SpyAxe won't go away!

Hi everyone, trying to get rid of SpyAxe from my system. Popped up yesterday morning and spent the past couple days trying to get rid of it. Tried Different Antispyware software, Microsoft and Spyware Dr. DIdn't work, so found this website. Followed everything (hopefully) on the Readme First article. Tried the Special Removal procedures Also and nogo. Looks like everything else was cleaned up minus this SpyAxe thing. Lets see, the last part of the special removal says post Smitfiles.txt and PandaActiveScan log. So hopefully this work. Much appreciate the help !

Mike

 

Please see the below thread, then attach a current HJT log.
http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

Here it goes!

 

Download LSP-Fix

After download is complete, Run LSP-Fix

Check the Box labeled "I know what I'm doing" and then click on the bmi_lsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move bmi_lsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

(Note: If the file bmi_lsp.dll is already in the remove section, then just click FINISH.)


After you complete the above, please see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

Thanks for the quick replies! Followed directions above, but I still have that annoying popup in the lwr corner, spyaxe still showing up on my programs list, and the shortcuts on the desktop. It just doesn't want to go away!

 

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

Woo Hoo, so far so good! thanks for the help, hopefully it stays this way

 

Please attach the Ewido log along with a fresh HJT log.

 

Roger That

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Spy Sweeper

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm824YYUS

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above, reboot and let me know how things are running.

 

Ok,

Things seem to be runnign ok, though Ad-aware found Spyaxe and removed it again. Spybot found 2 things, removed one, but wouldn't remove the other. Hopefully this attached file works! The failed fix is the first line.


Hooah!

Mike

 

Please download DelDomains and unzip it to your desktop. Do not run it yet.

• Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

After you complete the above, you will need to "Immunize" again in Spybot.

 

Roger that, mission accomplished.

Does this mean I'm GTG now?

 

If you have re-immunized and things are running good you are

You should see this article on How to Protect yourself from malware!

Surf Safely!