Severity scale  
  (95/100)

SpyAxe. How to Remove? (Uninstall Guide)

removal by - -   Also known as Spy Axe, Spyax, SpyAxe 3.0 | Type: Trojans
12
SpyAxe is a trojan, which displays one or two icons in the system tray. These icons show a message saying that the compromised system is infected with spyware parasites and asking the user to download and install an anti-spyware program (see the snapshot below), which actually is the infamous SpyAxe 3.0, corrupt illegally distributed spyware remover. Once the user clicks on such message, the trojan opens the anti-spyware's official web site. It may also try to download the application automatically. SpyAxe 3.0 may also change the desktop background. The trojan automatically runs on every Windows startup.

People try to find information about SpyAxe 3.0 by various names and file relationships. They they try to use combinations: spy axe, spyax, zlob, needupdate, etc. All these names usually mean infections of the SpyAxe parasite. This threat tries to mutate and often uses different file names. Infections started with the use of svchosts.dll file, later with ioctrl.dll, and the last known infections are with the use of webconm.dll file.

Other similar parasites: SpyAxe, SpywareStrike, SpyFalcon, Spyware Quake Related files: nvctrl.exe

SpyAxe properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall SpyAxe. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall SpyAxe. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2011-12-30 11:29)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2011-12-30 11:29)
Hitman Pro
Webroot SecureAnywhere AntiVirus

SpyAxe manual removal

Kill processes:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E802FFFF-8E58-4D2C-A435-8BEEFB10AB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObject\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CURRENT_USER\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CAF96A2-C556-460A-988E-76FC7895D284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
Unregister DLLs:
ioctrl.dll, svchosts.dll, webconm.dll, wbeconm.dll

Delete files:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe, ioctrl.dll, svchosts.dll, webconm.dll, wbeconm.dll, hp[X].tmp
Delete directories:
C:\Program Files\SpyAxe
C:\Windows\System\1024
C:\Windows\System32\1024
C:\Winnt\System32\1024
Misc:
[X] is a set of four random digits

Exact file location:
spyaxe.exe - C:\Program Files\SpyAxe
mscornet.exe, mssearchnet.exe, nvctrl.exe, webconm.dll,wbeconm.dll,ioctrl.dll, svchosts.dll, hp[X].tmp - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
Try to do all these steps below in the safe mode.
Help: starting system in the safe mode

Geolocation of SpyAxe

Map reveals the prevalence of SpyAxe. Countries and regions that have been affected the most are: Canada, United States, United Kingdom, Germany and Spain.

Information updated:

Comments on SpyAxe

0
1
boyaci
very beautiful site



boyacı
ev boya tadilat
dış cephe boya mantolama
çatı onarım tadilat
0
0
guest
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = local;*.local


thanks, this object is dangerous?
0
0
Guest
author of SpyAxe
0
0
Guest
I'm manually deleting SpyAxe, should I delete all files named hp[Four random digits and letters].tmp, even if there are five or six of them? If you knoww please post an answer.
0
0
Guest
how do I remove the w.32.zlob.gen virus off my computer, it is in my system volume info
0
0
Guest
I just contracted the zlob trojan downloader this morning. i kept running everything i had, but it was still coming up. Finally, I ran microsoft antispyware (its free). its only been an hour or so, but it isnt popping up now, like it was before. I also ran MS antispware again, and it came up with nothing.
0
0
Guest
i am in the process of trying to get this off my pc..
just wanted to let youy know that on my pc it seems to be running under dcomcfg.exe in my windows task mngr./ processes
0
0
Guest
George Dechow, this comment is for you. The easiest way to get rid of Spyaxe is to use a program called SmitRem that you can get for FREE from: noahdfear.geekstogo.com.
I used to have the same problem as you when I had Spyaxe. I also had that annoying "tunk" sound on my computer. It drove me nuts! I feel your pain man :(. To get rid of that sound manually, here are the directions...
George, you will have to do the following steps while disconnected from the internet, so print them, or write them down, or something.
First, disconnect your computer from the internet. This first step is very impotant. You MUST be disconnected from the internet for this to work. I don't know what kind of internet set-up you are useing so you will have to use your own disgression to disconnect yourself from the internet. Personally, I have DSL, and unplugged the phone wire from my DSL modem. Next, use Window's "Search" feature to find " mssearchnet.exe ". When you find it, RIGHT-click on it and RENAME it. Put a dollar sign in front of the name and hit "Enter". It should now read " $mssearchnet.exe ". Next, close all programs and RESTART your computer. When your computer comes back up, find $mssearchnet.exe again, and DELETE it. Close all programs and TURN OFF your computer. While your computer is off, re-connect your computer to the internet. Wait 5 minutes and turn your computer back on. Since you were disconnected from the internet, you might have to use the software for your internet service to reastablish an internet connect. You probably won't have to do this, but if you do, it is a very simple process which you might already be familiar with.
This should fix your problem. Sorry it was so long. Please post again and let me know how it went.
Much Love, Josh :)
0
0
Guest
This comment is for the person with Spywarequake. Yes, you have come to the right place for help. I can't help you, but I highly recommend that you go here:

http://www.2-spyware.com/forum/topic454.html

I hope you can find the help that you need. Good luck! :)
Much Love, Josh :)
0
0
Guest
ok, im new here, my friends pc has spywarequake. poping up on booting ..is this the same & what do i do . He gave me a bit of paper saying Trojan horse exploit donloader zl0b.ls
...am i on the right board??
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)