A-988E-76FC7895D284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
Unregister DLLs:ioctrl.dll, svchosts.dll, webconm.dll, wbeconm.dll
Delete files:mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe, ioctrl.dll, svchosts.dll, webconm.dll, wbeconm.dll, hp[X].tmp
Delete directories:C:\Program Files\SpyAxe
C:\Windows\System\1024
C:\Windows\System32\1024
C:\Winnt\System32\1024
Misc:[X] is a set of four random digits
Exact file location:
spyaxe.exe - C:\Program Files\SpyAxe
mscornet.exe, mssearchnet.exe, nvctrl.exe, webconm.dll,wbeconm.dll,ioctrl.dll, svchosts.dll, hp[X].tmp - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
Try to do all these steps below in the safe mode.
Help: starting system in the safe mode
Post Comment:
Attention: Use this form only if you have additional information about SpyAxe parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Comments from visitors:
1. by Guest. 2007-10-08 02:10:39
just wanted to let youy know that on my pc it seems to be running under dcomcfg.exe in my windows task mngr./ processes
http://www.2-spyware.com/forum/topic454.html
I hope you can find the help that you need. Good luck! :)
Much Love, Josh :)
I used to have the same problem as you when I had Spyaxe. I also had that annoying "tunk" sound on my computer. It drove me nuts! I feel your pain man :(. To get rid of that sound manually, here are the directions...
George, you will have to do the following steps while disconnected from the internet, so print them, or write them down, or something.
First, disconnect your computer from the internet. This first step is very impotant. You MUST be disconnected from the internet for this to work. I don't know what kind of internet set-up you are useing so you will have to use your own disgression to disconnect yourself from the internet. Personally, I have DSL, and unplugged the phone wire from my DSL modem. Next, use Window's "Search" feature to find " mssearchnet.exe ". When you find it, RIGHT-click on it and RENAME it. Put a dollar sign in front of the name and hit "Enter". It should now read " $mssearchnet.exe ". Next, close all programs and RESTART your computer. When your computer comes back up, find $mssearchnet.exe again, and DELETE it. Close all programs and TURN OFF your computer. While your computer is off, re-connect your computer to the internet. Wait 5 minutes and turn your computer back on. Since you were disconnected from the internet, you might have to use the software for your internet service to reastablish an internet connect. You probably won't have to do this, but if you do, it is a very simple process which you might already be familiar with.
This should fix your problem. Sorry it was so long. Please post again and let me know how it went.
Much Love, Josh :)
...am i on the right board??
Thanks again
George Dechow
George Dechow
His name is NoahDFear and his site is http://noahdfear.geekstogo.com
Diane
The procedure you had listed worked great. Thankyou for your trouble shooting efforts.
80.77.8x.0-255*
80.77.9x.0-255*
where x= digits 0-9.
20 entries (a pain), but I have had NO Spyaxe, SpyStar or Spy-anything since.