SpywareQuake – yet another rapidly spreading rogue

Selling corrupt anti-spyware programs became popular and profitable business for a variety of Internet scums. Almost every single day we receive reports from angry users infected with parasites like SpyAxe or SpySheriff and their numerous clones. Most of these people never downloaded or purchased corrupt software. Their systems were simply hit by trojans or similar threats, which illegally install unsolicited “spyware removal” software.

The same story is with SpywareQuake, a new member of the SpyAxe, SpywareStrike and SpyFalcon family. This parasite does not differ from the latter programs. It is very similarly distributed (by dangerous trojans, through malicious advertisements and via certain exploits), and its infection symptoms are the same as SpywareStrike’s or SpyFalcon’s.

Once installed, SpywareQuake displays the infamous system tray icon, which mimics a similar legitimate icon related to the Windows Security Center. This icon continuously pops up a fake warning message stating that the compromised computer is infected with spyware parasites. The text in a message may vary, but its purpose is always the same. It works as a link leading to Internet resources distributing SpywareQuake. The trojan may also change the Internet Explorer default home page and redirect the web browser to malicious web sites.

As you see, nothing new here. SpywareQuake is the same bad old parasite, which got a slight facelift.

2-Spyware.com already provides complete SpywareQuake manual removal instructions. You can also read the review of this new corrupt anti-spyware.

  1. John says:
    March 26th, 2006 at 3:11 pm

    Ok, I’ve tried your manual ‘spyware quake’ removal instructions about 5 times and I still have ‘spyware quake’ on my system. I’ve also thrown ‘Spydoctor’ and ‘Spysweeper’ at it- but no luck. Additionally, I’ve had Mcafee Security Center on the whole time. Any help would be appreciated.

  2. Mike Reprogle says:
    March 26th, 2006 at 4:28 pm

    Hey, i’ve got the same problem John. If you figure something out, please shoot it over to me. This stupid spyware will not DIE!

  3. Wes says:
    March 26th, 2006 at 6:28 pm

    Yeah, me too. The app is gone, but not the system tray pop up.

  4. LDTate says:
    March 26th, 2006 at 8:41 pm

    Here’s the fix

    [b]Please read these instructions carefully and print them out! Be sure to follow ALL instructions![/b]


    Removal Instructions:

    Print out these instructions as we will need to close every window that is open later in the fix.

    Download [url=http://www.downloads.subratam.org/smitRem.exe] [color=#6633FF]SmitRem.exe.[/color] [/url] When downloading smitRem.exe save it to your desktop.


    Double-click on the smitRem.exe file.


    Click on the Start button and the program will start extracting the files into a folder on your desktop called smitRem. When it is finished, click on the OK button. If you look on your desktop you will now see a folder called smitRem.

    Download [url=http://www.martijnc.be/tools/roguescanfix.exe] [color=#3333FF]roguescanfix.exe[/color] [/url], and save it to your desktop.
    Double click [b]roguescanfix.exe[/b] to install it.
    Open the roguescanfix folder, and doubleclick [b]run.bat[/b].
    Your desktop and icons will disappear and then reappear again, this is normal.
    Wait till te message “Completed script execution” appear, then click OK.
    Click “Exit” to close BFU.
    Click “OK” to start the SpywareQuake/Spyfalcon uninstaller, after that click [b]”uninstall”.[/b]

    Next, please reboot your computer into [b]Safe Mode[/b] by doing the following:

    Restart your computer

    After hearing your computer beep once during startup, but before the Windows icon appears, press [b]F8.[/b]
    Instead of Windows loading as normal, a menu should appear
    Select the first option, to run Windows in [b]Safe Mode.[/b]

    Close all open Windows.

    Open the smitRem folder on your desktop


    Double-click on the [b]RunThis.bat[/b] file, as shown by the arrow in the image above, to start the tool.

    When the tool starts you will see a series of screens with information on them. Read each screen, and when you are finished reading it, simply press any key on your keyboard. After reading the various screens that appear, the program will start the removal process.

    If there is an uninstaller present for an infection that smitRem removes it will start this uninstaller.

    Simply click on the Uninstall button and allow the uninstaller to finish. When it is completed, it will close automatically and smitRem will prompt you to continue. Now you should press any key to continue.

    When no more uninstallers can be found, the tool will continue. Your desktop will disappear and you will start seeing text scroll across the screen. This is normal and nothing to be concerned about. When smitRem has finished running it will automatically start the Disk Cleanup program

    This program will remove all Temp, Temporary Internet Files, and empty your Recycle Bin in order to remove any leftover files installed by this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will be back at your desktop.

    When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.

    Reboot your computer back to normal mode.

    Download this file from the link to your desktop.

    Right-click on the deldomains.inf file and select ‘Install’

    Once it is finished your Zones should be reset.

    [b]Note[/b], if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection

    Perform an onlinescan with Panda: [url=http://www.pandasoftware.com/products/activescan.htm][color=#6633FF]Panda Online[/color] [/url]

    Once you are on the Panda site click the Scan your PC button
    A new window will open…click the Check Now button
    Enter your Country
    Enter your State/Province
    Enter your e-mail address and click send
    Select either Home User or Company

    Click the big Scan Now button

    If it wants to install an ActiveX component allow it
    It will start downloading the files it requires for the scan (Note: It may take a few minutes)

    When download is complete, click on Local Disks to start the scan

    Your computer should now be free of the SpyFalcon infection.

  5. Gabriela says:
    March 26th, 2006 at 9:29 pm

    Please.. quero ajuda.. tenho o Spywarequake em meu pc, eh um saco, como removo???
    Jah tentei de tudo, entrei no registro, exclui tudo exe do spywarequake e nada!
    Jah instalei o Spy Sweeper, o XoftSpy e nada também…
    Eu preciso trabalhar e essa coisa fica encomodando, se instala sozinha!!!!!

    Please.. me ajudemmm

  6. Vince says:
    March 26th, 2006 at 11:05 pm

    Same here I did the manual uninstall and it gets rid of the program and not the pop up. I also noticed that when I try to end the process of mssearchnet.exe in the task manager it comes right back as soon as you click on END PROCESS. I smell a rat here???

  7. David says:
    March 27th, 2006 at 8:40 am

    I have got rid of it temporarily at times, but it keeps coming back. Rick now, I cannot delete the stickrep.dll file as it says it cannot find it’s entry point to unreigster it.

  8. Mandy says:
    March 28th, 2006 at 2:28 pm

    Download the trail version of Prevx1. It will get rid of it with no issues


  9. Steve says:
    March 30th, 2006 at 8:00 pm

    I was able to remove SpywareQuake using the manual instructions.

    I had to bootup in SAFE MODE to delete stickrep.dll.

    it is all gone now except that IE still defaults to the spywarequake page. It is NOT just a matter of changing the home page in tools->options.

    I uninstalled IE then reinstalled using control panel->add/remove software programs.

    Anyone know how to fix my IE?

  10. peter says:
    March 31st, 2006 at 10:43 am

    the stickrep.dll is in windows\system32. Drag to desktop and rename. Make folder and drag into. Restart pc then delete from desktop. Worked for me twice.

  11. nTomPax says:
    April 19th, 2006 at 6:36 am

    Try ewido, it worked for me.

Your opinion regarding SpywareQuake – yet another rapidly spreading rogue

Like us on Facebook