Anti-Spyware Forums


Reply
Thread Tools Display Modes

SpywareQuake ... same old crap, new name.

 
 
Member
Join Date: Feb 2006
Location: In a Hovel
Posts: 68

 
      31-03-2006, 11:05 AM
Quote:
Since I first heard about SpywareQuake, late yesterday afternoon, less than 24 hours ago, I've seen dozens of complaints about it already. SpywareQuake is being installed without notice or consent, hijacks the desktop and pops up a warning from the system tray that the machine is infected with spyware. It scans and reports that it found spyware in the machine and then demands payment to remove the so-called spyware. You can see a screenshot of SpywareQuake at SunbeltBLOG here.
If you find this blog post and are wondering about SpywareQuake, whether you should buy it, the answer is NO. It's a rogue and a rip-off! It is installed by and with spyware and contains malware to prevent you from removing it. It's another variant of the SmitFraud infection.
Right now none of the antivirus or anti-spyware programs that I'm aware of will detect and remove SpywareQuake. The offending file that resists removal and causes reinfection appears to be C:\Windows\System32\stickrep.dll.
Several people in the anti-spyware community have posted tutorials on removing SpywareQuake. BleepingComputer.com tutorial here. Nick's Computer Security blog's SpyFalcon removal instructons have been updated to include SpywareQuake. One use commented that after following the instructions and renaming the file stickrep.dll to something else, he was rid of SpywareQuake.



 
AntiSpyware Downloads | Spyware Database

Consider using Anti-Vir Free or KAV trial & pay as your AV
 
Reply With Quote
 
 
 
 
Member
Join Date: Feb 2006
Location: In a Hovel
Posts: 68

 
      04-04-2006, 06:59 PM
This is getting worse ... Ad-Aware is the boy for the job, but ...

... you want to check Safe Boot and select Minimal (Alternate Shell)



This will start you in Safe Mode with Command Prompt where you can do:

cd \program files\lavasoft\ad-aware se personal

(or use wildcards like \program files\lavasoft\ad*)

Then type ad-aware to launch the application. You can do similar things with spybotsd and antivir antivirus (type avcenter.exe) which is simple enough to run in Safe Mode with Command Prompt.

That said, while you should be able to get rid of spyware quake/falcon/whatever, until you find the root cause (downloader trojan), it and other things may keep coming back. In my case, I had missed part of a Zlob trojan variant. I had taken the PC home and went to bring it back last night and as soon as the kid launched his messenger/messenger plus crap, Antivir started to detect parts of Zlob again. It was a merry chase finding the hidden process.

P.S. You can launch c:\windows\pchealth\helpctr\binaries\msconfigedit boot.ini/safeboot:minimal<alternate shell> from the boot command line. (it's not in your path) from Safe Mode Command Prompt to uncheck the setting to boot normally, or you go to the root of C and type and remove

 
AntiSpyware Downloads | Spyware Database

Consider using Anti-Vir Free or KAV trial & pay as your AV
 
Reply With Quote
 
 
 
 
Junior Member
Join Date: Apr 2006
Posts: 2

 
      28-04-2006, 02:45 AM
http://www.schrockinnovations.com/removespywarequake.php[/URL]I worked against a new variant of the Spywarequake infection today. It seems that there are two more files that the infection now drops on your hard drive.

I have posted the technical details here.
http://www.schrockinnovations.com/re...ywarequake.php

The two additional files are:

dfrgsrv.exe
mssearchnet.exe

Thanks again for the help guys!
 
Reply With Quote
 
Junior Member
Join Date: Apr 2006
Posts: 2

 
      16-08-2006, 05:47 PM
Add another name to the list of spyware that is jacking up peoples computers... Fresh from the makers of SpyFalcon, SpySheriff, and SpywareQuake comes Brave Sentry. This is the same old game with a new face... It offers a free scan, then when you install it it detects a bunch of false positives. If you try to remove it it won't go away until you pay. Anyone who has installed this on their system, I would suggest you Remove it ASAP!

http://www.schrockinnovations.com/removebravesentry.php
 
Reply With Quote
 
Member
Join Date: Feb 2006
Location: In a Hovel
Posts: 68

 
      16-08-2006, 06:01 PM
Thanks ... :thumb:

 
AntiSpyware Downloads | Spyware Database

Consider using Anti-Vir Free or KAV trial & pay as your AV
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Newbie: http://www.spywarequake.com/ Dark Lord Spyware 9 27-07-2006 12:25 AM
spywarequake MalWare Cleanse, Please xlurker@lycos.com Virus Information 3 12-07-2006 06:57 PM
spywarequake MalWare Cleanse, Please xlurker@lycos.com Spyware 3 12-07-2006 01:04 PM
Spywarequake, The Latest Rogue Antispyware Program. muckshifter Dealing with Spyware 0 28-03-2006 11:39 AM
New computer with new windows, but locked old windows RCBogusch Security Software 1 02-07-2005 05:09 AM


All times are GMT. The time now is 04:20 AM.