I have this in my sys tray and it won't go, I've tried the following

Spybot
Ad-Aware
Counter Spy
Smitrem
Spyware doctor

All fails, keeps showing up, also messed up my whole desktop and icons etc

Ive searched Google but nothing I found removed it either.

Help pls.

This is what I did specifically to get rid of it

Print out these instructions as we will need to shutdown every window that is open later in the fix.


Download smitRem.exe and save the file to your desktop.


Double click on smitRem.exe and then click on Start. When it is done, click on the OK button. You should now have a folder called smitRem on your desktop.


Next, please reboot your computer in SafeMode by doing the following:


Restart your computer


After hearing your computer beep once during startup, but before the Windows icon appears, press F8.


Instead of Windows loading as normal, a menu should appear


Select the first option, to run Windows in Safe Mode.


When your computer has started in safe mode and you see the desktop, close all open Windows.


Open the smitRem folder on your desktop and double click the RunThis.bat file to start the tool.


Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.


When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.


Reboot your computer back to normal mode.


Click on the Start button, then click on All Programs (or Programs), and then locate the SpywareStrike folder and right-click on it. Select the option to delete that folder.


That didn't work

This is what was in the txt file it done also


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 10/01/2006
The current time is: 21:32:39.29

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

SpywareStrike


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

msvol.tlb
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 700 'explorer.exe'
Killing PID 700 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)


It says 'clean' but I still get the 'your computer is infected' msg in my taskbar.

All my icons have changed too and when I go and change them back to what they were the old icons aren't there anymore =\

http://www.infopackets.com/channels/en/windows/nicks_computer_security/2005/20051220_remove_spyaxe_removal_instructions.htm


Here is what some are using and fixing the problem. They say it is a variant of spyaxe.

Hi

Yes, Ive done all that, thats what I did to remove it but Im still getting the pop up in the sys tray which won't go.

Ok, this is getting annoying, depsite running all the so called fixes it has somehow managed to come back and despite my spyware progs keep popping up with the prob and me 'cleaning' it nothing happens it still comes back, bloody spyware bastards, looks like I have to reformat as nothing has worked for the last 4 hours.

If you are familiar with the registry you can try looking for a run command. Its possible you have a variant like was pointed out, and its executing itself on start up.

In XP check Hkey Local Machine \Software\Microsoft\Windows\CurrentVersion\Run.

HKey Current User \Software\Microsoft\Windows\CurrentVersion\Run.

You are looking for an unfamiliar program.

If you see something you are not sure what it is, you will be able to find a path to where that program is. Check it out...

If you are not sure what it is...export or copy the key to make sure you have a backup of it. Then delete it to make sure its not in the registry. Run your scans and reboot. Hopefully you can find it.



If you are not comfortable with the registry you can try running MSconfig from the runline and turn off any start up programs you are unsure of.

Good luck.

Tried all that, Ive tried everything I have found on the net to try and get rid of it but nothing does and if I think it has it then comes back

My comp is also running slower now too

I wonder if it disguised itself as a system file.

Do you get any kind of issues in safe mode?

It shows up in safe mode too

It shows up in safe mode too


Oooh, it buried itself good.

If it replaced a system exe a repair may get it. I wish I could help more but it sounds like you have done everything I would have.

So even a format might not get it?

Here is a link to symantec http://securityresponse.symantec.com/avcenter/venc/data/spywarestrike.html

You could manually remove the keys and rename the .dll's. to something you can remove later.

How do I manually remove them?

Follow the path to the keys outlined in the article and right click delete.

Just make sure you are deleting the proper key.

However, none of this will work untill you remove or rename all the files listed in the first part of the article.

You mean the

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareStrike 2.5.lnk
%UserProfile%\Desktop\SpywareStrike.lnk

Stuff?

They will be hodden files then? I just remove the folder?

And how do I get access to the registry to remove the second lot of stuff like

HKEY_CLASSES_ROOT\AppID\SpywareStrike.EXE

?

Ahh Regedt32.exe?

Ok I deleted the reg keys (Half of them weren't even there) and it hasnt done anything

This is hopeless, nothing seems to be getting rid of it

In XP check Hkey Local Machine \Software\Microsoft\Windows\CurrentVersion\Run.

HKey Current User \Software\Microsoft\Windows\CurrentVersion\Run.

You are looking for an unfamiliar program.


In the first one all I see is a folder called 'optionalcomponments'

In the second one it doesnt have anything there except a default REG_SZ file in the main window

fdisk /mbr

format c:

reinstall OS and apps.

It seems most of the registry keys that it installs arent there, all I am getting now is that annoying pop up in the sys tray I cant seem to get rid off.

I keep seeing that 'netwrap.dll' is the problem in the sys32 folder but I don't see it, nearest I have is 'netrap.dll'

It seems most of the registry keys that it installs arent there, all I am getting now is that annoying pop up in the sys tray I cant seem to get rid off.

I keep seeing that 'netwrap.dll' is the problem in the sys32 folder but I don't see it, nearest I have is 'netrap.dll'

I dont see anything that would be written to the sys32 folder.

However, unless you remove all of this :

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareStrike 2.5.lnk
%UserProfile%\Desktop\SpywareStrike.lnk
%UserProfile%\Start Menu\Programs\SpywareStrike
%UserProfile%\Start Menu\Programs\SpywareStrike\SpywareStrike 2.5 Website.lnk
%UserProfile%\Start Menu\Programs\SpywareStrike\SpywareStrike 2.5.lnk
%UserProfile%\Start Menu\Programs\SpywareStrike\Uninstall SpywareStrike 2.5.lnk
%UserProfile%\Start Menu\SpywareStrike 2.5.lnk
%ProgramFiles%\SpywareStrike\Lang\English.ini
%ProgramFiles%\SpywareStrike\Quarantine
%ProgramFiles%\SpywareStrike\SpywareStrike.exe
%ProgramFiles%\SpywareStrike\SpywareStrike.url
%ProgramFiles%\SpywareStrike\msvcp71.dll
%ProgramFiles%\SpywareStrike\msvcr71.dll
%ProgramFiles%\SpywareStrike\signatures.ref
%ProgramFiles%\SpywareStrike\uninst.exe

You are probably reinfecting yourself.

I have removed all that, their isnt a Spyware Strike folder

Is everything running good now other then the pop up in the systray? If it is just that download this little program and get rid of it. http://www.mlin.net/StartupCPL.shtml

I managed to get rid of the pop up, sure I posted that here yesterday but seems not, but yeah I deleted a .dll file someone told me to and now it seems fine, thanks

A bit late, but last time I found one of those "unremovables" I happened to find http://www.ewido.net/en/ and it did the trick (eval. version).

spywarestrike (the clone of spyaxe) mutates from time to time.
there are several dlls which are responsible for blinking ad.
here are the up-to-date removal instructions of spyware strike (http://www.2-spyware.com/remove-spywarestrike.html).

I get rid of it by first installing spysweeper, run a sweep, then install and run spyware doctor. after spyware doctor runs spysweeper pops up warning of new changes and asks to allow or deny, deny and its gone.