SpywareQuake ... same old crap, new name.

muckshifter · 31-03-2006, 11:05 AM

Quote:

Since I first heard about SpywareQuake, late yesterday afternoon, less than 24 hours ago, I've seen dozens of complaints about it already. SpywareQuake is being installed without notice or consent, hijacks the desktop and pops up a warning from the system tray that the machine is infected with spyware. It scans and reports that it found spyware in the machine and then demands payment to remove the so-called spyware. You can see a screenshot of SpywareQuake at SunbeltBLOG here.
If you find this blog post and are wondering about SpywareQuake, whether you should buy it, the answer is NO. It's a rogue and a rip-off! It is installed by and with spyware and contains malware to prevent you from removing it. It's another variant of the SmitFraud infection.
Right now none of the antivirus or anti-spyware programs that I'm aware of will detect and remove SpywareQuake. The offending file that resists removal and causes reinfection appears to be C:\Windows\System32\stickrep.dll.
Several people in the anti-spyware community have posted tutorials on removing SpywareQuake. BleepingComputer.com tutorial here. Nick's Computer Security blog's SpyFalcon removal instructons have been updated to include SpywareQuake. One use commented that after following the instructions and renaming the file stickrep.dll to something else, he was rid of SpywareQuake.

muckshifter · 04-04-2006, 06:59 PM

This is getting worse ... Ad-Aware is the boy for the job, but ...

... you want to check Safe Boot and select Minimal (Alternate Shell)

This will start you in Safe Mode with Command Prompt where you can do:

cd \program files\lavasoft\ad-aware se personal

(or use wildcards like \program files\lavasoft\ad*)

Then type ad-aware to launch the application. You can do similar things with spybotsd and antivir antivirus (type avcenter.exe) which is simple enough to run in Safe Mode with Command Prompt.

That said, while you should be able to get rid of spyware quake/falcon/whatever, until you find the root cause (downloader trojan), it and other things may keep coming back. In my case, I had missed part of a Zlob trojan variant. I had taken the PC home and went to bring it back last night and as soon as the kid launched his messenger/messenger plus crap, Antivir started to detect parts of Zlob again. It was a merry chase finding the hidden process.

P.S. You can launch c:\windows\pchealth\helpctr\binaries\msconfigedit boot.ini/safeboot:minimal<alternate shell> from the boot command line. (it's not in your path) from Safe Mode Command Prompt to uncheck the setting to boot normally, or you go to the root of C and type and remove

tschrock · 28-04-2006, 02:45 AM

http://www.schrockinnovations.com/removespywarequake.php[/URL]I worked against a new variant of the Spywarequake infection today. It seems that there are two more files that the infection now drops on your hard drive.

I have posted the technical details here.
http://www.schrockinnovations.com/re...ywarequake.php

The two additional files are:

dfrgsrv.exe
mssearchnet.exe

Thanks again for the help guys!

tschrock · 16-08-2006, 05:47 PM

Add another name to the list of spyware that is jacking up peoples computers... Fresh from the makers of SpyFalcon, SpySheriff, and SpywareQuake comes Brave Sentry. This is the same old game with a new face... It offers a free scan, then when you install it it detects a bunch of false positives. If you try to remove it it won't go away until you pay. Anyone who has installed this on their system, I would suggest you Remove it ASAP!

http://www.schrockinnovations.com/removebravesentry.php

muckshifter · 16-08-2006, 06:01 PM

Thanks ... :thumb:

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Newbie: http://www.spywarequake.com/	Dark Lord	Spyware	9	27-07-2006 12:25 AM
spywarequake MalWare Cleanse, Please	xlurker@lycos.com	Virus Information	3	12-07-2006 06:57 PM
spywarequake MalWare Cleanse, Please	xlurker@lycos.com	Spyware	3	12-07-2006 01:04 PM
Spywarequake, The Latest Rogue Antispyware Program.	muckshifter	Dealing with Spyware	0	28-03-2006 11:39 AM
New computer with new windows, but locked old windows	RCBogusch	Security Software	1	02-07-2005 05:09 AM