spyaxe removal instructions

[hatefilter]

I tried to put it all in very simplistic terms for people that aren't that computer savvy to understand. It was quite a challenge for me to say the least. If I forgot something please let me know
Start your computer and push "F8" vigorously till you come to a black screen. At the top of the black screen you'll see "Safe mode", using your arrows scroll up, highlight it and hit "enter". This will take you to a screen that will allow you to access your desktop. Wait till your desktop appears. Go to start menu...then click "search"...then click "files and folders in C Drive"...then search for "ioctrl.dll"...right click on "ioctrl.dll" and at the bottom you'll see "rename"...rename it to "ioctrl.old"...then restart your computer in normal mode and it shouldn't show up in the icon tray. Using the same process to search for a file as I stated above from the start menu, find the file "ioctrl.old"...right click it and hit delete...it should take a short trip to your recycle bin...now delete it from there also...nice huh...it works Now go find the file from response #43 and delete it also. It would also probably be a good idea to delete anything in "System32" that has shown up there since the whole problem started...all this really isn't that diffucult...GOOD LUCK!!

PS >> Instead of the file "ioctrl.dll", you might find "svchosts.dll", just rename the "dll" part to "old" it should work for either one.

Paul

This is a post I found that worked great for me and everyone else on the forum I found it on.

[guestolo]

That's not a very good method
There are many other files related to Spyaxe
Not only will octrl.dll be present, but other files that can cause a reinfection

Also, a user may still have problems with their desktop
and be locked out of their display options

There are tools to remove this bad guy that work best, this makes sure we get everything and not just one bad file in the whole bunch

That's why I like to see a Hijackthis log
Fixed Spyaxe many times with great results!

It would also probably be a good idea to delete anything in "System32" that has shown up there since the whole problem started

Having a user going in blind deleting files there not sure if they need or not is not good advice
It's okay if you know what your looking for, but not for a beginner

[spy_war]

check this spyaxe removal guide

[guestolo]

I see many users looking this thread over
Many won't post a Hijackthis log

Please, if you are not going to post a log
Can you follow these steps instead of just using the link that spy_war suggested
This should and probably will get your machine much cleaner

==Download and Install this small program
Windows Cleanup! 4.0
Don't run this yet, we'll need it in a bit

Download SmitRem.exe by Noahdfear and save the file to your desktop.
Noahdfear is the developer of SmitRem.exe, which includes SpyAxe removal
Don't run it yet

==For Windows 2000 and XP users
Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

For All users
Download and Install Ad-Aware SE Personal 1.06
Ensure you have this latest version
Open Ad-Aware, Click the  check for updates now link and Connect to download the latest updates
Don't run a scan yet

Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
If the system restarts back to Normal mode you will have to do it again

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish. Remain in safe mode

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Open Ad-Aware 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back into Normal mode

You will have to reset your background in Display properties
 Note: XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

If you still have any problems
Start your own topic and supply a Hijackthis 1.99.1 log
May be asked to supply the Ewido log also, let us know if you ran it and saved the report