• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Lavasoft Rapid Response to SpyAxe

kcnychief

█▄█ ▀█▄ █
Political User
#1
I received this e-mail a few minutes ago, thought it would be good to post:


We have received numerous reports from customers and users about the ever increasing problem of SpyAxe.

SpyAxe is an Anti-Spyware application which is currently known to be installed without user consent.

Users can be misled by a fake 'Windows Update' message generated by a trojan, claiming that "Your computer is infected" and advising you to click a link to install SpyAxe.

Du to the increase in complaints and variants in the last few days we are releasing a rapid response update to address this problem.
You may update your Ad-Aware application by using the webupdate feature, or by downloading the definition file from
http://www.lavasoft.com/support/download/
Along with their definition file update:

============================================
Definition file Notification - Lavasoft News ============================================
SE1R79 09.12.2005
New Definitions:
========================
-
Updated Definitions:
========================
Malware.SpyAxe +5
The MD5 checksum for the defs.ref file is f89254085ed1e846d0a8acfc7a05aca5
Additional Information
============================================
You can use Webupdate to install the new reference file, or download it manually from:
http://download.lavasoft.de.edgesuite.net/public/defs.zip
If you think something needs to be sent to us for review, visit our submission site at:
http://www.lavasofthelp.net/submit/
If you have any questions, please contact us at:
http://www.lavasoftsupport.com
Thanks to everybody who submitted us files for evaluation!
The Lavasoft Research & Development Team

 

jpom

OSNN Addict
#2
Too bad that it can a little to late for me, I just had to format a computer to get rid of it at the beginnning of the week. I deleted reg entries, program files, uninstalled it in various ways, tried adaware, spybot, MS, counterspy and everytime it was removed it would just come back on the next reboot. Extremely Annoying program.
 

Electronic Punk

willalwaysbewithyou
Staff member
Political User
#3
You could have always tried safe mode or using msconfig to prevent anything from loading... or was that no good? Don't know as I have never been infected by it myself.
 

jpom

OSNN Addict
#5
EP, nope no good either, it wouldn't load in safe mode and I'd go an delete everything and it would still come back when I rebooted again. My only thought is that it cached some files some obscure place and along with some sort of hidden reg entry or some such that installed/ran those files at bootup. I don't know how feasible the theory is but it's the only one I can come up with. All i know is that it was one hell of an SOB to get rid of.

I'll get right on that kcnychief :)
 

kcnychief

█▄█ ▀█▄ █
Political User
#6
I've seen viruses that do similar things to that, I believe I refered to them as "droppings"

Basically, your scanner or other software will pick up a virus, but it will only be a piece of it, and it will re-spawn after a reboot. Common places the droppings tend to hide are c:\windows\prefetch or the c:\windows\system32.

Sometimes they are a bit tricky, did you loose any data in the format?
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,015
Latest member
evaiwhitis