Privacy & Security
Kill PSGuard, Isecurity guard, Antivirus gold, Spysherrif, RazeSpyware, spyaxe, spywarestrike, spytrooper and others.
Information and removal instructions
 The removal tool/procedure on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here |
The infamous 'Coolwebsearch' stable have turned their attentions to desktop hijackings. This has prompted yet another malware sub title called scareware
The main purpose appears to be to trick owners of infected machines into buying a variety of substandard or useless virus/spyware scanners, the most widely distributed has been Spyaxe,
Anti-virus vendors have a variety of names for these infections, including Alemod, AleSpy, Desktophijack, Nsag, Startpage, Zlob and Oleadm, but at the moment, none appear to be successful with removal.
If the Trojan fails to install properly, it will give a explorer application error 0xc000005 when starting your PC.
Visible signs of infection are -
Warnings of either a virus or spyware, these can be general or for a named problem, examples
iworm_attck_v122.02a
w32.sinnaka.a@mm
Smitfraud-c
Critical system errors
system intrusion detected
they can appear as -
All or part of your desktop.
Your Homepage
Pop up windows.
Balloons from an alert icon or red cross in the system tray, (right side of the task bar).
The warnings can have the visual appearance of the Windows operating system.
With some variants your home page could be changed to one of the following
Secure32.htm,
Syserrors.com,
updateyoursystem.com
pcadprotector
www.securitycaution.com
www.needupdate.com/
www.findthewebsiteyouneed.com ,
www.patchyoursystem.com
www.theguardservices.com
Links on the warnings will direct to a website promoting one or more of the scanners listed below or initiate a download for one of them.
Antivirus gold
ISecurity Guard
MalwareWipe |
PSGuard
Razespyware
Security toolbar
Spyaxe |
SpyGuard
Spy IGuard
Spysherrif
Spytrooper |
Spywarestrike
Winhound
World Antispy |
NOTE : Newer variants are not completely uninstalled using this method,
For SpyFalcon, Click here , Adware Punisher Click here Alfacleaner Click here Spyware Quake Click here BraveSentry Click here
It can also install Virtual Maid, Search Maid and other malware.
Pop up advertisements for gaming or pornography may be displayed.
The Fix
You will need -
SmitRem.zip, a file written by the guys at geekstogo.com to remove the infected files and replace the overwritten Windows files. Download to your desktop and extract the files ready for use.
Ewidow Security suite. A free version is available. Download, install and update ready for use.
Note-Ewido is only available for computers running Windows XP and 2000, for other Windows versions, use A squared
Ad-Aware SE If you have this already installed, check for updates.
Ace Utilities. A comprehensive disk and system cleaning utility, a free trial version is available.
Cautionary note : This collection of cleaning tool includes Remove Duplicate files, Remove Empty folders and Auto-Start manager. these options should not be attempted unless you are fully able to understand and investigate the output. Acting on a misinterpretation of the results could result in damage to your System.
Removal Procedure.
You should either print out these instructions or copy and paste them to notepad and save to your desktop, as you will not be online during removal.
1) Restart your PC in Safe mode. How to.
2) Open the smitrem folder on your desktop and double click the file called RunThis.bat.
 Follow the prompts and allow the tool to completely finish.
 After the scan has run, it will automatically start the Windows clean up utility, so you may need to be patient.
2) Open Ewido security suite (or A squared) and perform a full system scan, remove anything found.
3) Open Adaware SE and perform a full system scan, remove anything found.
4) Click Start > Control panel > Display (or Start> Settings > Control panel > display depending on which version of Windows you use) to open the Display properties box..
For Windows 98, ME, 2000 -
Click the Web tab and uncheck Show Web content on my Active Desktop.
For Windows XP -
Click the Desktop tab and then the Customize Desktop button to open the Desktop Items box.
Click the Web tab, to disable Active Desktop uncheck all checkboxes in this window (including Security).
Click Apply then OK
5) Open Ace utilities
 Perform the following scanning options.
Click clean up , select remove Junk Files. Scan and delete everything found. Close the remove junk files box.
Select Clean system registry. Click options and select Thorough. Scan and delete everything found. Close the Clean system registry box.
Select Delete History, click the Windows tab and select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray.
Click Execute Now
Click the internet Explorer/MSN tab and select the following-
Delete cookies
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)
Click Execute Now.
You can of course select any of the other options you wish to clean.
6) Restart computer in normal mode,
If your Homepage has been changed, right click on the Internet explorer icon on your desktop or Start menu to open the internet properties box. Select the Programs tab and click the Reset Web settings button.
Removal should now be complete.
Microsoft issued a security update for Windows 2000 and XP to cover the vulnerability used by this trojan to infect your PC. To prevent future infections, update your Windows operating system. Start > All programs > Windows update.
Users of Windows 95, 98 and ME. Microsoft do not consider this flaw to be 'critical' and falls outside of their support policy only only issuing updated for 'critical security issues.
This information is provided free of charge/subscription/registration and without warranty. All the usual disclaimer jargon applies.
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
|
Privacy & Security
Information
E-mail
Viruses
hackers, crackers & firewalls
Trojans
Spyware
Keyloggers
Cookies
BHO's & Hijackers
Drive by downloads
diallers
Scams & Hoaxes
Hijack this-
automatic analysis
Free pest scan
Unwanted processes
How to-Tutorials
Clean up/repair after malware infection
Prevent malware installing
Install Hijackthis
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Kill BraveSentry
Kill PSGuard, spysheriff, spytrooper, AntivirusGold, RazeSpyware, smitfraud-c
Kill Winfixer2005
Kill SysProtect
Kill SysProtect
Kill seeve.exe / mediamotors pop ups
Kill Sdbot-ADD / lockx.exe
Kill Spyaxe
Kill Spyfalcon
Kill SpywareStrike
Kill Spyware Quake
Kill Adware punisher
Kill Aurora pop ups
Kill E2Give
Kill MySearch
News/Articles
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software
|