SpyAxe

By ZulaZuza in Trojans | 12 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Translate To:     Español  |   Português
 More... More

SpyAxe Description

SpyAxe or Spy Axe is a Trojan infection which generates one or two icons in the system tray. The icons display a message stating that the system is infested with spyware followed by a recommendation to purchase a specific rogueware. When a victim clicks on the message he/she will be redirected to the payment page of the promoted rogueware. SpyAxe may also try to install the rogueware on a victim’s machine without his/her permission, or change the background of the desktop. To prevent easy removal, SpyAxe will create a registry entry that will ensure its automatic execution with every system start-up. Use an up-to-date malware removal tool to rid your PC of this dangerous threat.

Type: Trojans

How Can You Detect SpyAxe?

Download SpyHunter’s Detection Scanner
to Detect SpyAxe.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

SpyAxe Technical Report

As new SpyAxe details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following SpyAxe files with its MD5s were created in the system:

File Name File Size MD5
SpyAxe.exe 1396736 a48583c5e87fe5b5d62021c1f30e3e05
Security Toolbar.dll 36864 ceb11569637c8eb5ab223997d7518ec0

SpyAxe Removal Details

SpyAxe has typically the following processes in memory:

  • nvctrl.exe
  • svchosts.dll
  • spyaxe_setup[1].exe
  • mssearchnet.exe
  • ioctrl.dll
  • sa1.exe
  • mscornet.exe
  • spyaxe.exe
  • webconm.dll

SpyAxe creates the following files in the system:

  • C:\Windows\System32\1024
  • SpyAxe 3.0.lnk
  • C:\Windows\System\1024
  • hpE951.tmp
  • SpyAxe.lnk
  • Uninstall SpyAxe 3.0.lnk
  • C:\Program Files\SpyAxe
  • hp[X].tmp
  • SpyAxe
  • SpyAxe 3.0 Website.lnk
  • C:\Winnt\System32\1024

SpyAxe creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CAF96A2-C556-460A-988E-76FC7895D284}
  • HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObject\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E802FFFF-8E58-4D2C-A435-8BEEFB10AB77}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}

Important Article Disclaimer

ESG Support Center

This entry was last updated on 12/8/10 and posted on 12/8/10. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Security Shield
Backdoor.Win32.Agent.bctb »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.