[转载]How to remove SpywareQuake
<P>信息来源:<A href="http://www.snpx.com">www.snpx.com</A></P><H2 id=post-244><A title="Permanent Link to How to remove SpywareQuake" href="http://www.myantispyware.com/2006/03/26/how-to-remove-spywarequake/" rel=bookmark>How to remove SpywareQuake</A></H2>
<P><A href="http://www.myantispyware.com/2006/03/25/new-rogue-anti-spyware-spyware-quake/">SpywareQuake</A> is a <A href="http://www.myantispyware.com/categories/rogue-anti-spyware/">rogue anti-spyware</A> program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. The program is generally installed by a Trojan that automatically downloads and installs the program. More info <A href="http://www.myantispyware.com/2006/03/25/new-rogue-anti-spyware-spyware-quake/">here</A>.<BR>If you are infected with this program you will receive warnings in your task bar stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the commercial version of SpywareQuake. These warnings are fake and are a goad to have you buy the commercial version of this software. </P>
<P><STRONG>SpywareQuake Fake alert.</STRONG></P>
<BLOCKQUOTE>
<P><STRONG>Your computer is infected!</STRONG><BR>Critical System Error!<BR>System detected virus<BR>activities. They may cause<BR>critical system failure. Please,<BR>use antimalware software to<BR>clean and protect your system<BR>from parasite programs.<BR>Click here to get all available<BR>sofware.</P></BLOCKQUOTE>
<P>You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.</P>
<P>Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: SpywareQuake</P>
<P>Download <A href="http://www.myantispyware.com/2005/12/17/smitrem-remover-for-trojan-spyhtmlsmitfraudc-malware-infection-and-it%e2%80%99s-variants-antivirusgold-psguard-spyware-remover-spysheriff-spy-trooper-spyaxe-and-security-toolbar/">smitRem </A>and save the file to your desktop.<BR>Double click on the file to extract it to it’s own folder on the desktop.</P>
<P><STRONG>NOTE:</STRONG></P>
<BLOCKQUOTE>
<P>Currently smitRem alone will not remove this infection. We are including it in this fix because SpywareQuake has been seen to install with other portions of the Smitfraud infection.</P></BLOCKQUOTE>
<P>Download <A href="http://www.myantispyware.com/2005/12/05/hijackthis-your-first-tool-for-remove-homepage-hijackers/">HijackThis</A> and save the file to your desktop.<BR>Double click on the file to extract it to it’s own folder on the desktop.</P>
<P>Next, Download, install, and update the free version of <A href="http://www.myantispyware.com/2005/11/27/ewido-security-suite-35-complement-your-existing-protection-system-today/">Ewido security suite</A>:</P>
<P>1. When installing, under “Additional Options” uncheck “Install background guard” and “Install scan via context menu”.<BR>2. Run Ewido.<BR>3. From the main ewido screen, click on update in the left menu, then click the Start update button.<BR>4. After the update finishes (the status bar at the bottom will display “Update successful”)<BR>5. Exit Ewido. DO NOT scan yet.</P>
<P>If you do not already have <A href="http://www.myantispyware.com/2005/11/12/ad-aware-personal-edition/">Ad-Aware SE</A> installed, follow these <A href="http://www.myantispyware.com/2005/11/12/ad-aware-personal-edition/">download and setup instructions</A>. Also check for updates.</P>
<P>Again, do NOT run a scan yet.</P>
<P>Next, please reboot your computer in Safe Mode by doing the following:</P>
<P>1. Restart your computer<BR>2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.<BR>3. Instead of Windows loading as normal, a menu should appear<BR>4. Select the first option, to run Windows in Safe Mode.</P>
<P>Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):</P>
<P><STRONG><BR>O2 - BHO … C:\Windows\SYSTEM32\hp*.tmp (the name changes)<BR>O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h</STRONG></P>
<P>Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.</P>
<P>Using Windows Explorer, locate and delete the following file:<BR><STRONG>C:\Windows\System32\stickrep.dll<BR>C:\Windows\System32\mssearchnet.exe<BR>C:\Program Files\SpywareQuake\ </STRONG></P>
<P>Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again — this is normal.<BR>Wait for the tool to complete and Disk Cleanup to finish — this may take a while; please be patient.</P>
<P>Next, run Ad-aware and perform a full scan. Remove everything found.</P>
<P>Run Ewido</P>
<P>1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.<BR>2. If Ewido finds anything, it will pop up a notification. Please select “clean” and check the boxes “Perform action with all infections” and “Create encrypted backup” before clicking on OK.<BR>3. When the scan finishes, click on “Save Report”. This will create a text file. Make sure you know where to find this file again.</P>
<P>Reboot your computer back to normal mode.</P>
<P>Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck “Security Info” if present.<BR>Download and run CCleaner.</P>
<BLOCKQUOTE>
<P>CCleaner (Crap Cleaner) is a freeware system optimization and privacy tool. That removes unused and temporary files from your system - allowing Windows to run faster, more efficiently and giving you more hard disk space. </P></BLOCKQUOTE>
<P>Reboot your computer.</P>
<P>Perform an online scan with <A href="http://www.myantispyware.com/2005/12/15/panda-software-active-scan/">Panda Active Scan</A>. Do a full system scan. Make sure the autoclean box is checked!</P>
<P>Your computer should now be free of the SpywareQuake infection.<BR>If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below</P>
<P><A href="http://www.myantispyware.com/forum/viewtopic.php?t=2">Spyware removal - Read Before Posting </A></P>
页:
[1]