Privacy & Security
How to remove Spyaxe
| The removal tool/procedure for Spyaxe on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here
Spyaxe has joined the ever increasing list of scanners that uses a CWS Trojan to display fake virus or system error warnings to trick users into buying the application.
Its makers, topantispy.com are currently blaming its affiliates for what they describe as "illegal advertising of their product", but this is quickly becoming a common phrase amongst the 'malware industry' and is easily interpreted as a 'legal cop out'.
The makers have an uninstaller, but the level of trust in a company falls dramatically when they, or their affiliates are allowed to use such practices to sell their products, so its use is not recommended.
Visible signs of infection
A balloon displays an 'infection warning' in the bottom right hand corner of the screen, from an icon that resembles the Windows security centre giving the impression the warning is from the operating system. The balloon can also pop up from a flashing red X icon.
Clicking on the balloon will open the spyaxe.com homepage.
In some cases, the home page is changed to
and you may receive advertising pop ups.
Note - This removal tool will no longer be updated for newer variants, instead you should use its replacement Roguefix.
You will need
1) SmitRem.zip A tool created by noadfear, and updated to include spyaxe. Download it onto your desktop. This removal tool was updated on 8th January 2006 to include new variants. If you downloaded smitrem previous to that date and removal has failed, download a new copy of the updated version.
2) Ewidow Security suite Only for Windows XP or 2000, for other Windows versions, carry out the removal procedure without Ewido. If after Installing Ewido your system slows down, disable the 'Realtime protection'
3) Ad-Aware SE If you have this already installed, check for updates.
4) Ace Utilities (free trial), a comprehensive disk and registry cleaner to remove the remnants.
Cautionary note : This collection of cleaning tool includes Remove Duplicate files, Remove Empty folders and Auto-Start manager. these options should not be attempted unless you are fully able to understand and investigate the output. Acting on a misinterpretation of the results could result in damage to your System.
I suggest you print out these instructions or Copy and paste them onto notepad (Start > Programs > Accessories > notepad) and save it to your desktop (File > Save) as you will be working offline in Safe Mode.
a) Restart your computer in Safe Mode
|Note- Some people have reported the computer does not function in Safe Mode. In which case, restart in normal mode and download Advanced Process termination, which will use 9 different techniques to stop the processes running.
Highlight any processes with the following as the last part of the file path in turn and click the button marked All. Once the processes no longer show, (check by clicking the refresh button) proceed with the removal in normal operational mode.
\mscornet.exe, \mssearchnet.exe, \nvctrl.exe, \sa1.exe \spyaxe.exe
b) Right click on the smitrem.exe icon on your desktop and select Open to extract its contents.
which will be shown on the desktop as a new folder called smitrem, double click this folder to open the box shown below.
Double click the icon called RunThis.bat.
Allow the tool to run, when it has finished it will open Windows disk clean up. This may take a while, depending on your normal cleaning routine.
c) Open Ewido, perform a full system scan and remove anything found.
d) Open Ad-aware SE, perform a full system scan and remove anything found.
e) Restart your PC.
f) Open Ace utilities
Perform the following scans, whilst we are targeting spyaxe, this cleaner will remove many other redundant or obsolete files and registry keys.
Click clean up , select remove Junk Files. Scan and delete everything found. Close the remove junk files box.
Select Clean system registry. Click options and select Thorough. Scan and delete everything found. Close the Clean system registry box.
Select Erase History, click the Windows tab and select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray (thanks Angus)
Click Execute Now
Click the internet Explorer/MSN tab and select the following-
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)
Click Execute Now.
You computer should now be free of Spyaxe.
If the warnings still appear from your taskbar, and you are 100% sure the infection has gone, Right click on a blank part of the taskbar and select properties. In the box that opens up, click the Customize button
Look for these two items spyaxe and Virus alert. Click on each on in turn, this will display a drop down list to the right of the icon, in the behaviour column. Select always hide
If your Homepage has been changed, right click on the Internet explorer icon on your desktop or Start menu to open the internet properties box. Select the Programs tab and click the Reset Web settings button.
Microsoft issued a security update for Windows 2000 and XP to cover the vulnerability used by this trojan to infect your PC. To prevent future infections, update your Windows operating system. Start > All programs > Windows update.
Users of Windows 95, 98 and ME. Microsoft do not consider this flaw to be 'critical' and falls outside of their support policy only only issuing updated for 'critical security issues.
.....and just in case you are interested in who has put you through all this,
This information is provided free of charge/subscription/registration and without warranty. All the usual disclaimer jargon applies.
|Joshua Veronimo ([email protected])
U-12 Gamma Commercial Complex
47 Rizal Highway
cor. Manila Av,
|Whois registrant for Spyaxe.com and spyaxe.biz.
187th Ave, 5 King County
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security
hackers, crackers & firewalls
BHO's & Hijackers
Drive by downloads
Scams & Hoaxes
Free pest scan
Clean up/repair after malware infection
Prevent malware installing
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Kill PSGuard, spysheriff, spytrooper, AntivirusGold, RazeSpyware, smitfraud-c
Kill seeve.exe / mediamotors pop ups
Kill Sdbot-ADD / lockx.exe
Kill Spyware Quake
Kill Adware punisher
Kill Aurora pop ups
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software