Once again about SpyAxe and SpySheriff

Last week, the overall rate of SpyAxe and SpySheriff infections finally fell off and almost stopped last weekend. However, parasites seem to be coming back this week. According to our statistics, search queries with SpyAxe and SpySheriff keywords are back at the top. Related reviews and removal instructions are also the most visited ones. This makes us think that computers of prior SpyAxe and SpySheriff victims weren’t properly cleaned up and some remaining parasite components (probably browser hijackers and malicious plug-ins) are still reinstalling these threats. We also believe that a vast part of our visitors didn’t apply the most recent Microsoft Internet Explorer patches. Some of these patches seal the security holes used by SpyAxe and SpySheriff distributors to secretly install parasites to user computers.

Considering these facts, the 2-Spyware.com project encourages all the visitors to improve their system security and remove all remaining parasite components. To do this, please follow these steps:

1. Get rid of the HomePageBHO plug-in, which is a malicious Internet Explorer add-on redirecting the user to insecure web sites and blocking access to legitimate resources.
* Launch Internet Explorer.
* Within it click on the Tools menu and then select the Manage Add-ons entry.
* This should open the add-on manager. Find the HomePageBHO add-on, select it with your mouse or keyboard and then check the Disable option located below. Press OK. This should disable the SpyAxe-related malicious add-on.

2. Make sure there are no SpyAxe and SpySheriff components left in your system. Please revisit SpyAxe and SpySheriff manual removal instructions and search your system for listed objects. If some of them are still present, you cannot eliminate them or they are coming back, consider using the 2-Spyware.com Forum.

3. Apply the most recent Internet Explorer and Windows security patches. These fixes are available at Microsoft Update.

4. Do not visit any web sites listed in this post. If your web browser automatically accesses one of those resources, your system is still infected with parasites.

  • Larry

    My Toshiiba Satellite got hit hard by SpySheriff last Tuesday. I reformatted the hard drive of my computer. fortunately, it was working enough for me to make backup copies. I highly recommend reformatting. It got rid of everything and my computer is running well. Just remember to make backup copies of the files you want to save as reformatting will erase everything on your hard drive.

  • stonecarver

    Oh yeah, one other thing. You have to save (back-up on floppys or USBs) all your Word & Excel files and any other C: created files you want to keep, copy down your internet favorites so you can revisit the sites and make them favs again, etc.

  • stonecarver

    I have the same problem, can’t get rid of SPyAxe, and have decided to reformat the C:
    Not a big deal, as reformatting wipes out the whole drive, I’ve done it 3 times before when viruses have hit. Make sure you create a start-up disk prior to reformatting, or you won’t be able to boot up. Then just load all your program disks back in (assuming you have all the disks)
    It will take about 3 hours tops and is way faster than trying to delete registry values becaus ethe registry has different values than the ones listed for Spyaxe.
    Good luck

  • Bowlking

    Hi, I just wanted to say that I am currently fighting a hard battle against Spyaxe downloaded via a zlob trojan. The zlob being regenerative, is currently starting itself everytime I turn on my computer. However, my Symantec anti-virus keeps cleaning it out everytime. The explorer.exe, msmsgs is not present when I go in manually to clean it, and I can’t seem to find anything in the registry that doesn’t look right. I have no idea what to do, could this be a new version? Or is there a place where I am not looking? I have ran many scans in safe mode and found nothing after the initial delete which only lasts until the next time I turn my computer on. If anyone sees this comment please answer back, I just can’t seem to win this one.