Spyaxe (XP AntiVirus 2011, AntiVirus 2011 etc.) Removal

Spyware is abundant and we are here to help make the removal of spyware much more painless!

Steps for removing Rogue Spyware (aka Spyaxe, Smitrem, Smitfraud, XP AntiVirus 2011, XP AntiVirus 2011, AntiVirus 2011, Antivirus 2011):

These spyware programs are suspected to have been created by the makers of the ROGUE (garbage) spyware makers. We have a number of spyware tools that will help eliminate this. The fixes here will remove many different types of the spyware.

Symptoms:

Spyaxe Symptoms:
A pop-up balloon / bubble in the system tray that looks like Microsoft's Security Center with a blinking red X. It will have a fake warning message that says "Your computer is infected! Windows has detected spyware infection."
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h

Spywarestrike Symptoms:
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe

Alfacleaner Symptoms:
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe

Winhound Symptoms:
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe

SpySheriff Symptoms:
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe

Titanshield Symptoms:
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\System32\adobepnl.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
O4 - Startup: titanshield.lnk = C:\Program Files\TitanShield Antispyware\titanshield.exe

Step 1

Backup any important data. Imaging your drive would be wise. (removing spyware and viruses MAY cause data loss!!!)
A great program for backing up your entire drive is Acronis True Image 11.0
If you haven't already completed Step 2-6, do so now.
Go to Control Panel -> Add/Remove Programs, Remove Spyaxe from the list, reboot.

Step 2 Follow the Tutorial for Webroot's Spysweeper

Step 3 Follow the Tutorial for Ad-Aware

Step 4 Follow the Tutorial for Spybot

Step 5
Follow the Tutorial for Microsoft Windows Defender

Step 6
Follow the Tutorial for Ewido Security Suite

Step 7
Run Online Virus Scanner Trend Micro then after it is finished. Reboot

Step 8
To remove the SpyAxe desktop background, you'll may need to manually remove it. Right click your desktop and go to "Properties" -> "Desktop" -> "Customize Desktop" -> "Web." You will now notice that there is a check box, with it set to display some random webpage. Click the entry (which should highlight it), and then click "delete." Hit OK and this problem should be gone. If not, continue to Step 9.

Step 9 Download ComboFix.exe and run it. It removes many different spyware infections and does it quite well.

Step 10
Download and install newest version of Firefox (a replacement for Internet Explorer). Firefox has a much better track record as far as security goes. It is updated more often and there are less attacks against Firefox. The odds of you getting spyware again after using Firefox are MUCH less likely. Which is due to Firefox not supporting ActiveX and less attacks being developed against the browser itself. Download Firefox from the link below!




Step 11
Remove any outdated virus scanner you have and only continue to Step 12 if your virus scanner is outdated. (ex.Norton, Mcafee) DO NOT install more than one virus scanner for "full-time/resident scanning." Remove any of the previously used programs you feel are unneeded, by going to "Start" -> "Control Panel" -> "Add/Remove Programs". In the list should be "Ad-Aware SE Personal," "Spybot Search & Destroy," "Microsoft AntiSpyware," "Ewido Security Suite." Microsoft Antispyware has a background component that can slow down your computer. Thus making it a good candidate to be uninstalled. Ewido Security Suite is also not a free program, so if you do not intend to purchase it, then it would be a good candidate to be uninstalled as well.

Step 12*
Get yourself a virusscanner! We recommend NOD32 if you need JUST a virus scanner and if you need a firewall AND a virusscanner we highly recommend Kaspersky. NEVER run more than one virus scanner or firewall at a time.