NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove SpyAxe. Description and removal instructions

 
Title: SpyAxe
 Also known as: Spy Axe, Spyax, SpyAxe 3.0
Type: Trojans
Severity scale:SpyAxe severity is 95  (95 / 100)
 
SpyAxe is a trojan, which displays one or two icons in the system tray. These icons show a message saying that the compromised system is infected with spyware parasites and asking the user to download and install an anti-spyware program (see the snapshot below), which actually is the infamous SpyAxe 3.0, corrupt illegally distributed spyware remover. Once the user clicks on such message, the trojan opens the anti-spyware's official web site. It may also try to download the application automatically. SpyAxe 3.0 may also change the desktop background. The trojan automatically runs on every Windows startup.

People try to find information about SpyAxe 3.0 by various names and file relationships. They they try to use combinations: spy axe, spyax, zlob, needupdate, etc. All these names usually mean infections of the SpyAxe parasite. This threat tries to mutate and often uses different file names. Infections started with the use of svchosts.dll file, later with ioctrl.dll, and the last known infections are with the use of webconm.dll file.

Other similar parasites: SpyAxe, SpywareStrike, SpyFalcon, Spyware Quake

FORUM:
Discuss SpyAxe in
spyware removal forum

Related files: mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe, ioctrl.dll, svchosts.dll, webconm.dll, wbeconm.dll, hp[X].tmp

SpyAxe properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic SpyAxe removal:

remover for SpyAxe

SpyAxe manual removal:

Kill processes:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E802FFFF-8E58-4D2C-A435-8BEEFB10AB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObject\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CURRENT_USER\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CAF96A2-C556-460A-988E-76FC7895D284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
HELP:
how to remove registry entries

Unregister DLLs:
ioctrl.dll, svchosts.dll, webconm.dll, wbeconm.dll
HELP:
how to unregister malicious DLLs

Delete files:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe, ioctrl.dll, svchosts.dll, webconm.dll, wbeconm.dll, hp[X].tmp
HELP:
how to remove harmful files

Delete directories:
C:\Program Files\SpyAxe
C:\Windows\System\1024
C:\Windows\System32\1024
C:\Winnt\System32\1024
Misc:
[X] is a set of four random digits

Exact file location:
spyaxe.exe - C:\Program Files\SpyAxe
mscornet.exe, mssearchnet.exe, nvctrl.exe, webconm.dll,wbeconm.dll,ioctrl.dll, svchosts.dll, hp[X].tmp - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
Try to do all these steps below in the safe mode.
Help: starting system in the safe mode

Other programs to remove SpyAxe:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 02/12/05
Information updated: 06/03/08

Additional resources related to SpyAxe:

Attention: If you know or you have a website or page about SpyAxe removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about SpyAxe parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Guest. 2007-10-08 02:10:39
author of SpyAxe

2. by Guest. 2006-11-30 17:11:42
I'm manually deleting SpyAxe, should I delete all files named hp[Four random digits and letters].tmp, even if there are five or six of them? If you knoww please post an answer.

3. by Guest. 2006-10-16 18:10:56
how do I remove the w.32.zlob.gen virus off my computer, it is in my system volume info

4. by Guest. 2006-06-18 13:06:47
I just contracted the zlob trojan downloader this morning. i kept running everything i had, but it was still coming up. Finally, I ran microsoft antispyware (its free). its only been an hour or so, but it isnt popping up now, like it was before. I also ran MS antispware again, and it came up with nothing.

5. by Guest. 2006-05-27 18:05:04
i am in the process of trying to get this off my pc..
just wanted to let youy know that on my pc it seems to be running under dcomcfg.exe in my windows task mngr./ processes

6. by Guest. 2006-05-19 03:05:03
This comment is for the person with Spywarequake. Yes, you have come to the right place for help. I can't help you, but I highly recommend that you go here:

http://www.2-spyware.com/forum/topic454.html

I hope you can find the help that you need. Good luck! :)
Much Love, Josh :)

7. by Guest. 2006-05-19 03:05:09
George Dechow, this comment is for you. The easiest way to get rid of Spyaxe is to use a program called SmitRem that you can get for FREE from: noahdfear.geekstogo.com.
I used to have the same problem as you when I had Spyaxe. I also had that annoying "tunk" sound on my computer. It drove me nuts! I feel your pain man :(. To get rid of that sound manually, here are the directions...
George, you will have to do the following steps while disconnected from the internet, so print them, or write them down, or something.
First, disconnect your computer from the internet. This first step is very impotant. You MUST be disconnected from the internet for this to work. I don't know what kind of internet set-up you are useing so you will have to use your own disgression to disconnect yourself from the internet. Personally, I have DSL, and unplugged the phone wire from my DSL modem. Next, use Window's "Search" feature to find " mssearchnet.exe ". When you find it, RIGHT-click on it and RENAME it. Put a dollar sign in front of the name and hit "Enter". It should now read " $mssearchnet.exe ". Next, close all programs and RESTART your computer. When your computer comes back up, find $mssearchnet.exe again, and DELETE it. Close all programs and TURN OFF your computer. While your computer is off, re-connect your computer to the internet. Wait 5 minutes and turn your computer back on. Since you were disconnected from the internet, you might have to use the software for your internet service to reastablish an internet connect. You probably won't have to do this, but if you do, it is a very simple process which you might already be familiar with.
This should fix your problem. Sorry it was so long. Please post again and let me know how it went.
Much Love, Josh :)

8. by Guest. 2006-03-25 14:03:08
ok, im new here, my friends pc has spywarequake. poping up on booting ..is this the same & what do i do . He gave me a bit of paper saying Trojan horse exploit donloader zl0b.ls
...am i on the right board??

9. by Guest. 2006-03-22 09:03:10
Add to last comment. When I was first infected with spy axe i had uninstalled it and deleted its directory from "Program Files" and modified a few register paramaters. I ended up with the little pop-up at the bottom right of my screen and the little "tunk" sound and have indured that 4 months. spy Axe has been gone for most of a day and still seems to be no return.
Thanks again
George Dechow

10. by Guest. 2006-03-21 16:03:32
Thank you! Thank You! Thank You!!! The manual procedure took me about half an hour and so far (about 20 minutes) and no sigh of the spyaxe popup
George Dechow

11. by Guest. 2006-02-08 17:02:41
Great. Worked a treat. Another happy computer user restored. thanx

12. by Guest. 2006-01-30 03:01:11
I have read a lot of good things about SmitRem. You can Google SmitRem to find it or go to noahdfear.geekstogo.com as mentioned below by Diane. Much Love!! ; )

13. by Guest. 2006-01-30 03:01:02
Note to Web Master, this Post Comment area does not work sometimes. Sometimes you will click Post Comment and you will get an error message and everything you have just typed will get deleted.

14. by Guest. 2006-01-24 19:01:09
Super short version. Find the files listed above in the gray box under: "Kill processes", "Unregister DLLs" and "Delete files". Rename them. I suggest .old or put a $ in front of the namel. Delete the directories listed under "Delete directories". Open msconfig, go to Startup, UNcheck "spyaxe" if it is there, it probably will be. Click "Apply" then click "OK". Restart your computer. When that is done, find the files you just renamed and delete them. You can find them by their old names or by searching .old or $ whatever the case may be. The true test will be if you restart your computer and all the bad stuff is gone and all the good stuff works like it is suppossed to. After all this, update Windows and while you are at Microsoft, find and download Microsoft AntiSpyware (Beta). After that, go to Download.com and download FREE versions of: Zone Alarm, Ad-Aware SE Personal, Spybot Search & Destroy and AVG Antivirus. Keep these programs and Windows up-to-date. Run your antivirus and anti-spyware often. Bye. Josh. John 3:16. : )

15. by Guest. 2006-01-20 10:01:49
I had all of the same problems with spyaxe. This guy below saved my sanity with his program which is free and I followed exactly. Within 5 minutes my computer was clean.

His name is NoahDFear and his site is http://noahdfear.geekstogo.com

Diane

16. by Guest. 2006-01-15 04:01:52
ran the exe. then ran ad-aware no more spy axe. also checked through manual setting to make sure everything had been removed, all good :)

17. by Guest. 2006-01-13 11:01:29
I had MS Spyware installed and it finds spyaxe but cant clean it completely. It trys to restore its self imediatly on reboot. MS only found spyaxe buy the above software found an additional 667 infected file straight after MS ran.

18. by Guest. 2006-01-12 11:01:12
2-spyware.com

The procedure you had listed worked great. Thankyou for your trouble shooting efforts.

19. by Guest. 2006-01-10 14:01:49
The best way I have found to get rid of this crap is to use an "offline" tool such as ERD commander. Because you accesses your drive without Windows running, you do not have to worry about locked or running processes. Just delete the registry entries and files.

20. by Guest. 2006-01-09 20:01:24
I gotSpyAxed back on 12/30. I found in my research that the company is using multiple IPs. After doing a System Restore, I blocked the following IPs, using IE "Restricted Sites" under the security tab; in the form of:
80.77.8x.0-255*
80.77.9x.0-255*
where x= digits 0-9.
20 entries (a pain), but I have had NO Spyaxe, SpyStar or Spy-anything since.

See more comments about SpyAxe >>>
Related news:
Similar parasites:
Related articles:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.