internetinspiration logo
             
Home Internet Guides Privacy & Security Must have software Internet Shopping Earn Money Fun & Games Freebies

Privacy & Security
Kill PSGuard, Isecurity guard, Antivirus gold, Spysherrif, RazeSpyware, spyaxe, spywarestrike, spytrooper and others.
Information and removal instructions

The removal tool/procedure on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here


The infamous 'Coolwebsearch' stable have turned their attentions to desktop hijackings. This has prompted yet another malware sub title called scareware

The main purpose appears to be to trick owners of infected machines into buying a variety of substandard or useless virus/spyware scanners, the most widely distributed has been Spyaxe,

Anti-virus vendors have a variety of names for these infections, including Alemod, AleSpy, Desktophijack, Nsag, Startpage, Zlob and Oleadm, but at the moment, none appear to be successful with removal.

If the Trojan fails to install properly, it will give a explorer application error 0xc000005 when starting your PC.

Visible signs of infection are -

Warnings of either a virus or spyware, these can be general or for a named problem, examples
iworm_attck_v122.02a
w32.sinnaka.a@mm
Smitfraud-c
Critical system errors
system intrusion detected


they can appear as -
All or part of your desktop.
Your Homepage
Pop up windows.
Balloons from an alert icon or red cross in the system tray, (right side of the task bar).
The warnings can have the visual appearance of the Windows operating system.


With some variants your home page could be changed to one of the following
Secure32.htm,
Syserrors.com,
updateyoursystem.com
pcadprotector
www.securitycaution.com
www.needupdate.com/
www.findthewebsiteyouneed.com ,
www.patchyoursystem.com
www.theguardservices.com


Links on the warnings will direct to a website promoting one or more of the scanners listed below or initiate a download for one of them.

Antivirus gold
ISecurity Guard
MalwareWipe
PSGuard
Razespyware
Security toolbar
Spyaxe
SpyGuard
Spy IGuard
Spysherrif
Spytrooper
Spywarestrike
Winhound
World Antispy
NOTE : Newer variants are not completely uninstalled using this method,
For SpyFalcon, Click here ,         Adware Punisher Click here          Alfacleaner Click here           Spyware Quake Click here         BraveSentry Click here

It can also install Virtual Maid, Search Maid and other malware.

Pop up advertisements for gaming or pornography may be displayed.

The Fix
You will need -

SmitRem.zip, a file written by the guys at geekstogo.com to remove the infected files and replace the overwritten Windows files. Download to your desktop and extract the files ready for use.

Ewidow Security suite. A free version is available. Download, install and update ready for use.
Note-Ewido is only available for computers running Windows XP and 2000, for other Windows versions, use A squared

Ad-Aware SE If you have this already installed, check for updates.

Ace Utilities. A comprehensive disk and system cleaning utility, a free trial version is available.
Cautionary note : This collection of cleaning tool includes Remove Duplicate files, Remove Empty folders and Auto-Start manager. these options should not be attempted unless you are fully able to understand and investigate the output. Acting on a misinterpretation of the results could result in damage to your System.

Removal Procedure.

You should either print out these instructions or copy and paste them to notepad and save to your desktop, as you will not be online during removal.

1) Restart your PC in Safe mode. How to.

2) Open the smitrem folder on your desktop and double click the file called RunThis.bat.

Follow the prompts and allow the tool to completely finish.

After the scan has run, it will automatically start the Windows clean up utility, so you may need to be patient.

2) Open Ewido security suite (or A squared) and perform a full system scan, remove anything found.

3) Open Adaware SE and perform a full system scan, remove anything found.

4) Click Start > Control panel > Display (or Start> Settings > Control panel > display depending on which version of Windows you use) to open the Display properties box..

For Windows 98, ME, 2000 -
Click the Web tab and uncheck Show Web content on my Active Desktop.

For Windows XP -
Click the Desktop tab and then the Customize Desktop button to open the Desktop Items box.
Click the Web tab, to disable Active Desktop uncheck all checkboxes in this window (including Security).

Click Apply then OK

5) Open Ace utilities

Perform the following scanning options.

Click clean up , select remove Junk Files. Scan and delete everything found. Close the remove junk files box.

Select Clean system registry. Click options and select Thorough. Scan and delete everything found. Close the Clean system registry box.

Select Delete History, click the Windows tab and select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray.

Click Execute Now

Click the internet Explorer/MSN tab and select the following-
Delete cookies
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)

Click Execute Now.

You can of course select any of the other options you wish to clean.

6) Restart computer in normal mode,

If your Homepage has been changed, right click on the Internet explorer icon on your desktop or Start menu to open the internet properties box. Select the Programs tab and click the Reset Web settings button.

Removal should now be complete.

Microsoft issued a security update for Windows 2000 and XP to cover the vulnerability used by this trojan to infect your PC. To prevent future infections, update your Windows operating system. Start > All programs > Windows update.
Users of Windows 95, 98 and ME. Microsoft do not consider this flaw to be 'critical' and falls outside of their support policy only only issuing updated for 'critical security issues.

This information is provided free of charge/subscription/registration and without warranty. All the usual disclaimer jargon applies.
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security

Information

E-mail

Viruses

hackers, crackers & firewalls

Trojans

Spyware

Keyloggers

Cookies

BHO's & Hijackers

Drive by downloads

diallers

Scams & Hoaxes

Hijack this-
automatic analysis


Free pest scan

Unwanted processes

How to-Tutorials

Clean up/repair after malware infection

Prevent malware installing

Install Hijackthis

Start in Safe mode

Show hidden files/folders

enable/disable Active X controls

Disable Messenger service pop-ups

Use the Host file

Kill BraveSentry

Kill PSGuard, spysheriff, spytrooper, AntivirusGold, RazeSpyware, smitfraud-c

Kill Winfixer2005

Kill SysProtect

Kill SysProtect

Kill seeve.exe / mediamotors pop ups

Kill Sdbot-ADD / lockx.exe

Kill Spyaxe

Kill Spyfalcon

Kill SpywareStrike

Kill Spyware Quake

Kill Adware punisher

Kill Aurora pop ups

Kill E2Give

Kill MySearch

News/Articles

New Winfixer infection displays fake Blackworm warning

The real cost of Free security software

About us Contact us FAQ Links Privacy Statement Site Map Webmasters
Click here to add this page to your favourites
©Internet Inspiration, 2003.      All registered trademarks are observed and respected.
If you receive advertising pop ups whilst viewing this site, you are infected with an ad-serving parasite, because we don't use pop ups. See our Privacy & security section for help with detection and removal.