SpywareStrike 2.5

I stupidly contracted this piece of spyware last night and can not get rid of it.

I have follwed the pointers/instructions in one of the other threads here to get rid of Spyaxe and use smitRem.exe but it makes no difference. I used Hijack this to reomove the 02 entry and a BHO...still there.

Basically I get a pop up ballon telling me I have spyware and to install the latest software. Clicking this takes me to the spywarestricke website. I tried using a link on ht esite asking how to get rid of this...email bounced. Doesn't exsist.

If I use the unistalled for Spywarestrike (as a programme grouop is created) it goes away...until reboot and its back.

I removed every entry in the registry that had Spywarestrike in it..no difference. I have run AVG, Adaware, spybot, Panda online, Trend Micro. All under safe mode...and it still appeared.

I found another tool called Antipuper.exe...nope didn't work.

I have now created another profile as it seems to only be my profile that has the problem ( 2 others are unaffected)

Any help to get rid of this pain would be greatfully appreciated as having a new profile is ok...but I have to set up a lot of shorcuts and software and its a pain.

Thanks

 

Pondlife: Found this link on another BBS for removal of Spywarestrike. Don't know how effective it is.

http://www.2-spyware.com/remove-spywarestrike.html

Good luck and post back how you make out.

 

You should turn off system restore (start>rt-click my computer> properties> system restore tab> check turn off) and then delete the pest; then reboot and turn on system restore if everything's OK.

 

Hi,

Sysytem restore is off and was when I tried all the above removals.

I downloaded that file, ran it...its only an evaluation copy and won't finx anything unless you buy it. it slso didn't find the sywarestrike.

I did follow the manual removal instructions though....then logged on the infected account...and hey presto...no difference! The spywarestrike icons on the desktop, entries back in the registry and the annoying pop up

Any more ideas please??

 

pondlife
I found this. Might see if it works...
http://www.sysinternals.com/Forum/forum_posts.asp?TID=2412&KW=Spywarestrike
Geri

 

Hi, well after another 3 hours I finally seem to have removed it. That link didn't help as that file wasn't found. I have no idea to be honest what i did to solve it as I was removing all sorts of files from the registry.

One thing i did use was the spywarestrike itself. it said it had found certain files....so I removed them manually (spy sheriff for example) from the locations that it found.

I started the pc in safe mode, removed these files, removed any temp files from the profile that was infected, removed any thing with spyware in in from the registry. Ran spybot, adaware and xoft spy and they did find a few items but still not the one I was after.

Ran AVG on the windows folder and the documents and settings and nothing was found.

Ran Hijackthis as well and it was all ok too.

The pop up has now gone but I can't install Microsoftantispyware under that profile as it says it cant register it in the registry and various dlls files won't register. I can install it under any other profile though?? Not really important though.

I have also now downloaded 33 windows update files and for th etim ebeing its all ok.

Was just a real shame none of those fixes or programmes worked for me The scanners didn't even find any related files to this issue and the fixes didn't work either. I think their might have been a trojan somewhere reinstigating the blighter but as I say it all seems ok now. Thanks for all your help

 

spywarestrike removal

Hi guys
Just been got by that spywarestrike lot.
Found a load of files that needed deleted and made a list:-

Start up in Safe Mode and delete all of the following.
NVCTRL.EXE
MSSEARCH.EXE
MSCORNET.EXE
NETWRAP.DLL
SA4.EXE
and all .TMP files
(you shouldnt need these, but if in doubt start with the HPxxxx.TMP ones)

Next, run regedit and delete any referances to these files (except the tmp ones)
Simply search and hit delete when it finds one.
Remember to go back up and click the "Host computer" when changing files to search for or you wont search everything!
One thing to look at is at some point (nvctrl and netwrap) you will find the explorer/run folder, take a look at what else is runing when explorer starts up, may tell you if you have anything else funny going on.
You can also at this point search for spy references (spywarestrike is in there lots) and delete all of them.
Lastly delet programfiles spywarestrike folder and all the anoying icons!

Right, now re-boot!
and run Hijack this to get rid of the BHO settings for your homepage or you'll have it all back again when you run IE.
It may be a good idea to put http://*.spywarestrike.com in your restricted sites in windows firewall?

I know its a long text, but I found all this by running sysinternals.com's procexp, (great little tool) and listing every process, then googling every process and dll installed in the the last 10 days ! OUCH.

IT'S TAKEN ME DAYS !

 

Spywarestrike removal guide here:

How To Remove SpywareStrike And Netwrap.dll

 

SpywareStrike - What a SOB

I have just joined today. Just found the site to try and rid myself of spywarestrike.

I am a total beginner (53 yrs old late starter)and only just know how to turn the computer on/off.

Thanks to your help I have just managed to rid of the NETWRAP.DLL USING POCKET KILLBOX. the first version didn't work but i got one that did from www.short-media.com. This has sorted the pop up and the spywarestrike globe but the icon is still there at the bottom of the screen. But i cannot find the rest. I need the exact location to type. I have tried all the permutations. Any ideas.

 

Hi sparrow,

Not a good idea to do that before knowing that the cure isn't worse than the disease. Quoting myself from this thread: http://www.windowsbbs.com/newreply.php?do=newreply&p=264591

OT: If you read this soon can you take a look at this thread http://www.windowsbbs.com/showthread.php?t=50724 you're the maven on this stuff.

Regards - Charles

 

I fully agree with charlesvar about not deleting RPs before cleanup.

I learned that lesson WAY BACK in Win98. I deleted the RPs and then messed up when cleaning the Registry. Results were a re-install of 98.

But once you do get things cleaned up and find all to be OK, then shut down and restart System Restore so that it reflects the system as it is not as it was. I have failed to do that in XP and paid dearly for it. Cleaning up once was enough but the 2nd time was worse.

Having the RPs and System Restore is very nice. But if not handled properly they can both cause a lot of un-need work.

I myself have just this AM shutdown and restarted SR. I did that because I am having problems with a couple of programs. One of which I THOUGHT had been un-installed. I am betting ( heavily ) on the fact that it was in an older RP that I restored a couple of days ago.

Yes. As charlesvar says. The cure can be worse. Especially if we delete a files that may be used by more than one program.

BillyBob

 

One EXCELLENT feature of System Restore is the fact that we manually make them ( which I usually do anyway ) and name them.

ie:
Before Doing this or that. And then After doing this or that.

I find that naming them helps tremendously in the future if needed.

BillyBob