my spyaxe smitfiles log

hello guys...first i'de like to thank all the help you provide to all of us.

this is the file i got after following the instructions in the spyaxe removal thread.


spyaxe is still here. What should i do next?

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Ok i finally got his done. The scans find some things. Spybot keep finding smitfraud but it cant remove it. One of the online scans (Bitdefender) found some stuff and deleted it. The other( Kaspersky On-line Scanner-) found some stuff but didnt have a option to delete.I dont think i remember an option to save the log either. I did all of the steps in that thread so now im running hijack this and will be back with the results in 2 mins. (will edit)

 

sorry, cant find the edit button. This is in normal mode

i also ran it in safemode like it says in the special removal thread. I found nothing from that list. ( I noticed a line with Spyaxe by the way. your intructions didnt say to remove it though, so I didnt)

 

You are running both AVG AntiVirus and Panda Antivirus. Don't have 2 AntiVirus programs installed on your computer. Pick one uninstall the other.

Scan with HijackThis and fix the following:

Download DelDomains and unzip it to your desktop.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

Afterwards run Spybot and make sure you re-Immunize immediately. Then run a full system scan. If you get any reported problems, attach the log from Spybot.

Post a fresh HJT log

 

I could not find those entries once i ran highjackthis again. I went ahead and installed that program, ran spybot and immunized. then i ran a scan and foun the entries posted on the log, all of which were fixed.(didnt find smitfraud entry this time ) I ran highjack this and the log is attached too.


awaiting further instructions

 

Please run the SmitRem tool again, and post the log. I want to make sure it shows clean.

You are still running to AntiVIrus programs. They will conflict with each other, and your system will be vulnerable because of it. Pick one uninstall the other; use either AVG or Panda, not both at once.

 

ok, I ran it again in safemode because thats how the instructions said to do it in that other thread. its attached.




I thought uninstalled the panda antivirus, which was a trial version, when you first told me. I tried to do it again, but its no longer on my list of programs in the control panel. How else could I uninstall it?

 

The SmitRem log is clean.

Follow the steps below:

First attempt to remove Panda from Control Panel, Add remove programs. Once this is done, make sure that there are no Panda Services running in the Services section in Control panel. Ensure they are stopped and set to disabled.

Open the Registry from Start, Run, write REGEDIT, and click on OK. Highlight 'My Computer' at the top of the list, then go to 'Edit' and 'Find'. Type 'panda' into the box and then click on 'Find Next'. This will search the Registry for panda files. When it brings up a folder or file, press 'delete' or right-click on the highlighted file/folder and select 'delete' from the menu to remove it. Then press 'F3' to search again and find the next Panda entry.

Continue to search and delete Panda entries in the Registry until no more entries are found. Then repeat this process, this time searching for 'pav'. When both searches are complete, close the Registry and restart the computer.

Once this operation has been carried out, using Windows Explorer delete the Panda Software folder that is below C:\Program files. You should also delete the following files Windows \system: PAV.SIG, APVXD.VXD, APVXDUT.VXD, PANDA.CHP.

By carrying out these operations, Panda Antivirus Titanium will be uninstalled.

 

before i do this, I have a few questions/comments.

-I cant find this services section in the control panel.
- I am getting results like "itunes" when i run that registry search with "panda" typed in. SHould i delte these anyway?

-I keep getting apyaxe reinstalled on my computer evrytime i reboot. So it seems to me like the spyware is still here.

can you clear this up for me?

 

SpyAxe should not be reinstalling on your computer.

Do the Following:

Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

Run Panda Online Scan. After the scan attach the log to your next post.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

ok, i did what that other response told me to do before i saw that you deleted it. here are the logs for those, if you need them. I will do the new stuff as soon as I can.

 

ok, I did what you told me. here are the logs. Spyaxe keeps reinstalling when i boot up still.

By the way i have windows ME intalled on my other harddrive. Thought i would let you know in case the worms might hide there or something.

oh, and can you tell me if panda antivirus is still installed?


thanks

 

Loacte the following file:

D:\WINDOWS\System32\ioctrl.dll

Right-click and select Properties, tell me the file size, Date/Time Created, Publisher, and file version.

Are you running SmitRem while in Safe Mode?

Next Download
- Registry Search Tool

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:

Press 'OK'

The search will run for a while then alert you when it is finished.

Press 'OK' and copy the contents of the WordPad window and post in this thread

Next please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Post both logs and the information on ioctrl.dll.

 

looked up the file and it was created on december 11 2005 8:48:12 pm (modified 2 hours later)

Yes, I ran smitrem in safe mode.

there was nothing found for antivirus-gold


log for RKfiles is attached.

 

In Safe mode delete the following file: D:\WINDOWS\System32\ioctrl.dll

Empty the Microsoft Antispyware Quarantine folder.

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

deleted that file and emptied that folder.


I ran Ewido Security Suite and attached log.

It seems it did the job .

I ll check back to to find out though.


(by the way....these trial scanners...should I delete them after they run out?)

 

OK, how is your computer running now?

Yes, uninstall teh trial software after we are finished.

 

sorry about not responding sooner. The computer seems to be fine now. It was running a lot faster after all those scans. Now it is slowing up again, could be because i still have all those spyware scanners running.

Is there anything else i should do? If not than thanks for all the help. I would've never gotten rid of this thing without your help.


cheers.

 

Disable System Restore, then enable system restore to fush your restore points and create a new fresh restore point.

System Restore

How to Protect yourself from malware!

You can uninstall any of the software, that you don't want, that I had you install.