Problem removing spyquake

Discussion in 'Malware Help (A Specialist Will Reply)' started by urshkin, Apr 15, 2006.

  1. urshkin

    urshkin Private E-2

    I am new to this and have printed out the directions to remove spyquake. I have already uninstalled spyquake from add/remove programs before getting the instructions. But I still have their POP up that I cant get rid of. But my problem is when I start up in safe mode all the files I need that I have saved to my desktop according to directions dont show up on my desktop in safemode. Most of the icons on my desktop arent showing up. Can anyone help?
     
    urshkin, Apr 15, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    You must make sure that you are saving the files to the Desktop of same use account name that you will be using in safe mode or they will not show. You could just save them to c:\ and use Windows Explorer to find the file in safe mode from any user account.
     
    chaslang, Apr 15, 2006
    #2
  3. urshkin

    urshkin Private E-2

    That was my problem thanks. But I went through the whole process and couldnt find any of the files mentioned for deletion. And I still have their POP up on my task bar. I have attached the smitfiles.txt file. Hope this helps and thanks again.
     

    Attached Files:

    urshkin, Apr 15, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you using a USB mouse? If so, what brand? I think you may have a new form of the SmitFraud family infections. I suspect the below to be bad but we need to be sure:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}"="USB Mouse Driver"

    [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}\InProcServer32]
    @="C:\WINDOWS\system32\suprox.dll"
     
    chaslang, Apr 15, 2006
    #4
  5. urshkin

    urshkin Private E-2

    I am not real computer savy. So I hope I am giving you the right information. The mouse is a microsoft, wheel mouse optical USB and PS/2 compatible. Is this what you are looking for?
     
    urshkin, Apr 15, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes that is what I was looking for but I'm sure this is a new form of the malware.

    Run the new procedure I posted in message number 4 in the below thread:

    http://forums.majorgeeks.com/showthread.php?t=90045

    Then attach your new HJT log and new smitfiles.txt log and tell me how things look now.
     
    Last edited: Apr 16, 2006
    chaslang, Apr 16, 2006
    #6
  7. urshkin

    urshkin Private E-2

    I followed the directions I received by email. That was to find the file named suprox.dll and rename it to suprox.ddd. This worked the malware pop up is gone and my mouse still works. Thanks for everything.
     
    urshkin, Apr 16, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. I have already added these to the SpywareQuake Removal procedure so that anyone else hit with this newer form will not have a problem.

    Now delete the suprox.ddd file since we know it is bad!

    If you are not having any other malware problems, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Apr 16, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds