Lavasoft Rapid Response to SpyAxe

[kcnychief]

I received this e-mail a few minutes ago, thought it would be good to post:

We have received numerous reports from customers and users about the ever increasing problem of SpyAxe.

SpyAxe is an Anti-Spyware application which is currently known to be installed without user consent.

Users can be misled by a fake 'Windows Update' message generated by a trojan, claiming that "Your computer is infected" and advising you to click a link to install SpyAxe.

Du to the increase in complaints and variants in the last few days we are releasing a rapid response update to address this problem.
You may update your Ad-Aware application by using the webupdate feature, or by downloading the definition file from [URL="http://www.lavasoft.com/support/download/"]http://www.lavasoft.com/support/download/[/URL]

Along with their definition file update:

============================================
Definition file Notification - Lavasoft News ============================================
SE1R79 09.12.2005
New Definitions:
========================
-
Updated Definitions:
========================
Malware.SpyAxe +5
The MD5 checksum for the defs.ref file is f89254085ed1e846d0a8acfc7a05aca5
Additional Information
============================================
You can use Webupdate to install the new reference file, or download it manually from:
http://download.lavasoft.de.edgesuite.net/public/defs.zip
If you think something needs to be sent to us for review, visit our submission site at:
http://www.lavasofthelp.net/submit/
If you have any questions, please contact us at:
http://www.lavasoftsupport.com
Thanks to everybody who submitted us files for evaluation!
The Lavasoft Research & Development Team

 

[jpom]

Too bad that it can a little to late for me, I just had to format a computer to get rid of it at the beginnning of the week. I deleted reg entries, program files, uninstalled it in various ways, tried adaware, spybot, MS, counterspy and everytime it was removed it would just come back on the next reboot. Extremely Annoying program.

 

[Electronic Punk]

You could have always tried safe mode or using msconfig to prevent anything from loading... or was that no good? Don't know as I have never been infected by it myself.

 

[kcnychief]

What is your IP address, I can take care of that

 

[jpom]

EP, nope no good either, it wouldn't load in safe mode and I'd go an delete everything and it would still come back when I rebooted again. My only thought is that it cached some files some obscure place and along with some sort of hidden reg entry or some such that installed/ran those files at bootup. I don't know how feasible the theory is but it's the only one I can come up with. All i know is that it was one hell of an SOB to get rid of.

I'll get right on that kcnychief

 

[kcnychief]

I've seen viruses that do similar things to that, I believe I refered to them as "droppings"

Basically, your scanner or other software will pick up a virus, but it will only be a piece of it, and it will re-spawn after a reboot. Common places the droppings tend to hide are c:\windows\prefetch or the c:\windows\system32.

Sometimes they are a bit tricky, did you loose any data in the format?

 

[muzikool]

What is your IP address, I can take care of that

127.0.0.1

What's yours?

 

[kcnychief]

DUH - see my siggy

there's no place like 127.0.0.1 :nervous:

 

[Mastershakes]

It's your Local Host



No place like Local Host

 

[kcnychief]

It's your Local Host