NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove SpywareStrike. Description and removal instructions

 
Title: SpywareStrike
 Also known as: Spyware strike, spywarestrike 2.5
Type: Trojans
Severity scale:SpywareStrike severity is 80  (80 / 100)
 
SpywareStrike is a corrupt anti-spyware parasite that uses misleading advertising in order to get into users' systems. This program claims to be a legitimate spyware remover, when it is in fact a scamming application that displays exaggerated threat reports in order to mislead users into buying its counterfeit "full" version.

Stay away from SpywareStrike, and if you happen to have it on your computer, use our manual removal instructions to get rid of it.

FORUM:
Discuss SpywareStrike in
spyware removal forum

Related files: mssearchnet.exe, nvctrl.exe, spywarestrike.exe, ss_setup.exe, netwrap.dll, replmap.dll, wiatwain.dll, hp[X].tmp

SpywareStrike properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic SpywareStrike removal:

remover for SpywareStrike

SpywareStrike manual removal:

Kill processes:
mssearchnet.exe, nvctrl.exe, spywarestrike.exe, ss_setup.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareStrike
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27150F81-0877-42E9-AF13-55E5A3439A26}
HKEY_CLASSES_ROOT\AppID\spywarestrike.exe
HKEY_CLASSES_ROOT\Interface\{2C15CDEA-3EF4-4405-90B0-19A1389B36ED}
HKEY_CLASSES_ROOT\Interface\{3115A433-3FA0-483B-AB01-2A61C951FE58}
HKEY_CLASSES_ROOT\Interface\{51FEFA9C-1D5A-41C4-81FE-8C0FBE9254F0}
HKEY_CLASSES_ROOT\Interface\{5CCC8D01-9F75-4F07-9ACF-DEB314176C79}
HKEY_CLASSES_ROOT\Interface\{5E7BF614-960B-4A1F-9236-9EC01AC4C5E2}
HKEY_CLASSES_ROOT\Interface\{66F0AC1C-DED5-4965-9E31-39788DF1B264}
HKEY_CLASSES_ROOT\Interface\{849E056A-D67A-431E-9370-2275F26D39B5}
HKEY_CLASSES_ROOT\Interface\{8B7AFBFD-631C-45BA-9145-F059EB58DD73}
HKEY_CLASSES_ROOT\Interface\{AFEB8519-0B8B-4023-8C15-FFB17D5225F9}
HKEY_CLASSES_ROOT\Interface\{BA9CC151-4581-438E-94AF-4C703201B7CA}
HKEY_CLASSES_ROOT\Interface\{BC74C336-FF2C-40C9-AD4E-3772C208406B}
HKEY_CLASSES_ROOT\Interface\{BDF00F24-A571-4392-95EC-04FDFF82A82C}
HKEY_CLASSES_ROOT\Interface\{C4E953E6-770E-4F59-A5E3-43E9F0D682E2}
HKEY_CLASSES_ROOT\Interface\{E0105E7C-D0C4-4DEA-AA21-B02F2960ECAF}
HKEY_CLASSES_ROOT\Interface\{ED39CB7C-1BF6-429B-A275-F183B4A3EFCB}
HKEY_CLASSES_ROOT\Interface\{F23AA637-31D5-4526-B5C6-9FF89E16202C}
HKEY_CLASSES_ROOT\TypeLib\{C1A4C0C9-DBD0-493A-93F8-0B05EDC96224}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spywarestrike.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareStrike
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{0A4AF3E9A644EE5C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{IA4AF3E9A644EE5C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{K7C0DB872A3F777C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareStrike
HELP:
how to remove registry entries

Delete files:
mssearchnet.exe, nvctrl.exe, spywarestrike.exe, ss_setup.exe, netwrap.dll, replmap.dll, wiatwain.dll, hp[X].tmp
HELP:
how to remove harmful files

Delete directories:
C:\Program Files\SpywareStrike
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpywareStrike

Other programs to remove SpywareStrike:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 06/01/06
Information updated: 18/12/07

Additional resources related to SpywareStrike:

Attention: If you know or you have a website or page about SpywareStrike removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about SpywareStrike parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Guest. 2006-03-01 19:03:45
I tried to delete this manually but I could not find all the registries so i got spysweeper and it took care of the problem. Thanx.

2. by Guest. 2006-02-11 12:02:30
Most excellent help, it worked a charm, keep up the good work.

3. by Guest. 2006-02-10 08:02:01
To remove SpyFalcon go to this website to install 2 programs that u run in safemode..really easy..

http://www.bleepingcomputer.com/forums/topic43659.html

4. by Guest. 2006-02-10 08:02:48
After I posted the many steps how to remove it...today I got a nroton msg saying if I wanted to permit WINKEYLOG to access internet...and it had default option (Permit..always recommend)..so click details...Norton said it was low level and should be OK ...
BIG MISTAKE..it installed SpyFalcon >

5. by Guest. 2006-02-08 18:02:00
Followed every step specified in Guest. 01/02/2006. 22:02:10, plus found the replmap.dll file. I had to rename it before being allowed to delete it. Then ran Adaware and Spybot. It went away for hours. Today (12 hours later) it is back. %#&**@#.

6. by Guest. 2006-02-08 16:02:08
yeeeeehaw, i think i just kicked this little craphead. i too could not find the replmap.dll anywhere, but thanks to the previous poster i found the wiatwain.dll under twain_32.

im still running some virus/spyware checkers at the moment, but i got the darn popup to go away. thanks to everybody here, i couldnt have done it without you all.

baron

7. by Guest. 2006-02-08 14:02:28
The last updates for AVG (free antivirus) can kill that darned replmap.dll file and others. Using AVG in combination with Ad-Aware (also free) and the above instructions, I was able toget rid of this nigghtmare.
Thanks, and good luck.

8. by Guest. 2006-02-08 08:02:02
Listening to the previous posts i was lucky to get rid of it. It got to the point I couldnt even log on internet..another website would pop up advertising their spyware.
1st: I created an additional admin. account on win. XP
2nd: I booted in safe mode
3rd: I went to the C/WINDOWS/SYSTEM32 file and put all files (VIEW) in detail mode.
4th: I clicked modified date row and all newest files modified were on top.
5th: right click each file that u think was created right before the Spyware strike was installed and check the creation date.
6th: Delete all the files that were created on the date u believe the spyware program was installed.
7th: Ironically, I did this check on all the WINDOWS files (view mode: detail) , and low and behold I found the WIATWAIN.DLL file in the TWAIN folder in WINDOWS folder...not in SYSTEM 32 folder... I deleted that too (even though it said it was created back acouple of years ago..possibly it was modified by spyware program...so delete it)...
8th: Reboot computer ( i accidently deleted a windows xp crit. file so i had to reregister windows..no biggie)...anyways..just reboot computer..
9th: Log in under your own log in...
10th: I used in conjunction with the spydoctor program....Spybot ....
11th: It found the Spywware Strike program which wasnt operating on my system now (maybe deleting one of those dll files earlier).....
12th: have spybot delete it...
13th: Reboot once more to make sure everything is ok..
14th: should be able to log on internet without any pop ups or such...CONGRATS!!
15th: PS..u might want to run spybot once more to see if any thing is detected again...
btw... i did not see replmap.dll on any of my files.....maybe its not used on the newer Spyware strike program?
We will see if I am lucky in the next couple of days ; ;

9. by Guest. 2006-02-07 22:02:45
revision

arg, im still not getting it! im kinda computer savvy, but this stuff is way over my head. anyone found an easy answer yet?

thanks
Baron

10. by Guest. 2006-02-07 16:02:40
I agree, pins up the fingernails for these losers, still have an issue with the relp.dll stating I cant chang name or delete being used by windows, any help?

11. by Guest. 2006-02-06 22:02:16
I am a PC technician, and in all honesty this is one of the nastiest bugs that I have ever come across. I would like to meet the people who made this... so that I can saw there head off. I wish some people would get a life, and use proper marketting.

Thanks so much as usual 2-spyware. Your legends as ever.
muchos gracias.

12. by Guest. 2006-02-03 07:02:19
Was getting very frustrated trying to rid my computer of this one. Downloaded PC Tools remover, stopped (killed) Spyware Strike almost immediately, though I had to manually double check the individual files and registry keys, there were some residual files left. I followed the instructions and was able to clean out the rest of the SS garbage. Thank you very much "2-spyware.com" Chuckie

13. by Guest. 2006-02-02 13:02:26
one thanx guys cos i wudnt have been able to clear it wiv out u guys. u helpd me a 14 yr old get rid of that **** so thank you. tell evryone about dis website!! GrahaM

14. by Guest. 2006-02-01 22:02:10
Wow spent almost an hour getting rid of this one, heres my tut in case anyone is interested,
windows xp
start, run, "msconfig", boot.ini, check "/safeboot", click ok
once in safe mode click yes to proceed in safe mode.
in safe mode:
start, Program Files, Accessories, Command Prompt,
Prompt commands and order
1 - "cd C:WINDOWSsystem32"
2 - "del mssearchnet.exe"
3 - "del nvctrl.exe"
4 - "dir hp*.tmp"
if and hp[four digit].tmp comes up, do
5 - "del hp[four digit].tmp"
6 - "cd C:Program Files"
7 - "del spywarestrike"
8 - "y"
now go
start, run, msconfig, boot.ini, uncheck "/safemode", click ok.
now you should boot up in normal mode (if a windows disk checker comes up, just skip it)
go through your destop, program files and start bar and manually delete all of the spywarestrike
garbage
empty recycle bin and you are good.
hopes this helps - Joseph

15. by Guest. 2006-02-01 21:02:49
i HAVE BEEN MESSING WITH THIS SOB FOR 2 DAYS NOW. I FINALLY DELETED THE replmap.dll in safe mode andI think it is gone. I first had to rename the fiel then delete the renamed file.

Goos luck to anyone who has this pain in the ass bug.

ghcles

16. by Guest. 2006-02-01 09:02:24
I followed the directions exactly and got rid of that nasty booger. However, my internet has never been slower. I dont know if I accidentally deleted something of importance. I am not at all computer savvy, so who knows. Does anybody have any ideas?

17. by Guest. 2006-02-01 09:02:44
yeah i def spent 2 days trying to remove but that infected pop-up would not go away...but after 2 days i finally got rid of it.......ok heres what i did....first off i went into the Registry and did a search for "spywarestrike" and deleted all the traces of found of it. Then i went to www.trendmicro.com and did a free online scan *****very important before u actually start the scan go into taskmanager and kill the explorer.exe process******* You should only now have the IE window for the scan open. Run the scan. Once the scan is ran follow the instrutions and remove everything it found. Once i did that i rebooted in safemode with a DOS command prompt and i went to the C:windowssystem32 folder and deleted the replmap.dll . Once i did that i rebooted and That bastard is gone..

Here are the DOS commands for all of you that dont remb
one it came up with a command promp type
C:
cd windows
cd system32
dir (make sure that replmap.dll listed scroll up to see and if so move on to next step)
dir repl*.dll (once again it should be listed there)
del replmap.dll
dir replmap.dll ( you now should get an error that no file was found)
exit
Reboot your comp and cross your fingers

Hope this helps if that doesnt work try going through all these comments and try something else... as you can see different things work for some and other things for others

Paul

18. by Guest. 2006-02-01 01:02:05
i got it today, and 8 hours later i think it is gone...at least i hope. all i did was restart in safe mode, find the replmap.dll file in windows/system32. and remove it. now no more annoying system tray message. good luck to anyone who has this thing.

19. by Guest. 2006-01-31 08:01:46
After you get rid of the replmap.dll while in Safe Mode, remember to go back through everything again to delete the registries, files, etc., run spy doctor and the other things, or else they could come back and reload.
They always come back.
Thanks for the help, Bullit.

20. by Guest. 2006-01-31 00:01:27
All gone. To all those stuck. If I can do it so can you. I am less than competent in computers but 8 hours (over two days) of persistence and patience with a strong desire to learn (and a strong will not to pay someone to get rid of this nasty thing). Good luck, just read the comments first then start at the beginning, you will do fine. I love you guys, you are awesome!

See more comments about SpywareStrike >>>
Related news:
Similar parasites:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.