Privacy & Security
Remove SpywareStrike - manual instructions
 The removal procedure for SpywareStrike on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here |
SpywareStrike is one of a fast developing list of spyware scanners that is using a CoolWebsearch Trojan to give warnings of infections to trick users into buying the product. It is a clone of the Spyaxe scanner
The number of these type of infections make this the most exploited vulnerability in Internet Explorer. It has caused so many problems Windows rushed through the patch to cover the vulnerability is now available. Once your system is clean UPDATE YOUR WINDOWS.
Infected computers will display the following warning in a balloon that pops up from the system tray on the taskbar with the following message.
System Intrusion Detected! Dangerous infection was detected on your PC The system will now download and install most efficient antimalware program to prevent data loss and your private information theft Click here to protect your computer from the biggest malware threats.
The Trojan can be completely removed using a combination of scanners and a specially written removal tool, see Here
To manually remove this trojan from your system,
You will need
Pocket killbox, from Here, to your desktop. Extract the files from the .zip folder.
Killbox is a small application created by Option^Explicit, www.bleepingcomputer.com to remove stubborn files and folders.
Ace Utilities (free trial), a comprehensive disk and registry cleaner to remove the remnants.
Removal proceedure
1) Set Windows to Show hidden files and folders. How to
2) Open Killbox, Copy and Paste the following files into the Paste Full path of File to Delete box, according to the version of Windows you use.
You should enter each file one at a time, select Delete on reboot and click the Kill file button, click yes to confirm, and No to reboot. If you receive a File not found message, just move onto the next file.
For Windows XP
C:\Program Files\SpywareStrike
C:\Windows\System32\mssearchnet.exe
C:\Windows\System32\nvctrl.exe
C:\Windows\System32\netwrap.dll
C:\Windows\System32\ncompat.tlb
C:\Windows\System32\mscornet.exe
C:\Windows\System32\wiatwain.dll
For Windows NT/2000
C:\Program Files\SpywareStrike
C:\Winnt\System32\mssearchnet.exe
C:\Winnt\System32\nvctrl.exe
C:\Winnt\System32\netwrap.dll
C:\Winnt\System32\ncompat.tlb
C:\Winnt\System32\mscornet.exe
C:\Winnt\System32\wiatwain.dll
For Windows 95/98/ME
C:\Program Files\SpywareStrike
C:\System\mssearchnet.exe
C:\System\nvctrl.exe
C:\System\netwrap.dll
C:\System\ncompat.tlb
C:\System\mscornet.exe
C:\System\wiatwain.dll

When all the files have been put into killbox, close the application.
3) The Trojan also creates a randomly named file, to find and remove it, open Windows explorer (Right Click the Start button and select Explore). In the left panel, click through the following sequence, depending on your operating system.
Note - C is the Drive letter that holds your Windows folders, change it to the letter of the drive if yours is different.
Windows XP ...................... C > Windows > System32 ,
Windows NT/2000.......C > Winnit > System32,
Windows 95, 98, ME .. C > System
Look in the right panel for the file hp****.tmp, where **** is a random series of, usually 4 letters and numbers. If more than one of these files exists, remove all of them by Right Click on the file and select Delete.
Close the Windows Explorer box.
4) Close down and Restart your PC. When you restart, you may receive some File not found messages. This is because the Registry keys have yet to be removed.
5) Open Ace utilities
 Perform the following scans, whilst we are targeting spyaxe, this cleaner will remove many other redundant or obsolete files and registry keys.
Click clean up , select remove Junk Files. Scan and delete everything found. Close the remove junk files box.
Select Clean system registry. Click options and select Thorough. Scan and delete everything found. Close the Clean system registry box.
Select Erase History, click the Windows tab and select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray
Click Execute Now
Click the internet Explorer/MSN tab and select the following-
Delete cookies
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)
Click Execute Now.
You computer should now be free of Spyaxe.
If the warnings still appear from your taskbar, and you are 100% sure the infection has gone, Right click on a blank part of the taskbar and select properties. In the box that opens up, click the Customize button
Look for these two items spyaxe and Virus alert. Click on each on in turn, this will display a drop down list to the right of the icon, in the behaviour column. Select always hide
If your Homepage has been changed, right click on the Internet explorer icon on your desktop or Start menu to open the internet properties box. Select the Programs tab and click the Reset Web settings button.
Your computer should now be free af Spywarestrike
Microsoft issued a security update for Windows 2000 and XP to cover the vulnerability used by this trojan to infect your PC. To prevent future infections, update your Windows operating system. Start > All programs > Windows update.
Users of Windows 95, 98 and ME. Microsoft do not consider this flaw to be 'critical' and falls outside of their support policy only only issuing updated for 'critical security issues.
This information is provided free of charge/subscription/registration and without warranty.
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
|
Privacy & Security
Information
E-mail
Viruses
hackers, crackers & firewalls
Trojans
Spyware
Keyloggers
Cookies
BHO's & Hijackers
Drive by downloads
diallers
Scams & Hoaxes
Hijack this-
automatic analysis
Free pest scan
Unwanted processes
How to-Tutorials
Clean up/repair after malware infection
Prevent malware installing
Install Hijackthis
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings
removal tool
Kill E2Give
Kill MySearch
Kill Sdbot-ADD / lockx.exe
Kill seeve.exe / mediamotors pop ups
Kill Winfixer2005
Kill SysProtect
News/Articles
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software
|