Spyware Quake and SpyQuake2.com Removal Guide

Table of contents.
Why do you need to get rid of Spyware Quake / SpyQuake2.com?
What installs Spyware Quake / SpyQuake2.com without your knowledge and consent?
Are you infected?
Automatic removal of the SpywareQuake trojan
Alternate SpywareQuake manual removal instructions
Notes

Spyware Quake, also known as SpyQuake2.com, is a corrupt anti-spyware program illegally installed to user computers by dangerous trojans, through malicious advertisements and via certain exploits. This application is not only a weak spyware remover, but also a clone of the infamous SpyAxe, Spyware Strike and Spy Falcon risks.

Results of thorough tests we have conducted reveal that although the program does not produce false positives and really finds some malicious parasites, it cannot detect most threats and is definitely unable to protect user privacy and system security.

The application refuses to remove any parasites it finds and asks to register and purchase the full version. Some Spyware Quake components like Active Guard, the real-time monitor, are also disabled.

Spyware Quake, also known as SpyQuake2.com, is a trojan that displays an icon in the system tray. This icon shows a message, which says that the compromised computer is infected with dangerous spyware parasites and asks the user to download and install a removal program, which actually is Spyware Quake, corrupt illegally distributed spyware remover. Once the user clicks on that message, the trojan opens a web site distributing Spyware Quake. It may also try to download the application. The trojan is able to change the Internet Explorer default home page and redirect the web browser to malicious web sites. SpywareQuake automatically runs on every Windows startup.

Your system is infected with Spyware Quake / SpyQuake2.com if you can see any of the following symptoms:

a) There is a suspicious icon in the system tray. It might be an accessibility icon (with a wheelchair) or an icon similar to one of the Windows Update tool.

b) A suspicious icon in the system tray pops up a message saying that your computer is infected with dangerous parasites. It asks you to download and install a removal program, which actually is Spyware Quake.

c) Spyware Quake, a corrupt spyware remover is installed to your system. It runs on every Windows startup. The program’s main window is shown above.



d)
Your Internet Explorer home page has changed and you cannot get it back. Now you get a suspicious security site instead. Furthermore, something is redirecting your web browser to unsolicited web sites.

e) Any of the following processes are running:
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\dfrgsrv.exe
C:\WINDOWS\System32\mssearchet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe

f) Your HijackThis log contains any of the following entries:
O4 – HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 – HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINDOWS\System32\ixt[X].dll
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINNT\System32\ixt[X].dll
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINDOWS\System32\hp[X].tmp
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINNT\System32\hp[X].tmp
O3 – Toolbar: Safety Bar – { [CLSID, a combination of letters and digits] } – C:\Program Files\Safety Bar\Safety Bar.dll

Removing the SpywareQuake trojan along with the Spyware Quake / SpyQuake2.com program automatically is easy. Just follow these steps:

1. Download PC Tools STOPzilla or Webroot Spy Sweeper. These programs are the most effective and popular spyware removers available.
2. Install the downloaded program to your system. Read STOPzilla and Spy Sweeper tutorials to learn more.
3. Update the installed anti-spyware.
4. Run full system scan.
5. Remove all the threats the application will find.

Please note that eliminating the parasites automatically might be a paid function, which is not available in the trial version. Purchasing STOPzilla or Spy Sweeper makes these products fully functional also enabling built-in real-time protection.

1. Download the smitRem tool and unpack its files to a chosen folder.

2. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the SpywareQuake or SpyQuake2.com entry. Uninstall the corresponding program.

3. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINDOWS\System32\ixt[X].dll
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINNT\System32\ixt[X].dll
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINDOWS\System32\hp[X].tmp
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINNT\System32\hp[X].tmp
O3 – Toolbar: Safety Bar – { [CLSID, a combination of letters and digits] } – C:\Program Files\Safety Bar\Safety Bar.dll

4. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator’s privileges.

5. Once in Safe Mode, run the smitRem tool by executing the RunThis.bat file.
The smitRem tutorial can be found here.

6. Delete the following directories (if present):
C:\Program Files\SpywareQuake
C:\Program Files\Spy-Quake2.com

If you cannot download or use the smitRem tool, please follow alternate manual removal instructions:

1. Download Pocket KillBox or KillBox utility.

2. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the SpywareQuake or SpyQuake2.com entry. Uninstall the corresponding program.

3. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINDOWS\System32\ixt[X].dll
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINNT\System32\ixt[X].dll
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINDOWS\System32\hp[X].tmp
O2 – BHO: (no name) – { [CLSID, a combination of letters and digits] } – C:\WINNT\System32\hp[X].tmp
O3 – Toolbar: Safety Bar – { [CLSID, a combination of letters and digits] } – C:\Program Files\Safety Bar\Safety Bar.dll

4. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator’s privileges.

5. Once in Safe Mode, use either Pocket KillBox or KillBox to delete all the files from the list above present in your system.

Malicious files in C:\WINDOWS\System, C:\WINDOWS\System32 or C:\WINNT\System32:
dfrgsrv.exe
ishost.exe
ismon.exe
isnotify.exe
issearch.exe
mssearchnet.exe
nvctrl.exe
autodisc32.dll
bpvcou.dll
dvdcap.dll
erxbx.dll
fhmfes.dll

guxxa.dll
gvfsc.dll
hvnwm.dll
hvcycg.dll
hzclqhc.dll
imfdfcj.dll
jevtxpg.dll
jpqet.dll

kkqfb.dll
lwpfwjb.dll
mzoeut.dll
nefhw.dll
ofcukiz.dll
ornzq.dll
oybgrql.dll
pmnqguh.dll
rmzdzx.dll
sivudro.dll
stickrep.dll
suprox.dll
qrucmr.dll
tnvocyn.dll
urroxtl.dll

vhywj.dll
viwpzla.dll
viruxz.dll

vpxnk.dll
vwlummc.dll

wfkduei.dll
xenadot.dll
xuefh.dll
yfysupa.dll
yhbdupd.dll
yephk.dll
yosdjh.dll
yvvdj.dll
ywbicim.dll
zlara.dll
hp[X].tmp
ixt[X].tmp

Malicious files in C:\Windows\System\1024, C:\Windows\System32\1024 or C:\Winnt\System32\1024:
ld[X].tmp

Malicious files in C:\Program Files\SpywareQuake:
spywarequake.exe, sq.ini

Malicious files in C:\Program Files\Spy-Quake2.com:
spy-quake2.exe, sq.ini

6. Delete the following directories (if present):
C:\Program Files\SpywareQuake
C:\Program Files\Spy-Quake2.com
C:\WINDOWS\System\1024
C:\WINDOWS\System32\1024
C:\WINNT\System32\1024
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpywareQuake
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpyQuake2.com

[X] is a combination of several random characters.


Files
Software
Compare
Like us on Facebook