|
Title: SpywareQuake
Type: Trojans
Remove SpywareQuake. Removal instructions
Also known as: spyware quake, Spyware Quake 4.3, SpywareQuake 4.3
Severity scale:
 (70 / 100)
The reports of this scan tend to be exaggerated and full of bogus threats, which SpywareQuake uses to trick people into buying its full version. DO NOT trust this parasite, as it is designed with the sole purpose of milking money from unsuspecting users! Related files: winF.tmp.exe, win5.tmp.exe, SpywareQuake.lnk, SpywareQuakeInstaller[1].exe, win9.tmp.exe, win3.tmp.exe, Uninstall SpyQuake2.com 2.3.lnk, SpyQuake2.com 2.3 Website.lnk, SpyQuake2.com.lnk, SpyQuake2.com 2.3.lnk, SpywareQuake, SpyQuake2.com, english.ini, spywarequake.url, ref.dat, blacklist.txt, uninstallspywarequake2.0.lnk, spywarequake2.0.lnk, spywarequake2.0website.lnk, msvcr71.dll, msvcp71.dll, uninst.exe, spywarequakeinstaller.exe, spywarequake 2.0 website.lnk, uninstall spywarequake 2.0.lnk, spywarequake 2.0.lnk, vwlummc.dll, viruxz.dll, jpqet.dll, fhmfes.dll, urroxtl.dll, yephk.dll, pmnqguh.dll, mzoeut.dll, spy-quake2.exe, issearch.exe, isnotify.exe, vpxnk.dll, jevtxpg.dll, ismon.exe, ishost.exe, zlara.dll, yvvdj.dll, xuefh.dll, viwpzla.dll, qrucmr.dll, tnvocyn.dll, rmzdzx.dll, oybgrql.dll, ofcukiz.dll, lwpfwjb.dll, kkqfb.dll, hvcycg.dll, gvfsc.dll, guxxa.dll, erxbx.dll, dnefhw.dll, ld[X].tmp, hp[X].tmp, sq.ini, ywbicim.dll, yhbdupd.dll, yfysupa.dll, xenadot.dll, wfkduei.dll, vhywj.dll, suprox.dll, stickrep.dll, sivudro.dll, ornzq.dll, imfdfcj.dll, hzclqhc.dll, hvnwm.dll, dvdcap.dll, bpvcou.dll, autodisc32.dll, spywarequake.exe, nvctrl.exe, mssearchnet.exe, dfrgsrv.exe, Winwcd.dll, SafetyBar.dll, ixt0.dll, win17.tmp.exe, win8.tmp.exe, flx3.dll, win12.tmp.exe, SpywareQuaked.exe, SpywareQuaked.url, win6.tmp.exe, win7.tmp.exe, 9.tmp.exe, win18.tmp.exe SpywareQuake properties: • Changes browser settings • Shows commercial adverts • Connects itself to the internet • Hides from the user • Stays resident in background Automatic SpywareQuake removal: 
We are testing STOPzilla's efficiency at removing SpywareQuake
(2008-06-26 07:18:09)
We are testing Malwarebytes Anti Malware's efficiency at removing SpywareQuake
(2008-06-26 07:18:09)
We are testing Spyware Doctor's efficiency at removing SpywareQuake
(2008-06-26 07:18:09)
SpywareQuake manual removal:Kill processes:dfrgsrv.exe, mssearchnet.exe, nvctrl.exe, spywarequake.exe, spywarequakeinstaller.exe, uninst.exe, SpywareQuaked.exe Delete registry values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareQuake HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} HKEY_CLASSES_ROOT\Typelib\{661173EE-FA31-4769-97D4-B556B5D09BDA} HKEY_CURRENT_USER\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareQuake Unregister DLLs: autodisc32.dll, dvdcap.dll, hvnwm.dll, imfdfcj.dll, ornzq.dll, sivudro.dll, stickrep.dll, suprox.dll, vhywj.dll, wfkduei.dll, xenadot.dll, yfysupa.dll, yhbdupd.dll, ywbicim.dll, ywbicim.dll wfkduei.dll hvnwm.dll imfdfcj.dll yhbdupd.dll stickrep.dll sivudro.dll xenadot.dll dvdcap.dll suprox.dll msvcp71.dll msvcr71.dll Delete files: dfrgsrv.exe, mssearchnet.exe, nvctrl.exe, spywarequake.exe, autodisc32.dll, dvdcap.dll, hvnwm.dll, imfdfcj.dll, ornzq.dll, sivudro.dll, stickrep.dll, suprox.dll, vhywj.dll, wfkduei.dll, xenadot.dll, yfysupa.dll, yhbdupd.dll, ywbicim.dll, sq.ini, hp[X].tmp, ld[X].tmp, spywarequake 2.0.lnk uninstall spywarequake 2.0.lnk spywarequake 2.0 website.lnk spywarequakeinstaller.exe spywarequake.exe uninst.exe ywbicim.dll wfkduei.dll hvnwm.dll imfdfcj.dll yhbdupd.dll stickrep.dll sivudro.dll xenadot.dll dvdcap.dll suprox.dll msvcp71.dll msvcr71.dll dfrgsrv.exe mssearchnet.exe nvctrl.exe spywarequake2.0website.lnk spywarequake2.0.lnk uninstallspywarequake2.0.lnk blacklist.txt ref.dat spywarequake.url sq.ini english.ini hp[X].tmp ld[X].tmp autodisc32.dll bpvcou.dll dnefhw.dll erxbx.dll guxxa.dll gvfsc.dll hvcycg.dll hzclqhc.dll jevtxpg.dll kkqfb.dll lwpfwjb.dll mzoeut.dll ofcukiz.dll ornzq.dll oybgrql.dll pmnqguh.dll rmzdzx.dll tnvocyn.dll qrucmr.dll vhywj.dll viwpzla.dll vpxnk.dll xuefh.dll yfysupa.dll yephk.dll yvvdj.dll zlara.dll ishost.exe ismon.exe isnotify.exe issearch.exe spy-quake2.exe fhmfes.dll jpqet.dll viruxz.dll vwlummc.dll SpyQuake2.com SpywareQuake SpyQuake2.com 2.3.lnk SpyQuake2.com.lnk SpyQuake2.com 2.3 Website.lnk Uninstall SpyQuake2.com 2.3.lnk win3.tmp.exe win9.tmp.exe SpywareQuakeInstaller[1].exe SpywareQuake.lnk win5.tmp.exe winF.tmp.exe urroxtl.dll Winwcd.dll SafetyBar.dll ixt0.dll win17.tmp.exe win8.tmp.exe flx3.dll win12.tmp.exe SpywareQuaked.exe SpywareQuaked.url win6.tmp.exe win7.tmp.exe 9.tmp.exe win18.tmp.exe Delete directories: C:\Program Files\SpywareQuake C:\Windows\System\1024 C:\Windows\System32\1024 C:\Winnt\System32\1024 C:\Documents and Settings\[Current User]\Start Menu\Programs\SpywareQuake 
Information added: 2006-03-25 07:02:38
Information updated: 2008-06-26 04:40:54 Additional resources related to SpywareQuake:Attention: If you know or you have a website or page about SpywareQuake removal, feel free to add a link to this list: add url |
Related news:
Similar parasites:
Related discussions:
|
FORUM:
HELP:
Spreading the knowledge:
It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your
visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
I was unable to unregister this file, but I was able to delete it by logging in as the administrator in safe mode.
I did so by killing Explorer.exe in Task Manager. Than using the file C:Program FilesInternet ExplorerIEXPLORER.EXE to navigate my system.
Appreciate it,
William Fowler
I hope whoever created spywarequake dies a slow painful death.
At the moment I am getting another security warning, calls itself AdService, It also advises me to download some anti spyware software, so same type of thing as the spyware quake crap, and yes my own my antivirus and spyware programs doesn't detect it.
Anyway will find out what I can do.
Cheers!!
Thanks for the download, I'm about to use it now.
When deleting registry keys, also look for and delete
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objecta{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}
Apparently the spyware creates THIS folder, as well.
In regedit, use the "find" function under the edit menu and search for "Spywarequake." Apparently the newest version of this spyware loads into multiple registry files.
The only way I figured out this malicious DLL is by searching the windowssystem32 folder for all files modified in the last 2 days - and bang you see the "stickrep.dll".
to remove it:
1. logon in "safe mode with command prompt" as administrator [ *see note below* ]
2. delete the DLL from the windowssystem32
3. also, it does not hurt to search and making sure you dont have that DLL and other .tmp files in windows system folders.
4. open regedit - (typing regedit in the command prompt opens it for you.
5. search for stickrep.dll, make a note of the CLSIDs using the DLL in the InprocServer32 key - search and delete all those CLSIDs.
6. restart
note:
- i have seen that this "Virus Alert !" popup comes up soon after the shell is started - so if you have problems deleting the DLL in "Safe Mode", try "Safe Mode with Command Prompt".
SpywareQuake also loaded multi virus on my system, at the speed of Cable. The beta from Micro Soft even found a key logger.
In safe mode that “stickrep.dll� still loads, so I had to do the safe mode with command prompt to remove it. That got rid of the blinking task bar virus warring.
Remember to check IE for the Security levels, mine was set to lowest.
Question: Anyone knows how to set Win-Xp pro sp2 to permanently block the “stickrep.dll� from installing or running?
None of these programs worked for removing: SpywareDR, AVG, Norton anti virus, Webroot.
Note when I was deleting the reg. I got a pop up that said the file was already immunized. LOL
1. Download "Killbox", its about 70kb.
2. Extract and run "KillBox.exe".
3. "Full Path of File to delete" should be: "c:windowssystem32stickrep.dll".
4. Select "End Explorer Shell while Killing File".
5. Click the Reb circle with the X in it.
6. Check the system tray to make sure that the message is gone.
All i can say is for spywarequake just follow the manual instructions to the letter and you will be rid of it. If you still have an icon in the bottom task bar after following all the instructions just right click onm it and delete.
Recommend changing the file name of stickrep.dll to stickrep.txt, and when going through the registry files using the find function and searching for "quake"
Btw, is there just any "free of charge" anti-spyware software that can kill this? Cuz yeah, this manual instruction is taking quite a lot out of me. considering me not too savy with computers...
'It worked in Windows 2000' but unsure if it will work in win98 or winXP.
hope this helps.
hackers need friend seriously! all my computer has is coursework and sum games no important deatils goddamit!!
Thank you, Adam from Maine,USA
Thanx - Alper From TURKEY
Thanks a lot
1 - when you can't delete a file or folder, generally that's because it's in use by the system - i.e. it was loaded when you boot. Boot into safe mode and you can usually avoid that problem.
2 - if it keeps re-appearing, you haven't gotten all the remnants. I found only two files in my system todaydfrgsrv.exe and ld[X].tmp, which apparently was enough to keep getting it back.
3 - shut off your system restore function.
Here is my advice:
First, boot into safe mode.
Second, go through the manual removal instructions on this page.
Third, run a full system scan with your anti-spyware software (most of these packages don't pick it up though, including Windows Defender and Spybot S&D & AdAware).
Finally, do a full system scan with your anti-virus software.
That should get you a clean system.
Drew from Tampa
First - try and restore your system to a date prior to around 3/18 (the first time this seems to have appeared).
Second - if that fails, update your antivirus and spyware files normally.
Third, shut off your system restore function.
Then follow the steps I outlined below.
Finally, run a full system scan with all your spyware and antivirus software WHILE IN SAFE MODE. That should pick up any remnants that you may have missed in the manual steps.
Good luck. I think I finally got it.
thanx Alex UK
best method for me was safe mode and remove the exe's and dll's that couldn't be deleted in a normal running machine.
thank you again for your valuable , detailed and comprehensive information.
bless you.
email: remove.spy@gmail.com
Thanks in advance
File ot.ico was located in D:WINDOWSsystem- I think it is an icon used for the phoney security alert
Internet Shortcuts "Online Security Guide" and "Security Troubleshooting" were located in
D:Documents and SettingsAll UsersStart Menu
These two files direct the browser to http://realsecurityonline.com/ and http://youronlinesecurity.com/
I belive the first of these is responsible for redirecting the browser start page.
Internet Shortcut "Antivirus Test Online" was located in
D:Documents and SettingsUserFavorites (User is the user name that was active when infected)
I might have saved this to my favorites list manually
This shortcut also directs the browser to http://youronlinesecurity.com/
The file
6d14e4b1d8ca773bab785d1be032546e_4293828e-4f6d-49de-99a6-037169c9ec5e
was in D:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAS-1-5-18
I run AVG (free version) for virus protection. It took several runs over a few days time to clean out the offending executables.
I run Spybot Search and Destroy (also free version), which did several registry modifictions related to:
DKAndSuns Fake Security Toolbar (3 items)
Zlob Downloader (nvctrl.exe on each of two different runs)
Smitfraud-C (nvctrl.exe on each of two different runs)
SpywareQuake (A long list of 23 items including the ones listed in the main section of this page, but also many more in HKEY_CLASSES_ROOT)
Vcodec (ts.ico and ncompat.tlb on 3 different runs)
Follow the directions above to kill the running processes first, and things will probably clean up more easily than they did for me. Then you might want to check for some of these additional files.I found
it is ok, for the most part, if some files are not present just make certain you ATTEMPT TO LOCATE THEM THOROUGHLY before going on to the next step in removal. If you follow the MANUAL REMOVAL instructions posted above then it will rid your system of the parasite successfully.
DO NOT do what i did and trust that the automatic removal was a ONE-SHOT solution that you could burn to disc and take to an infected machine because its A HOAX to get you to buy PC TOOLS SPYWARE DOCTOR (NOT A FREE SOLUTION) i.e. A WASTE OF MY TIME... (the poster of this "automatic removal" link should have forewarned that the app must be registered before removal will proceed.
best of luck Friends
I tried the manual remove in safe mode and whenever i would delete a file or kill a process it would start right back immediately but further down the list.
So i gave in and paid for Spyware Doctor and that found about 280 files and removed them but the annoying icons in my tray did not dissapear and eventually took back over and basically rendered Spyware Doctor useless.
Finally i just ran a simple System Restore going back only one day and it fixed it. Luckily PC Tools has a no questions asked 30 day money back guarantee on Spyware Doctor.
scumbag parasites ever since, Keep up the good work.
I you are having trouble removing this scumbag CS virious, follow the directions on this site.
Only do it in SAFE MODE. This CS is so imbeded Windows will not allow you to remove all of it's content, allowing it to reload after re-start. Complete the task list in safe mode, before exiting safe mode dump your recycle bin. Then restart in normal mode. It may take TWO attempts but you will be free of this dirty little CS forever. Buy The DOC it will keep you clean..
A happy Customer in LV. NV.
Thanks!
Did a search through the registry for xenadot.dll and came up with this CSLID {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}. Removed all references to the above CSLID from the registry. One name associated with the CSLID was "XenaDot Software". I tried a search on Google, but it turns up nothing for XenaDot.
I don't believe we had the full-blown package, just the annoying system tray icon piece. In any case, hopefully the above information will help.
its a good thing we have people like yourself
thanks heaps!!!!!
i've been trying to figure out how to eliminate this spywarequake
i used adaware, xoftspy, and noadware and it never found it... thank you for your tutorial...
SunShine Ltd
David Taylor (david.alant@gmail.com)
U-12 Gamma Commercial Complex # 47
Rizal Highway cor. Manila Ave Subic Bay
Olongapo City
null,98101
PH
Tel. +206.9543154
Please update your webpage about the address and whereabouts of the authors of this harmful software.
Karl
posted by johntee
johnthornton34@hotmail.com
Beware, when I researched all of the top search results from the various search engines, the top ones are links to SpywareQuake's multiple web sites and their malware programs, so beware.
Prevx1 is the only one I found that lets you use it on a trial basis, all the others charge immediately so I assume they are linked to SpywareQuake.
Worked for me.
PS I clicked the link to Spyware Doctor and installed it. It did find it and many more shitware but didn't know you had to purchase it before you can fully use it and I didn't have the cheese to buy it, so I choose to do it manually first.
THANK YOU SO MUCH
It's gone.
Also, I used Prevx as well. It worked, but it's dang slow.
I tried another progran and the same thing was happening as well
using windows xp home on a pos dell 1gig.
All Internet providers such as AOL should make their clients aware of its dangers and also assist in stopping these from getting past their own software!
Richard Finlay rchrdfnly@aol.com
http://remove-spyware-quake.info
Thanks Again,
Tina
The person claiming Spyware Doctor is a mole whom tells tall tales and spreads lies and deciet. DO NOT use that program.
HARD ON
1. Search and find the program smitrem. Download this to your desktop. DO NOT RUN YET. I found it here: http://noahdfear.geekstogo.com/
2. Right click My Computer, properties, system restore. TURN SYSTEM RESTORE OFF.
3. Click START BUTTON, choose RUN. Type in regedit, press enter key.
4. CTRL + F enter SpywareQuake hit Enter.
5. Delete each reference the search finds. Hit F3 to find the next entry and continue to delete all entries.
6. Explore Program FIles, delete SpywareQuake folders.
7. Restart Computer in SAFE MODE (F8 on many comuters after power up)
8. Load windows safe mode.
9. Delete the recylce bin.
10. Execute the Smitrem program (which is free). Follow instructions and let the program do its job.
THis will remove all traces of the program and the wheel chair, Exclamation Warning and Circle with Red Cross.
I had three of them.
MOST ALL PROGRAMS CLAIMING TO REMOVE THIS ARE SIMPLY MORE TROJANS.
Good Luck...
HARDDON
But it wont get rid of the damn warning stuff that keeps popping up.
Save your money on that one.
Post Comment: