tool anti-spyaxe

Forumul Softpedia > Soft Related / OS > Antivirus & Security > Solutii AntiMalware

Mimike
5th December 2005, 21:58


stiu ca pare un subiect "fumat" dar as aprecia daca mi-ati putea da un sfat despre cum pot scapa despre spyaxe, fie prin hijackthis, fie printr-un tool. va multumesc anticipat

btw, logul de la hijackthis e:

Logfile of HijackThis v1.99.1
Scan saved at 22:05:39, on 05.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NetLimiter 2\nlsvc.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ctfmon.exe
C:\Program Files\Spybot\SpybotSD.exe
C:\hjt\HijackThis.exe

O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp7C01.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O4 - HKCU\..\Run: [SpywareKilla] "C:\PROGRA~1\SPYWAR~1\SpywareKilla.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc.../bridge-c11.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2\nlsvc.exe
Daisuke
5th December 2005, 22:12
Poti dezinstala si acest program dubios din Add/Remove Programs: SpywareKilla.

Download SpyAxeFix.exe © noahdfear. Salveaza-l pe desktop. Inchide toate ferestrele si browserul. Double click SpyAxeFix.exe, apoi click Start ca sa extragi tool-ul intr-un folder al sau pe desktop. Deschide folderul SpyAxeFix si double click pe SpyAxeFix.bat. Taskbar o sa dispara pentru o clipa si computer va reporni dupa ce tool-ul termina treaba. In folderul SpyAxeFix vei gasi un log (TXT). Posteaza te rog continutul acelui log.
 
Mimike
5th December 2005, 22:27
nu pot accesa spyaxefix.bat. unu la mana avg-ul mi-l detecteaza ca virus. doi la mana windowsu imi spune ca nu am permisiunea sa il accesez
Daisuke
5th December 2005, 22:34
Toolul este OK. Nu e virus. Cred ca AVG da un false positive. Inchide AVG pana faci download si folosesti toolul.
Eu l-am scanat cu McAfee, BitDefender si Kaspersky care nu au gasit nimic.

Tool-ul iti face reboot la PC si kill la procese. Probabil asta detecteaza AVG si il blocheaza. Foloseste-l cu incredere.
Mimike
5th December 2005, 22:45
l-am redownloadat si reinstalat cu avg-ul dezactivat. nici astfel nu pot sa accesez spyaxefix.bat.
mesaj de eroare :"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
Daisuke
5th December 2005, 23:18
Ai cont de administrator ? Incearca in safemode daca nu merge altfel.
Daisuke
10th December 2005, 11:25
Ad-Aware poate scoate SpyAxe incepand de ieri, 9 decembrie:

QUOTE(Lavasoft)
We have received numerous reports from customers and users about the ever increasing problem
of SpyAxe.

SpyAxe is an Anti-Spyware application which is currently known to be installed without user consent.

Users can be misled by a fake ‘Windows Update’ message generated by a trojan, claiming that “Your computer is infected” and advising you to click a link to install SpyAxe.

Du to the increase in complaints and variants in the last few days we are releasing a rapid response update to address this problem.

You may update your Ad-Aware application by using the webupdate feature, or by downloading the definition file from http://www.lavasoft.com/support/download/
 
Mimike
10th December 2005, 16:44
multumesc mult. chiar astazi dadusem un update la adaware-ul meu si am vazut ca dupa ce am scanat cu el, mi-a disparut problema cu spyaxe. intr-adevar asa am reusit sa scap de el, pt ca prin spyaxefix-ul trimis de dvs, nu am rezolvat nimic. nici in safe mode si nici cu avg-ul deconectat nu am putut sa il accesez. multumesc
JimCarrey
14th December 2005, 23:22
A aparut versiunea spyaxe 3.0
pe asta nu am reusit sa o mai scot cu nimic
a reusit cineva sa rezolve si versiunea asta?
Daisuke
14th December 2005, 23:48


SmitRem a fost updatat ieri ca sa inlature ultima varianta SpyAxe.
http://noahdfear.geekstogo.com/

Daca te pricepi il poti folosi. Daca nu, you know the drill smile.gif : deschide un nou topic si posteaza un log HijackThis.

[later]
Ad-Aware a facut azi update la semnaturi, dar nu si pentru SpyAxe.
[/later]
deceneu
15th March 2008, 18:22
[quote name='Mimike' date='Dec 5 2005, 22:58' post='1090897']
stiu ca pare un subiect "fumat" dar as aprecia daca mi-ati putea da un sfat despre cum pot scapa despre spyaxe, fie prin hijackthis, fie printr-un tool. va multumesc anticipat
btw, logul de la hijackthis e:
C:\WINDOWS\ctfmon.exe...


mie kaspersky mi-a gasit asa:
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Spy.Win32.GhostKeyLogger.c File: C:\WINDOWS\ctfmon.dll
deleted: Trojan program Trojan-Spy.Win32.GhostKeyLogger.c File: C:\WINDOWS\CTFMON.EXE

c:\windows\ctfmon.exe e virus! sterge-l, la fel si c:\windows\ctfmon.dll.

c:\windows\system32\ctfmon.exe - e fisier bun, de windows.
MS-Windows
15th March 2008, 18:32
Tocmai ai raspuns unui topic de acum 3 ani.
pykko
15th March 2008, 21:35
Acest topic va fi inchis datorita vechimii sale.
Reclama
A minute ago
Esti student? Beneficiaza acum de gratuitatile si reducerile de iarna!
Aceasta este o versiune simplificatã a paginii originale. Pentru a vizita versiunea originala click aici.