SpywareStrike, a SpyAxe clone, may cause a new epidemic

It is a bad news to all the Internet users. SpyAxe, one of the most infamous corrupt anti-spyware programs ever, just got a brand new clone – SpywareStrike. This new application does not only look and work in the same manner as SpyAxe, but also is very similarly distributed. SpywareStrike, the same named trojan, which seems to have a lot of in common with the SpyAxe parasite, is silently installed to user computers through numerous malicious web sites, harmful pop-ups and other advertisements. Although this trojan began to spread today, on January 6, 2006, we have the information that thousands of computers around the globe have being already infected. It seems that SpywareStrike may cause a new epidemic, which infection rate would match SpyAxe’s.

SpywareStrike infection symptoms are almost the same as SpyAxe’s. Once installed, the parasite displays the system tray icon, which mimics a similar legitimate icon related to the Windows Security Center. This icon continuously pops up the following fake warning message:

“Dangerous infection was detected on your PC. The system will now download and install the most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats.”

The text in a message may vary, but its purpose is always the same. It works as a link leading to www.spywarestrike.com, which is the official web site of SpywareStrike. The trojan may also change the Internet Explorer default home page and redirect the web browser to malicious web sites.

Currently there is no detailed information about the new threat. 2-Spyware.com is investigating the parasite. However, we already provide SpywareStrike manual removal instructions. Although these are not complete, they should help partially removing the trojan and the same named corrupt spyware remover. Please standby for more information.


  • Need Help

    I just got infected with SpywareStrike and am extremely worried because this has never happened before. How harmful is this program to my computer? I downloaded XoftSpy and STOPzilla to try and remove the virus. Is there anything else I can do? Please help

  • Icon Remains

    Well, STOPzilla seems to have removed the actual spyware, but I still have the icon and the popup in my system tray. How the hell do I get that off my computer? I hope whoever sits around and comes up with this crap (spyware and viruses) dies a slow and painful death. I would gladly help them along in their suffering.

  • Icon Remains

    I did a search and found netwrap.dll in my system32 folder. Judging by the other feedback, it could be found in more than one location. Anyway, I rebooted in safe mode and was successful in deleting the file. Thanks for the postings. I would have gone insane if I could not have gotten that wretched icon and popup off my computer.

  • I’M FRUSTRATED!!!

    I am TRYING to get rid of this thing. I ran SPY DOCTOR which seems to have removed the Spyaxe but even with the manual removal of SpywareStrike I still have it. My system (Windows XP) will not accept the ‘taskkill’ command at the c prompt (error message – ‘taskkill’ is not recognized as an internal or external command, operable program or batch file.)

    Any suggestions??

    Thanks!!

  • eric y

    Ugg, the most infectious program that I ever had to remove from my hard drive. A few tips- 1)DISABLE the BHO object spyware striker uses from Tools-Manage Add Ons. 2) Stop the SYSTRAY from running using TASK MANAGER. Press CRTL ALT DEL, highlight iexplore.exe. Now open MY COMPUTER and DELETE all spyware striker files and BHO in the SYSTEM32 .tmp file. Took me many hours to defeat this freaking program.

  • I’ve tried every trick to rid myself of thiese programmes. First i started with spyaxe nd after using adare, syware buster, spybot, mcfee and norton I finally found smitrem and removed it with that. Unfortunetely now bloody spyaxe strike has come up which i can’t remove, trying removal techniques but PC keeps freezing and having to be rebooted.

    Wat the hell does this thing do? i got numourous pop ups, my net connection slowed down and when i ran ad-aware i had 507 critcal spware objects! Is there anyway to protect against this because i originally had mcfee firewall and it did nothing.

    If this continues i will have to format my harddrive.

    Can anyone help please?

  • John K

    Finally clean !! Killing netwrap.dll in the \windows\system32 folder with Killbox got rid of the annoying system tray message. All together I recovered using Microsoft Antispyware Beta, STOPzilla and killing netwrap.dll with Killbox. Not sure if you need to use both Antispyware and STOPzilla but happened to use both trying to get rid of the annoying system tray message.

  • David H.

    Using Killbox to get “netwrap.dll” has currently solved my problems. I found STOPzilla good at finding the rogue Spyware but powerless to remove it. It had to try three different killbox downloads before I found one that would allow me to download it successfully.

    This SpywareStrike is a real bitch.

    PC Tools didn’t realy help.

  • JD

    First I used Microsoft Antispyware Beta 1 (run the scan, then click on advanced tools then browser restore – this will get rid of the browser hijack). Then I followed the manual removal instruction (not hard to do!) I got rid of everything except “netwrap.dll”. The I found this page and learned about pocket killbox (just google search the term). Killbox is amazing!

    This adware is really a vicious virus designed to force you to but their worthless program to remove there crap! It is made by a New Zealand company. More great crap from non-US companies (BUY U.S PRODUCTS!!!!!)

    Thanks to everyone who took the time to post. After finding out how to do it it took only 1 hour to get rid of it, but it took me a 6-8 hours to find this great info.

    THANKS AGAIN
    JD

  • John

    Thanks guys! The Killbox trick certainly helped. The first 3 attempts to download killbox were faulty. Don’t give up though because it works. To get rid of the annoying system tray pop-up box that says INTRUSION you must kill the netwrap.dll file. When you do this with killbox, use the END EXPLORER SHELL WHILE KILLING FILE. The other oprions didn’t work but this did! What a nasty one this is. I followed the manual removal method but some of the files could only be deleted with killbox. Good luck.

  • Bill

    Killbox is the solution for now. In a couple of days someone will figure out how to mop up whatever is left of this crud.

  • David

    OH DAMN… This one was really tricky… who ever found out about the netwrap.dll is awesome…. I couldnt see it was even running…

  • alkaiden

    ermmm I deleted the netwrap.dll and the NVCTRL.exe thingy with killbox and got rid of the pop up thingy. However, whenever I open a window it still leads to the spyware webby….what else should I delete?

  • Jess

    I don’t know who you all are but thanks wholeheartedly for your help!!!!!!

  • alkaiden

    Help plz!!! I cant get rid of the nvctrl thingy even with killbox! anyone mind helping me? please add me on msn messenger at cetoh87@hotmail.com

  • Brijesh

    Hi there,

    You lot have been brilliant !! I have finally managed to get ride of this filthy spyware. First I deleted all the files using spydoctor and the manual removal steps. Then used Kill Box to deleted NETWRAP.dll in systems 32. My system seems to be clear now.

    Thanks all for your help.

    Brij

  • Wendy

    after sitting at my computer for 4+ hours I found a forum where a guy mentioned killbox downloaded it and deleted the netwrap.dll and *b00m* it was gone.

  • Godfrey James

    Re. SpywareStrike etc.

    Wow, what a lovely lot of people! Having been infected twice this past year I have found your site so useful, easy to follow and SUCCESSFULL! Extra thanks to all the generous and hard working people who have solved this, and thanks again for KillBox (although I think that pf8 “Safe Mode and Command Line” works too).

  • Robert Ricci

    Also look in registry..Do a find for key e0103cd4-d1ce-411a-b75b-4fec072867f4…for a quick search just use e0103cd4 in the “find” box and make sure when it finds it that all the numbers match,when you do,delete the entry. You WILL find many entries so F3 your way through the whole registry…Also spybot search and destroy has released an update that will catch it as well and Microsoft has released a security update dealing with this as well.

  • tom s

    Help some more please

    I deleted: mssearchnet.exe and nvctrl.exe using Killbox
    but I still have that stupid flashing ikon. what to do now?

    I’ve tried to delete the other files that have been mentioned but Killbox says they don’t exsist.

    Help!

  • comdiver

    Ewido anti-malware seemed to find most of it! and its free!

  • HELP PLZ!!!

    ive used kilbox to get rid of netswrapp.dll and used adware to get rid of most of the stuff. The pop up is gone, BUT my homepage is still set to the bullshit site. HELP PLEASE

  • HELP PLZ!!!

    oh crap, i deleted the nvtrl exe thing and I cant open any IE windows no more….

  • nm

    I had same problem. Had to delete wiatwain.dll in system 32

  • Joe

    HI there, I have a problem where by I have managed to remove the popups and the warning message and used kill box to remove netwrap.dll. But everytime I start up my outlook express and microsoft word, spyware strike tries to reinstall itself. I have also deleted all the affected files as mentioned in the manual removal steps, but with no luck.

    Any suggestions

  • RJ

    I have the annoying pop up that wont go away, thing is I dont have the ‘netwrap.dll’ file, what do I do?

  • Joe

    Check to see if you have wiatwain.dll file and try deleting that. Mate down load kill box and try finding it with that in system 32 and then delete it with kill box.

  • Daniel

    Thanks for the advice everyone. I got the virus today, and I used the malware to get rid of the malware. I manually went into the registry and deleted all of the files listed. I then had to go into the system32 directory and remove all of the files that had been added today. The last step was to use killbox to kill wiatwain.dll. Oh, the first thing that I did was to run Ad-Aware, Microsoft AntiSpyware, and Spybot to remove the basic stuff. I think that I got it all now. Thank you all again. 🙂

  • Rick

    This is awesome – I haven’t started the manual process yet, but this little f&*#er is NASTY! I have all the apps needed to do a basic clean, I’ll gather up Killbox, and I’ll report anything odd. Thanks to all here – VERY glad I found you!

  • Les

    Thanks to all. I did not have netwrap.dll, but did have wiatwain.dll in Sytem32. Removed it via Safe mode and the command prompt. Found you had to do a lot of work on the registry as well. Got rid of nvctrl.exe mssearchnet.exe mscornet.exe – all are associated I believe. I suspect the windows uninstall of the product also hides it so it can come back. Other tools I used were Ad Aware and Norton Antivirus.

    Believe that I “caught” this nusiance via a codec for Windows Media Player.

    Love to get those guys in a dark alley….

    Good luck. These postings saved me a lot of time…

  • Paul

    Had this problem now for three days. I thought I’d got rid of it all with SmitRem, followed by using Killbox to get rid of
    C:\WINDOWS\system32\mssearchnet.exe,
    C:\WINDOWS\system32\nvctrl.exe,
    C:\WINDOWS\system32\wiatwain.dll,
    All seemed fine till next day when I opened the computer up and bingo !
    The bloody taskbar warning popped up again.
    Also, two internet links for spyware removal appeared again on my desktop.
    And surprise surprise, wiatwain.dll was back, so was mssearchnet.exe

    So clearly there’s another dormant file that automatically regenerates these… There’s no sign of netwrap.dll on my system, so there’ something else doing this.
    Any ideas

  • Graham

    I’ve been fighting this one for a week. Every time I think I’ve got it fixed it comes back again. I’ll have a go with all the suggestions you guys have given in here. If I find anything not mentioned here I’ll post the info.

    Thanks a lot to all the people who share their knowledge – without you the world would be hell !

  • Eddie

    Thanks to Jeremy (25) for the easy instructions to get rid of these scums of the internet such as spyaxe.Now I have one more icon to go after.You guys are great and hopefully these idiots will get caught some day not too far.

  • Eric

    Well, I had this nasty little bugger too. However, I did not have the wiatwan.dll, or the netwrap.dll. I did have nscompat.tlb. That little sucker wouldn’t go away for nothin. Killbox got it though. It showed up on my last MS Antispyware run. mccearchnet.exe, nvtrl.exe, and nscompat.tlb. hope this info helps someone. Thanks y’all for the help!

  • chris stroud

    Thanks to everyone on here I was able to remove the spyware. It was a real pain though. I used killbox, ad-aware, sbybot, and ccleaner. I’m not sure you need to use all those; however, I did heavily rely on killbox. I ran the spyStrike and copied all the files it found “infected,” which were files that the software put on. Anyways, I copied all the path files and used killbox to delete all of them. I then used killbox to delete the spyStrike folder in my program files; however, I had to select delete file on reboot, it would not let me delete it otherwise. After deleting all the files found with spyStrike, I used spybot and ad-aware to clean things up. I used ccleaner to verify that the registry values for the files from spyStrike were no longer registered paths and deleted them as well. If you do not delete all the files, spyStrike will load itself on your computer again. (Speaking from very frustrated experience.) Since I did this, I have not had any problems, pop ups, or home page changes.
    Thanks for the help everyone,
    chris

  • Graham

    Thanks again to all of you. I at last managed to get rid of the damned thing. The key for me was to get rid of wiatwan.dll.
    It seems that the nasty thing about this is the number of variants that are are around – i never had a netwrap.dll
    Just to sum up what I tried and what didn’t work / did work:

    I managed to get rid of spyaxe by simply running smitrem.
    In the case of spywarestrike I uninstalled the program, deleted wiatwain.dll, ran ewido anti-malware and deleted everything i was told was malware, removed all references to spyaxe and spywarestrike from the registry, deleted my local settings/temp directory, and then ran smitrem. It seems that wiatwain was reinstalling every time I killed it off.

    thanks again
    graham

  • Paul

    Over two days now since wiatwain last raised its ugly head.
    But just to help it lie dormant if its autogenerator is still in the system somewhere, I made my own wiatwain.dll file – just a bit of random text saved in the system32 folder as wiatwain.dll, as a read-only file. It’s still there as I wrote it

  • Brian

    This was kinda wierd, though I am not sure what if anything this has to do with this virus. When I initially got this virus I went on a search for all the roots of it, and found MS Access 97 in my add remove files on the control panel. I didn’t have that program prior to this issue. Also if you change how you search in your folders to search by date modified, or run a search on the date, you might be able to find more files.

  • Vicki

    I have done the manual removal of the spyware strike but still have it on my computer. I even went back in to check to make sure everything was removed and there is nothing there. I remove from my remove programs and it keeps coming back. Now what do I do.

  • adam

    hello. I have the spyware stike problem, but I’m not really computer literate when it comes to removing it. I don’t know the procedure for manually removing this virus. If anyone can help me please email me at Legisho@yahoo.com or IM me at AIM. My screen name is Legisho. I’ve been trying to delete and uninstall this “spyware strike” since sometime last week and it just keeps coming back… like a roach. if someone can, please help me.

  • Graham

    For Adam and Vicki:
    This is what I did and it worked:
    Go here:

    http://noahdfear.geekstogo.com/

    Read the page and download the “smitrem” program as instructed.

    Go here:

    http://www.ewido.net/en/download/

    Read the page and download the program.

    Now I found that I didn’t have to start in safe mode, but it is advisable (reboot the computer and press F8 so that it starts in safe mode).

    Do NOT click on the blinking update icon which tells you to “click here”.
    Uninstall spywarestrike – if you don’t know how to uninstall programs you need a friend !
    Now run ewido – it should find the spyware and you can kill it when prompted.
    Now run smitrem – it should clean out all the junk causing your problems.

    At this point it seems that the different versions of the virus hide themselves under different names. If you find a file “wiatwain.dll” or “netwrap.dll” in the directory “C:\WINDOWS\system32”, delete them.

    Now reboot and you may be OK. I expect some strains of the virus will be different. Anyone who knows anything else please ADD !

    Good luck

  • Jennifer

    I just got this stupid Spyware Strike… it is driving me insane… i have ran ad-aware and spy doctor… nothing i have tried seems to work… I’m completely out of my mind… I have been fighting it for about 3 days now… concerned… um YEAH!!!

  • JD

    Just another quick note…..

    Download and run on start up Ewido or Microsoft Antispyware. The Microsoft Anti spyware will stop this progran from adjusting all kinds of settings that allow it access to the web.
    THIS IS WHY IT IS RELOADING!!!!!!!
    Microsfoft Antispyware is a active program and it will notify you and stop those changes as they occure which allows you to get it off your system.
    If you download all these programs and run them and don’t have some active antispyware program that is running when Windows starts this spyware will lower your security setting and reinstall it self.

    For instruction on how to get it off your computer (XP) read my earlier post and the other posts for great ideas.

    Later,
    JD

  • Tim

    I got this spyware last week and got rid of it by using both AVG and the free download from Microsoft – Antivirus Beta, Used it Sunday and nothing has returned. Try it.

  • Liana

    Lot’s of great advice,I have followed it all to the letter and then some.It is not appearing in my start menu or desktop now and all associated files are gone,however I cannot get the popup in the task bar to go away.Please help post a reply here or E-Mail me at rogerliana@hotmail.com
    Apprecaite it thanks
    Liana

  • bonnie

    does any1 no how to remove: \windows\system32\ncompat.tlb
    i cant seem 2 remove it through kill box any ideas?

  • John in Houston

    FINALLY GOT RID OF POP-UP IN SYSTEM TRAY!!!!! Spent last five days trying to get rid the pop-ups and subsequent short-cut icon on my desktop. Tried everything. Downloaded STOPzilla. (that’s how I found this excellent resource!). Ran 20 some odd Full System scans over the course of the next five days. No luck. Tried manual removal instructions (via Registry Editor). Pop-ups kept coming back. Read the posts here and finally determined (in my case) it was the netwrap.dll file. So I did a Search for netwrap.dll and found nothing. Hmmmmmm. So it hit me. Those M***er F***ers at SpywareStrike wouldn’t be stupid enough to leave the filename the same after it was disclosed here! So I did another search. This time though, I did a wildcard .dll search FROM THE DATE YOU KNOW YOU WERE INFECTED!!! (In my case, that would be Monday 1/23/2006). And There it was: C\Windows\System32\replmap.dll. I used Killbox to isolate and KILL it! Gone. No more pop-ups. No more SpywareStrike. REMEMBER they will keep renaming the file to stay one step ahead of the discoveries (especially if they’re revealed here). One more thing, if you want to trip up a lonely, low-rent , God forsaken, miserable, no-talent e-commerce extortionist, then you have to think like one.

  • Rahim

    Thanks to the responses above I finally got this thing off my computer…I had tried EVERYTHING I could think of..ran all the anti-spyware programs you can think of…nothing worked…I found this site….and I followed the manual removal instructions…this seemed to fix some of the proble, but I was still getting the annoing pop-up icon in the system tray…and than thanks to “John in Houston’s” suggestion, I did a search for replmap.dll in the c:\windows\system32 folder….and yup..there it was…I couldn’t remove it from the command prompt in Windows, so I started Windows XP in safe mode with Command Prompt and deleted it from there….and this solved it….THANK YOU ALL SOOOO MUCH FOR ALL THE RESPONSES ABOVE AND MANUAL INSTRUCTIONS! Special thanks to John above for his thinking outside the box with the file renaming thinking….IT’S FINALLY GONE!

  • Francis

    Hi, I disconnected my Inernet (Spywarestrike stop installing), and deleted the dll file following post 25 & 49 tips……… Thanks guys

    but now I have another problem. My IE homepage is set to this stupid http://www.securityprecaution.net………….. n i can’t reset it……. whatever i key is in vain… anybody able to shed some light?

    10q10q

  • JT

    I was infected by Spyware Strike. I found information on how to remove it and it worked perfectly! Download SmitRem program from: http://noahdfear.geekstogo.com/
    You’ll be glad you did.

  • Grey

    I thought I’d eradicated all this crap — or at least been keeping it at bay — thanks to you guys, with the deleting and smitrem and ewido downloads and whatnot. But now it’s starting all over again: same infuriating pop-up messages about how I’ve been infected, same hijacking, same everything … except this time the pop-ups direct me to a site called SpyFalcon. Is this yet another insidious clone, because I can’t go through another two weeks of this insanity before someone tells me how to get rid of this sh*t again. I’m ready to toss my laptop at the wall. Help!

  • Graham

    I must admit I’m not a great friend of the way Microsoft wants to own EVERYTHING but the new tool they have released (mentioned here somewhere) has caught all the spyware I have been hit by:

    http://www.microsoft.com/athome/security/spyware/software/default.mspx

    How long the software will be for free and as to what information it sends to Microsoft I don’t know, but it found a worryingly large amount of “possible” spyware on my laptop. An easy to use tool and pretty professional.

    And once again – thanks to all you people who share your experiences to help others.

  • mark

    Hi everyone, i dont know if anyone has this prob but its worth a shot. im havin the prob with the security center hompage it wont allow me to change my ie hompage and where it says warnig spyware detected and your comp is infected and its says that all the information is being collected by W32.Sinnaka.A@mm, hopefully someone has seen it so i am just writing in to see if there is anybody that can help me get rid of it please please help i am about to give up on this and just reboot but if there is a way to get rid of it else ways please help thanks for any help

Files
Software
Compare
Like us on Facebook