internetinspiration logo
Home Internet Guides Privacy & Security Must have software Internet Shopping Earn Money Fun & Games Freebies

Privacy & Security
How to remove Spyaxe

The removal tool/procedure for Spyaxe on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here

Spyaxe has joined the ever increasing list of scanners that uses a CWS Trojan to display fake virus or system error warnings to trick users into buying the application.

Its makers, are currently blaming its affiliates for what they describe as "illegal advertising of their product", but this is quickly becoming a common phrase amongst the 'malware industry' and is easily interpreted as a 'legal cop out'.

The makers have an uninstaller, but the level of trust in a company falls dramatically when they, or their affiliates are allowed to use such practices to sell their products, so its use is not recommended.

Visible signs of infection

A balloon displays an 'infection warning' in the bottom right hand corner of the screen, from an icon that resembles the Windows security centre giving the impression the warning is from the operating system. The balloon can also pop up from a flashing red X icon.

Clicking on the balloon will open the homepage.

In some cases, the home page is changed to
and you may receive advertising pop ups.

Note - This removal tool will no longer be updated for newer variants, instead you should use its replacement Roguefix.

You will need

1) A tool created by noadfear, and updated to include spyaxe. Download it onto your desktop. This removal tool was updated on 8th January 2006 to include new variants. If you downloaded smitrem previous to that date and removal has failed, download a new copy of the updated version.

2) Ewidow Security suite Only for Windows XP or 2000, for other Windows versions, carry out the removal procedure without Ewido. If after Installing Ewido your system slows down, disable the 'Realtime protection'

3) Ad-Aware SE If you have this already installed, check for updates.

4) Ace Utilities (free trial), a comprehensive disk and registry cleaner to remove the remnants.
Cautionary note : This collection of cleaning tool includes Remove Duplicate files, Remove Empty folders and Auto-Start manager. these options should not be attempted unless you are fully able to understand and investigate the output. Acting on a misinterpretation of the results could result in damage to your System.

Removal procedure

I suggest you print out these instructions or Copy and paste them onto notepad (Start > Programs > Accessories > notepad) and save it to your desktop (File > Save) as you will be working offline in Safe Mode.

a) Restart your computer in Safe Mode
Note- Some people have reported the computer does not function in Safe Mode. In which case, restart in normal mode and download Advanced Process termination, which will use 9 different techniques to stop the processes running.
Highlight any processes with the following as the last part of the file path in turn and click the button marked All. Once the processes no longer show, (check by clicking the refresh button) proceed with the removal in normal operational mode.
\mscornet.exe,      \mssearchnet.exe,      \nvctrl.exe,     \sa1.exe      \spyaxe.exe

b) Right click on the smitrem.exe icon on your desktop and select Open to extract its contents.
which will be shown on the desktop as a new folder called smitrem, double click this folder to open the box shown below.
Double click the icon called RunThis.bat.

Allow the tool to run, when it has finished it will open Windows disk clean up. This may take a while, depending on your normal cleaning routine.

c) Open Ewido, perform a full system scan and remove anything found.

d) Open Ad-aware SE, perform a full system scan and remove anything found.

e) Restart your PC.

f) Open Ace utilities

Perform the following scans, whilst we are targeting spyaxe, this cleaner will remove many other redundant or obsolete files and registry keys.

Click clean up , select remove Junk Files. Scan and delete everything found. Close the remove junk files box.

Select Clean system registry. Click options and select Thorough. Scan and delete everything found. Close the Clean system registry box.

Select Erase History, click the Windows tab and select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray
   (thanks Angus)
Click Execute Now

Click the internet Explorer/MSN tab and select the following-
Delete cookies
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)

Click Execute Now.

You computer should now be free of Spyaxe.

If the warnings still appear from your taskbar, and you are 100% sure the infection has gone, Right click on a blank part of the taskbar and select properties. In the box that opens up, click the Customize button
Look for these two items spyaxe and Virus alert. Click on each on in turn, this will display a drop down list to the right of the icon, in the behaviour column. Select always hide

If your Homepage has been changed, right click on the Internet explorer icon on your desktop or Start menu to open the internet properties box. Select the Programs tab and click the Reset Web settings button.

Microsoft issued a security update for Windows 2000 and XP to cover the vulnerability used by this trojan to infect your PC. To prevent future infections, update your Windows operating system. Start > All programs > Windows update.
Users of Windows 95, 98 and ME. Microsoft do not consider this flaw to be 'critical' and falls outside of their support policy only only issuing updated for 'critical security issues.

.....and just in case you are interested in who has put you through all this,

Joshua Veronimo ([email protected])
U-12 Gamma Commercial Complex
47 Rizal Highway
cor. Manila Av,
Olongapo City
1300 PH
TEL: +632.8323123
FAX: +632.8323123

Whois registrant for and
David Taylor
SunShine Ltd
187th Ave, 5 King County
98101 US
Tel. +206.9543154
[email protected]
This information is provided free of charge/subscription/registration and without warranty. All the usual disclaimer jargon applies.
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security




hackers, crackers & firewalls





BHO's & Hijackers

Drive by downloads


Scams & Hoaxes

Hijack this-
automatic analysis

Free pest scan

Unwanted processes

How to-Tutorials

Clean up/repair after malware infection

Prevent malware installing

Install Hijackthis

Start in Safe mode

Show hidden files/folders

enable/disable Active X controls

Disable Messenger service pop-ups

Use the Host file

Kill BraveSentry

Kill PSGuard, spysheriff, spytrooper, AntivirusGold, RazeSpyware, smitfraud-c

Kill Winfixer2005

Kill SysProtect

Kill SysProtect

Kill seeve.exe / mediamotors pop ups

Kill Sdbot-ADD / lockx.exe

Kill Spyaxe

Kill Spyfalcon

Kill SpywareStrike

Kill Spyware Quake

Kill Adware punisher

Kill Aurora pop ups

Kill E2Give

Kill MySearch


New Winfixer infection displays fake Blackworm warning

The real cost of Free security software

Wintask 5 Pro
Wintask 5 Pro
Wintask 5 Pro
About us Contact us FAQ Links Privacy Statement Site Map Webmasters
Click here to add this page to your favourites
©Internet Inspiration, 2003.      All registered trademarks are observed and respected.
If you receive advertising pop ups whilst viewing this site, you are infected with an ad-serving parasite, because we don't use pop ups. See our Privacy & security section for help with detection and removal.