Re: Lavasoft Rapid Response to SpyAxe

Forums » Up and Running » Security » Security » Lavasoft Rapid Response to SpyAxe


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

HJT Log - homepage redirect and popup »
« How do I get infected?

siggyx Siggy Premium join:2003-12-10 Cambridge	Re: Lavasoft Rapid Response to SpyAxe I agree with Corrine, If it wasn't for noahdfear's smitRem© fix we would be heavily bogged down at TC with unresolved logs. As it is we are seeing more and more everyday. -- 90% of sports is mental, the other half is physical
	permalink · 2005-12-14 01:22:29 ·

Profixer

join:2005-07-01

Re: Lavasoft Rapid Response to SpyAxe

From what we can see... it is a possibility that a huge number of SpyAxe variants were pre-built before the whole mess started, and this has resulted in an huge amount of them out in the wild from day one.... we have received 9 more variants in the past 2 days and are adding these to detection.... it seems there may be on average 5 new variants a week... this IS a serious issue, which we are working hard to get it resolved.

permalink · 2005-12-14 07:53:55 ·

CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL

Re: Lavasoft Rapid Response to SpyAxe

Thanks for the feedback LS SteveJ. I'm glad to hear Adaware continues to work on detection and removal for the new variants. We have certainly noticed an increase in cries for help here.

Meanwhile, the SmitRem tool by Noadfear can help and has been updated to include SpyAxe. New FAQ added last night to give some steps on removing SpyAxe and other Smitfraud variants:
»Security »Zlob/Smitfraud Removal
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)

permalink · 2005-12-14 08:10:14 · Print ·

Profixer join:2005-07-01	Re: Lavasoft Rapid Response to SpyAxe No problem Calamity!... Its peeing us off just as much as our users, and the community, I promise you.... there is a ton of downloaders out there, installing new variants on a daily basis... and we are trying our best to get both the downloaders, and the variants they are spitting out.... I will keep you posted
	permalink · 2005-12-14 09:22:48 ·

CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL

Re: Lavasoft Rapid Response to SpyAxe

said by Profixer

:

I will keep you posted

Thank you for your efforts! Appreciate it

Was wondering why we're seeing so many new victims of this. Any idea what exploit they are using (or other method of install) so we can warn folks how to prevent it?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)

permalink · 2005-12-14 09:27:40 · Print ·

Profixer

join:2005-07-01

Re: Lavasoft Rapid Response to SpyAxe

There are alot being installed by variants of Trojan.Downloader.Zlob.. people should keep there eye out for svchosts.dll / svchost.dll especially... the method of choice for SpyAxe install is a fraudlent Windows Update icon in the tray, popping a bubble saying "Your computer is infected with spyware, click here to install the latest anti-spyware"... or something of that nature....

permalink · 2005-12-14 16:26:40 ·

CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	Re: Lavasoft Rapid Response to SpyAxe Thanks again, Steve. Keep us posted on any developments!
	permalink · 2005-12-14 16:50:33 ·

your comment..

Forums » Up and Running » Security » Security	HJT Log - homepage redirect and popup » « How do I get infected?


Sunday, 06-Dec 12:08:49	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF