# Spyaxe spyware



## mjman (Nov 11, 2005)

I originally posted this in windows XP section but thought this would be a better section. I sent following message, in quotes, to Spyaxe.com:

"Customer Service,

Somehow your website is installed in my toolbar (it shows up as a flashing yellow triangle symbol w/ an exclamation point (!) in the middle). When I click the symbol it leads to your website. I do not need spyware protection so please discontinue sending these annoying prompts.

I would appreciate a response as assurance that these actions will be discontinued and the effective date.

Thanks!"

I actually have varying websites (razespyware, PS Guard, spytrooper and world antispy) pop up when I doubleclick the yellow triangle. Spyaxe was the only one I e-mailed and their responce is below in quotes.

"Good day,

Please accept our sincere apologies about the fact that we did not answer you for a few days. 

The thing is - we received too many complaints on adware/popup/trojan activity on user's PC's related to our Anti-Spy ware product - Spyware Axe, And all this time the issue was under heavy investigation by our Staff and we could not answer each email because we waited for the results of investigation to make sure we discover the reason of this activity, find out who is the offender doing this and find out how to help You to fix it.

Finally, as a result of this investigation, with the help of our devoted users - we found out that one of our affiliates, under affid=10016-10018 was using the prohibited and illegal ways of advertising of our product - Spyware Axe. These advertising methods are completely prohibited by our TOS, and affiliate's actions are a rude violation of our Terms of Service and Privacy Policy. Thus, by now his account is already terminated and according legal actions have been made towards this person.

As a result of this investigation and great efforts of Spyware Axe technicians we came out with these Uninstallation files which should delete all this adware activity which was installed on your PC.

Below you can find quick instructions on how to use attached uninstallation files in order to clean your PC and completely wipe all the advertisements you have on it.

In order to clean your PC from infections related to Spyware Axe product, please follow the instructions below:

1) Save Uninstallers.zip from xxxxxxx to your desktop or HDD. 

2) Extract 2 files "illegal_adv_uninstall1.exe" and "illegal_adv_uninstall2.exe" to your desktop or your HDD using WinZip.

3) Execute both of them one by one by double-clicking with your mouse.

4) Reboot your PC

5) Your PC is now clean from the infections.

Again, please accept our deepest apologies from all the Spyware Axe staff. We are doing our best to help you in this issue.

Please let me know if you have any other questions or issues related to Spyware Axe product.

Thank you for your understanding and support.

Kind Regards,

Joshua Veronimo
Support Department
Spyware Axe Staff
Phone: 206-339-5073
FAX: 206-339-5073"

Does the above make sense or is it a scam????

Thanks,

mjman


----------



## Vikesrock8411 (Jun 11, 2005)

The story they have given is what many have suspected was happening. Regarding the usefullness of the uninstallers, I do not have the technical expertise to determine whether or not they will fully eliminate the infection. 

For this reason the only course of action I would recommend until these uninstallers have been tested would be to download *HijackThis* - this program will help us determine if there are any spyware/malware on your computer. Create a folder at *C:\HJT* and move HijackThis.exe there. Run a scan and save the log file. Copy the entire log including the system information header, and post it here. This is an infection we are familiar with and we have our own method's for getting it off your PC.


----------



## unclewoja (Nov 12, 2005)

I d/led the uninstallers from the link posted in this thread. They're legit. They removed the spyaxe problem from my system.

I was considering formating my system to get rid of the infection anyway so I thought what the hell.


----------



## tetonbob (Jan 10, 2005)

The thing to keep in mind here is that while the company may have helped you uninstall their product which the say was illegally advertised and installed on your system, there may be more nasties hiding which the same installation technique allowed. Another thing to keep in mind is that this same company's product is listed on *EricHowes' rogueware site*. Still another thing to keep in mind is that we here in Security generally do not trust a known malware product's own uninstaller.

I have cleaned components of the smitfraud infection from more than one user's system in the last few days after complaints of this SpyAxe install.

Best to be thorough, and check for other nasties. HJT and online scans are in order after having this product installed on your system.


----------



## sUBs (May 5, 2005)

I took the so-called uninstaller file & have it scanned by http://virusscan.jotti.org/
You may be interested in the results..










If you have used that infected file, I strongly recommend that you perform online scans with Internet Explorer at BOTH of the following sites:
 *Panda ActiveScan* 


 *Kaspersky Web Scanner*


----------



## tetonbob (Jan 10, 2005)

Hi mjman -

I've split your HJT log and created a new thread in the HJT forum...you can find it here:

http://www.techsupportforum.com/showthread.php?t=76445

I felt it was important to keep this info out here as well, so others might see that this so-called uninstaller is not safe.


----------



## Coorran (Nov 27, 2005)

*Spyaxe removal*

I did what you recommended, and it seems to have worked.

Panda did find 2 problems i couldn't fix, but they're not Spyaxe, i think.
View attachment smitfiles.txt


View attachment Rapport de scan_20051127.txt.txt


View attachment Activescan.txt


----------



## DeFcOn (Aug 20, 2005)

i would get a good antispyware program and a good firewall....just to be on the safe side


----------



## sultan_emerr (Dec 4, 2005)

DeFcOn said:


> i would get a good antispyware program and a good firewall....just to be on the safe side


Do you mean like www.avast.com 
and =Sygate Personal Firewall - http://mboverload.no-ip.org/tech.html ?

What about anti-spyware and a router?


----------



## Vikesrock8411 (Jun 11, 2005)

sultan_emerr said:


> Do you mean like www.avast.com
> and =Sygate Personal Firewall - http://mboverload.no-ip.org/tech.html ?
> 
> What about anti-spyware and a router?


Avast and Sygate is a great AV-Firewall combo. There are many different types of antispyware protection. Here are the ones I reccommend:

*Adaware SE* and *Spybot SD* are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

*Spyware Blaster* is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. *Spyware Guard* Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

*IE-Spyad* is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The *MVPS HOSTS* file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

*Alternative Programs*
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

*Trillian* or *Miranda-IM* - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

*Desktop Weather* - Free taskbar weather program that is free, malware free, and resource light.

*Firefox* - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

*Sun's Java* - It's much more secure than Microsoft's Java Virtual Machine.


----------



## tetonbob (Jan 10, 2005)

countsp -

I have split your post from here, and created a new thread for you in the HJT forum:

http://www.techsupportforum.com//se...elp-topics//79988-spyaxe-spyware-hjt-log.html


----------



## tetonbob (Jan 10, 2005)

Coorran said:


> I did what you recommended, and it seems to have worked.
> 
> Panda did find 2 problems i couldn't fix, but they're not Spyaxe, i think.


Coorran -

If you still require assistance, please post a HJT log in the our HJT forum.

Please download HijackThis  - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

---------------------------------

Any others reading this thread......please post your request for assistance regarding this or any infection in the HJT forum after getting a HJT log. We do not address individual HJT logs in the General Security forum.

Thank you.


----------

