SpyAxe
Online Advertising
SpyAxe
SpyFalcon | SpywareStrike
SpyAxe is a new (as of December 2005) malware that is infecting
unsuspecting computers by actually pretending to be an antispyware
application. It is typified by an icon in the system tray that has a
constant popup saying the computer has been infected. If the user clicks
on the popup, the web browser will ultimately be directed to the SpyAxe
homepage, with an invitation to sign up for their service. Credit card
payments go through something call "psbill", which appears to be based
in Russia.
There are several variants of this
spyware.
It is hard to remove because often it includes a
rootkit. In early 2006 SpyAxe was rebranded or cloned to SpywareStrike.
It also goes under the guise of "SpySheriff". It may
attempt to change the computer's wallpaper/desktop and permanently
change
Internet Explorer's homepage, even though a different one has been
selected in "Tools - Internet Options - Home Page." This is done via
group policy.
Amongst others, SpyAxe installs the following:
Processes
- mscornet.exe
- mssearchnet.exe
- nvctrl.exe
- spyaxe.exe (multiple instances)
DLLs
- ioctrl.dll
- svchosts.dll
- webconm.dll
- wbeconm.dll
Directories
- C:\Program Files\SpyAxe
- C:\Windows\System\1024
- C:\Windows\System32\1024
- C:\Winnt\System32\1024
External links
Home | Up | Keystroke logging | AntiVirus Gold | Bonzi Buddy | C2.LOP | CoolWebSearch | HuntBar | Internet Optimizer | PSGuard | SpyAxe | SpyTrooper | WorldAntiSpy | XXXDial | Zango Messenger | Phone Home | Claria Corporation | Cydoor | New.net
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|