internetinspiration logo
             
Home Internet Guides Privacy & Security Must have software Internet Shopping Earn Money Fun & Games Freebies

Privacy & Security
Remove SpywareStrike - manual instructions

The removal procedure for SpywareStrike on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here


SpywareStrike is one of a fast developing list of spyware scanners that is using a CoolWebsearch Trojan to give warnings of infections to trick users into buying the product. It is a clone of the Spyaxe scanner

The number of these type of infections make this the most exploited vulnerability in Internet Explorer. It has caused so many problems Windows rushed through the patch to cover the vulnerability is now available. Once your system is clean UPDATE YOUR WINDOWS.

Infected computers will display the following warning in a balloon that pops up from the system tray on the taskbar with the following message.

System Intrusion Detected! Dangerous infection was detected on your PC The system will now download and install most efficient antimalware program to prevent data loss and your private information theft Click here to protect your computer from the biggest malware threats.

The Trojan can be completely removed using a combination of scanners and a specially written removal tool, see Here

To manually remove this trojan from your system,

You will need

Pocket killbox, from Here, to your desktop. Extract the files from the .zip folder.
Killbox is a small application created by Option^Explicit, www.bleepingcomputer.com to remove stubborn files and folders.

Ace Utilities (free trial), a comprehensive disk and registry cleaner to remove the remnants.

Removal proceedure

1) Set Windows to Show hidden files and folders. How to

2) Open Killbox, Copy and Paste the following files into the Paste Full path of File to Delete box, according to the version of Windows you use.
You should enter each file one at a time, select Delete on reboot and click the Kill file button, click yes to confirm, and No to reboot. If you receive a File not found message, just move onto the next file.

For Windows XP
C:\Program Files\SpywareStrike
C:\Windows\System32\mssearchnet.exe
C:\Windows\System32\nvctrl.exe
C:\Windows\System32\netwrap.dll
C:\Windows\System32\ncompat.tlb
C:\Windows\System32\mscornet.exe
C:\Windows\System32\wiatwain.dll

For Windows NT/2000
C:\Program Files\SpywareStrike
C:\Winnt\System32\mssearchnet.exe
C:\Winnt\System32\nvctrl.exe
C:\Winnt\System32\netwrap.dll
C:\Winnt\System32\ncompat.tlb
C:\Winnt\System32\mscornet.exe
C:\Winnt\System32\wiatwain.dll

For Windows 95/98/ME
C:\Program Files\SpywareStrike
C:\System\mssearchnet.exe
C:\System\nvctrl.exe
C:\System\netwrap.dll
C:\System\ncompat.tlb
C:\System\mscornet.exe
C:\System\wiatwain.dll



When all the files have been put into killbox, close the application.

3) The Trojan also creates a randomly named file, to find and remove it, open Windows explorer (Right Click the Start button and select Explore). In the left panel, click through the following sequence, depending on your operating system.
Note - C is the Drive letter that holds your Windows folders, change it to the letter of the drive if yours is different.

Windows XP ...................... C > Windows > System32 ,
Windows NT/2000.......C > Winnit > System32,
Windows 95, 98, ME .. C > System

Look in the right panel for the file hp****.tmp, where **** is a random series of, usually  4 letters and numbers. If more than one of these files exists, remove all of them by Right Click on the file and select Delete.
Close the Windows Explorer box.

4) Close down and Restart your PC. When you restart, you may receive some File not found messages. This is because the Registry keys have yet to be removed.

5) Open Ace utilities

Perform the following scans, whilst we are targeting spyaxe, this cleaner will remove many other redundant or obsolete files and registry keys.

Click clean up , select remove Junk Files. Scan and delete everything found. Close the remove junk files box.

Select Clean system registry. Click options and select Thorough. Scan and delete everything found. Close the Clean system registry box.

Select Erase History, click the Windows tab and select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray
Click Execute Now

Click the internet Explorer/MSN tab and select the following-
Delete cookies
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)
Click Execute Now.

You computer should now be free of Spyaxe.

If the warnings still appear from your taskbar, and you are 100% sure the infection has gone, Right click on a blank part of the taskbar and select properties. In the box that opens up, click the Customize button
Look for these two items spyaxe and Virus alert. Click on each on in turn, this will display a drop down list to the right of the icon, in the behaviour column. Select always hide

If your Homepage has been changed, right click on the Internet explorer icon on your desktop or Start menu to open the internet properties box. Select the Programs tab and click the Reset Web settings button.

Your computer should now be free af Spywarestrike

Microsoft issued a security update for Windows 2000 and XP to cover the vulnerability used by this trojan to infect your PC. To prevent future infections, update your Windows operating system. Start > All programs > Windows update.
Users of Windows 95, 98 and ME. Microsoft do not consider this flaw to be 'critical' and falls outside of their support policy only only issuing updated for 'critical security issues.

 This information is provided free of charge/subscription/registration and without warranty.
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security

Information

E-mail

Viruses

hackers, crackers & firewalls

Trojans

Spyware

Keyloggers

Cookies

BHO's & Hijackers

Drive by downloads

diallers

Scams & Hoaxes

Hijack this-
automatic analysis

Free pest scan

Unwanted processes

How to-Tutorials

Clean up/repair after malware infection

Prevent malware installing

Install Hijackthis

Start in Safe mode

Show hidden files/folders

enable/disable Active X controls

Disable Messenger service pop-ups

Use the Host file

Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings
removal tool

Kill E2Give

Kill MySearch

Kill Sdbot-ADD / lockx.exe

Kill seeve.exe / mediamotors pop ups

Kill Winfixer2005

Kill SysProtect

News/Articles

New Winfixer infection displays fake Blackworm warning

The real cost of Free security software
About us Contact us FAQ Links Privacy Statement Site Map Webmasters
Click here to add this page to your favorites
©Internet Inspiration, 2003.      All registered trademarks are observed and respected.
If you receive advertising pop ups whilst viewing this site, you are infected with an ad-serving parasite, because we don't use pop ups. See our Privacy & security section for help with detection and removal.