Viper Alley - Dodge Viper Forum - View Single Post

**Whitebeard** · February 9th, 2006, 12:09 PM

his application is adware. Adware is not normally a threat, but is usually considered a nuisance. It might have been installed by another application. It can pop up advertisements even if you have a popup blocker on your computer. It can monitor your computer usage to generate ads that you are more likely to respond to. Adware can consume processing power and network bandwidth, thus slowing down your computer and interrupting your workflow.

WARNING: The following fixes were recommended by readers and I have not tested them. This information is provided on an "as-is" basis only, and I make no guarantees. Anytime you manually alter system settings, you run the risk of damaging your operating system and rendering your computer inoperable.

Please note that SpywareStrike is closely related to SpyAxe, and when SpyAxe is manually deleted a new trojan is installed. It is quite possible that SpywareStrike does the same, so following this procedure may expose you to other malware.

Method #1

This was the first removal method we discovered, but it will probably not work with the latest version of Spyware Strike. Even with the first version, some readers report that the flashing red alerts remain running with this technique.

1. Search and delete all references to "SpywareStrike" in registry. Note that you’ll find a reference to a file called "C:\Documents and Settings\\Local Settings\Temp\~nsf.temp\Au__.exe" or something similar.
2. Delete the file referenced above
3. Go to c:\program files\spyware strike and run the uninstall utility
4. go to task manager and kill the process spywarestrike.exe
5. Delete c:\program files\spyware strike
6. edit c:\windows\system32\drivers\etc\hosts to add the line "127.0.0.1 spywarestrike.com" (this will prevent the piece that I could not get rid of from automatically downloading the software again and again)

Thanks to Jason Burroughs for this fix.

Method #2

A simpler solution, but more likely to leave behind hidden trojans, etc. This method is highly unlikely to work with the latest versions.

1. Boot computer into safe mode.
2. Uninstall SpywareStrike using the SpywareStrike uninstall utility.
3. Delete the file netwrap.dll from the \windows\system32 directory.

Method #3

If SpywareStrike reappears after trying the previous methods...

1. Boot computer into safe mode.
2. Delete the file mssearchnet.exe from the \windows\system32 directory.

Method #4

Another method that has worked for some readers but not others is to use a combination of tools:

1. Download SmitRem at www.downloads.subratam.org/smitRem.exe

2. Reboot into safe mode and run SmitRem. Check "Delete at Reboot".

3. Immediately run a full scan with your favorite spyware remover to remove incidental trojans and dialers that may have been installed.

Method #5: New Versions of Spyware Strike (updated Jan 30, 2006)

Two new versions of Spyware Strike are on the loose, and the above instructions aren't working for a lot of people. There are some other things to try, but I should warn you that these instructions are *not* for the faint-of-heart. If you don't know what you are doing, then you should definitely just wait for the next update of Aluria Antispyware or Spy Doctor, as both tools seem to be doing a decent job of keeping up with the new releases.

As you can probably tell from the instructions below, the latest version is infinitely more sophisticated than the prior ones. Spyware Strike may be the CoolWebSearch of 2006.

1. Look for new WAN network adapters named IIRC. These were installed by SpywareStrike and are probably how it manages to tunnel through any firewall software.

2. Backup and then remove the following files in the infected user's documents and settings folder:

\UserData\8R4F2NQZ with file oWindowsUpdate[1].xml
\UserData\AH0N2NIN with file oWindowsUpdate[1].xml
\UserData\O1UTE7EV no files
\UserData\OBY9QTQ1 no files

3. Delete registry entry: HKEY_USERS\S-1-5-21-175XXXXXXX-XXXXXX_Classes\Software\Windows\CurrentVersio
n\Deployment\SideBySide\2.0 (and sub-entries)

4. Rename the normal user account, reboot, and then rename it back to the original name.

This has been reported to successfully disable those stubborn alert windows.

February 9th, 2006, 12:09 PM	#3
Whitebeard HAVE SCUBA WILL TRAVEL Whitebeard is offline Join Date: May 2003 Posts: 14,628 Rep Power: 28	his application is adware. Adware is not normally a threat, but is usually considered a nuisance. It might have been installed by another application. It can pop up advertisements even if you have a popup blocker on your computer. It can monitor your computer usage to generate ads that you are more likely to respond to. Adware can consume processing power and network bandwidth, thus slowing down your computer and interrupting your workflow. WARNING: The following fixes were recommended by readers and I have not tested them. This information is provided on an "as-is" basis only, and I make no guarantees. Anytime you manually alter system settings, you run the risk of damaging your operating system and rendering your computer inoperable. Please note that SpywareStrike is closely related to SpyAxe, and when SpyAxe is manually deleted a new trojan is installed. It is quite possible that SpywareStrike does the same, so following this procedure may expose you to other malware. Method #1 This was the first removal method we discovered, but it will probably not work with the latest version of Spyware Strike. Even with the first version, some readers report that the flashing red alerts remain running with this technique. 1. Search and delete all references to "SpywareStrike" in registry. Note that you’ll find a reference to a file called "C:\Documents and Settings\\Local Settings\Temp\~nsf.temp\Au__.exe" or something similar. 2. Delete the file referenced above 3. Go to c:\program files\spyware strike and run the uninstall utility 4. go to task manager and kill the process spywarestrike.exe 5. Delete c:\program files\spyware strike 6. edit c:\windows\system32\drivers\etc\hosts to add the line "127.0.0.1 spywarestrike.com" (this will prevent the piece that I could not get rid of from automatically downloading the software again and again) Thanks to Jason Burroughs for this fix. Method #2 A simpler solution, but more likely to leave behind hidden trojans, etc. This method is highly unlikely to work with the latest versions. 1. Boot computer into safe mode. 2. Uninstall SpywareStrike using the SpywareStrike uninstall utility. 3. Delete the file netwrap.dll from the \windows\system32 directory. Method #3 If SpywareStrike reappears after trying the previous methods... 1. Boot computer into safe mode. 2. Delete the file mssearchnet.exe from the \windows\system32 directory. Method #4 Another method that has worked for some readers but not others is to use a combination of tools: 1. Download SmitRem at www.downloads.subratam.org/smitRem.exe 2. Reboot into safe mode and run SmitRem. Check "Delete at Reboot". 3. Immediately run a full scan with your favorite spyware remover to remove incidental trojans and dialers that may have been installed. Method #5: New Versions of Spyware Strike (updated Jan 30, 2006) Two new versions of Spyware Strike are on the loose, and the above instructions aren't working for a lot of people. There are some other things to try, but I should warn you that these instructions are not for the faint-of-heart. If you don't know what you are doing, then you should definitely just wait for the next update of Aluria Antispyware or Spy Doctor, as both tools seem to be doing a decent job of keeping up with the new releases. As you can probably tell from the instructions below, the latest version is infinitely more sophisticated than the prior ones. Spyware Strike may be the CoolWebSearch of 2006. 1. Look for new WAN network adapters named IIRC. These were installed by SpywareStrike and are probably how it manages to tunnel through any firewall software. 2. Backup and then remove the following files in the infected user's documents and settings folder: \UserData\8R4F2NQZ with file oWindowsUpdate[1].xml \UserData\AH0N2NIN with file oWindowsUpdate[1].xml \UserData\O1UTE7EV no files \UserData\OBY9QTQ1 no files 3. Delete registry entry: HKEY_USERS\S-1-5-21-175XXXXXXX-XXXXXX_Classes\Software\Windows\CurrentVersio n\Deployment\SideBySide\2.0 (and sub-entries) 4. Rename the normal user account, reboot, and then rename it back to the original name. This has been reported to successfully disable those stubborn alert windows. __________________ taxes are just another word for beer money - they take our beer money which translates directly to taking our beer