Ok, basically it's a Trojan that causes one of those annoying fucking pop-up bubbles from the area down where your time is on the task bar telling you that your machine is infected, and you have to go buy SpyAxe to fix it. The fucking bubble won't go away. There's no way to get rid of it that I can find.

Has anyone encountered this fucking ass cunt of a program and have a suggestion on how to get rid of it? I'm about to reformat the hard drive I'm so pissed.

I found this....

http://www.bleepingcomputer.com/forums/topic36868.html

smitrem.exe is here http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

Removal Instructions:

Print out these instructions as we will need to shutdown every window that is open later in the fix.
Download smitRem.exe (http://noahdfear.geekstogo.com/click%20counter/click.php?id=1) and save the file to your desktop (http://www.bleepingcomputer.com/forums/topic36868.html#).
Double click on smitRem.exe and then click on Start. When it is done, click on the OK button. You should now have a folder called smitRem on your desktop.
Next, please reboot your computer in SafeMode (http://www.bleepingcomputer.com/forums/tut61.html) by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows (http://www.bleepingcomputer.com/forums/topic36868.html#) icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
When your computer has started in safe mode and you see the desktop, close all open Windows.
Open the smitRem folder on your desktop and double click the RunThis.bat file to start the tool.
Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.
When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.
Reboot your computer back to normal mode.
Your computer should now be free of the SpyAxe infection.


If that doesn't work, you could get tweakui for xp which will disable those popup bubbles.

http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

Yeah, the whole SmitRem -> Ewido -> Adaware fix isn't working. I found that too, but apparently that only fixes it if you've already gotten SpyAxe.

Think of SpyAxe as AIDs, and this marketing Trojan is like HIV. I need something to fix the HIV, not the AIDs.

I'm giving that Tweakui a shot, though, thanks for the suggestion.

have you tried Trend Housecall?

have you tried Trend Housecall?

Not only have I not tried it, but I've never heard of it. :action-sm

Spybot Search and Destroy fixed it, but as per usual it deleted a shit ton more than just Spyware, so I have to go update a few drivers, but fuck it. It's fixed without a complete Windows re-load, so I'm happy about that.

Edit: Apparently this is a truly sadistic virus. It actually waits until you post on a message board how you fixed it, then as soon as you hit submit, it starts up again.

Fuck this program in it's stupid ass.

Damn, you got lucky. I had one of those a few months ago. Had to wipe the drive and start all over again.

It's pretty good shit, free online scanning service and removal. I'm also loving my free-for-personal-use AVG: http://www.grisoft.com/doc/1

Damn, you got lucky. I had one of those a few months ago. Had to wipe the drive and start all over again.

It's back. :icon_mad:

SpyAxe is an anti-spyware application sometimes installed without a user’s knowledge or consent. A trojan already installed on a user’s computer may show a fraudulent warning that the user may be infected. When the user clicks the message, the trojan will download and silently install SpyAxe. After installation, SpyAxe will detect the trojan that installed it, but without any details. The user will not be allowed to attempt cleaning of the trojan until paying for SpyAxe.

splay of alerts warning of spyware and prompts for user to download anti-spyware software. These alerts are constructed so as to appear to be coming from the operating system (Windows Update, official system errors, etc.).

If the user clicks on these alerts, the Trojan opens a browser window to download and install Adware-Spyaxe from http://www.spyaxe.com/

The Trojan also attempts to silently download and install Adware-Spyaxe without user intervention. Therefore another symptom may be sudden appearance of the software on the system, without being explicitly installed by the user.

Don't click on that pop-up again.

Go here and delete the infected files and registry entries located near the bottom of the page. (http://vil.mcafeesecurity.com/vil/content/v_137422.htm)

This is how it is spread (http://vil.nai.com/vil/content/v_137512.htm)

Apparently, you have a trojan file that you opened...

Washington Post (http://www.washingtonpost.com/wp-dyn/content/article/2005/12/29/AR2005122901456.html)

Stop using Internet Explorer, AOL's browser, etc.

Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.

At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.

Rebuild your machine.

Boy do I love Firefox.

I just spent the last two nights fighting a goddamn malware/spyware thing..."istbar", but here's how I fixed it:

AVG kept detecting viruses and deleting them, but something kept copying them over.

Go into IE and Firefox temp internet files, delete them, shit still came back.

Run AdAware/Spybot/AVG back to back to back in safemode....they all found stuff but when I rebooted the shit came back.

I ended up going to get SpySweeper and paying 30 bucks for it for a year, damn thing wont clean files unless you pay.

It worked though. Now hopefully I wont have to worry about this shit for a year (length of the subscription).

No this isnt an ad for SpySweeper. I've worked DSL/Internet tech support for years, and 100 percent of the time Adaware/SpyBot/AVG Antivirus has cleaned the very rare things I've caught up until this week. (Yes I use firefox) (I have a teenage son who likes to surf late at nite, its how I caught it. Fucker owes me 30 bucks). This shit my PC caught was NASTY - it wasnt even giving me popups, but at one point I had 40 IEXPLORE.EXE processes loaded, even though there were no browser windows open.

Sucks that I had to pay, but it worked.

Be careful where you surf. Don't click on any prompts to install anything. Don't click on links in IM (AOL messenger ESPECIALLY. Matter of fact, stay away from that new AOL TRITON) unless you know the person well.

well i got spyaxe this morning browsing porn and finally got it out a lil while ago. smitrem worked well and i followed up with adaware and spybot; then running smitrem again. secretmaker helped also- keeping spyaxe from connecting to their site.

pandasoftware is also recommended, just to be sure.

Really, you guys should learn how to kill processes.

Really, you guys should learn how to kill processes.

kill.exe from 2k is your friend. Even though it doesn't come with XP, it will still work if you can find the file online.

Microsoft Antispyware beta doesn't really do a good job of finding common spyware but I have had luck on several computers with spyware that no other software could eliminate. Try that.

Really, you guys should learn how to kill processes.


Any tutorials or links would be appreciated. Thanks! :action-sm

Every program running on your computer can be called a process. When you get a virus that runs after start-up, and afterwards you can sometimes see it when you do CTRL-ALT-DELETE for XP(for other win OSs, it could be hidden from you). If you want to delete the file that is running the virus, you can't because windows won't normally allow you to delete a file of a running process. Therefore, you need to end the process(kill it) before you can delete the file.

Doing CTRL-ALT-DELETE will list the processes but it will give only ownership and memory usage data which doesn't tell you much about it for XP & 2000/3(for other win OS, it is a subseted list). Therefore you either have to go through each process and google it(which is a problem if IE has been compromised;USE FF/NS or Opera!) or have a program that can list the running processes with the corresponding files.

I particularly like Process Viewer (http://www.prcview.com/) but Spybot: Search & Destroy can do it as well.

There are massive exceptions to the above, but knowing this bit will solve some of your problems if you do find an infected computer: Like a virus attaching itself to an essential or important file of the OS, viruses in CDs/Floppys that affect the computer durring boot, imbedded in the filesystem, worms, trojans that poke holes in security, etc.

Every program running on your computer can be called a process. When you get a virus that runs after start-up, and afterwards you can sometimes see it when you do CTRL-ALT-DELETE for XP(for other win OSs, it could be hidden from you). If you want to delete the file that is running the virus, you can't because windows won't normally allow you to delete a file of a running process. Therefore, you need to end the process(kill it) before you can delete the file.

Doing CTRL-ALT-DELETE will list the processes but it will give only ownership and memory usage data which doesn't tell you much about it for XP & 2000/3(for other win OS, it is a subseted list). Therefore you either have to go through each process and google it(which is a problem if IE has been compromised;USE FF/NS or Opera!) or have a program that can list the running processes with the corresponding files.

I particularly like Process Viewer (http://www.prcview.com/) but Spybot: Search & Destroy can do it as well.

There are massive exceptions to the above, but knowing this bit will solve some of your problems if you do find an infected computer: Like a virus attaching itself to an essential or important file of the OS, viruses in CDs/Floppys that affect the computer durring boot, imbedded in the filesystem, worms, trojans that poke holes in security, etc.


SOS, thanks much. So far I look clean but, I have noted this for future ref.

Every program running on your computer can be called a process. When you get a virus that runs after start-up, and afterwards you can sometimes see it when you do CTRL-ALT-DELETE for XP(for other win OSs, it could be hidden from you). If you want to delete the file that is running the virus, you can't because windows won't normally allow you to delete a file of a running process. Therefore, you need to end the process(kill it) before you can delete the file.

Doing CTRL-ALT-DELETE will list the processes but it will give only ownership and memory usage data which doesn't tell you much about it for XP & 2000/3(for other win OS, it is a subseted list). Therefore you either have to go through each process and google it(which is a problem if IE has been compromised;USE FF/NS or Opera!) or have a program that can list the running processes with the corresponding files.

I particularly like Process Viewer (http://www.prcview.com/) but Spybot: Search & Destroy can do it as well.

There are massive exceptions to the above, but knowing this bit will solve some of your problems if you do find an infected computer: Like a virus attaching itself to an essential or important file of the OS, viruses in CDs/Floppys that affect the computer durring boot, imbedded in the filesystem, worms, trojans that poke holes in security, etc.

A lot of the times you will not be able to kill the process there, that is why kill.exe can also be useful.