Wednesday, December 14, 2005

Trojan installations of rogue anti spyware tools

Well oii got my PC infected with a nasty trojan installer that is being used to distribute a rogue anti spyware product called Spy Axe. I am still not sure how I managed to get infected, considering all the immunisation and stuff I have running. Anyway the damn thing was an utter pain to remove. It starts processes at boot time that auto restart if you kill them - which means deleting it (if you can even find the damn thing) is a nightmare. None of the main products I used (Spybot S&D, MS Antispyware, Ewido, Panda) were successful in removing the thing - they did find it - but seemingly couldn't actually stop the processes necessary to purge it.

In the end I resorted to opening a command line, and a task manager window, killing explorer.exe and pretty much any other process running- including some core windows ones, and then physically deleting C:\WINDOWS\SYSTEM32\ioctrl.dll using the command line which seemed to work. I then re-scanned and the antispyware tools seemed to be able to cope. But sheesh it took ages- and I must have used about 15 different tools including cache cleaner, specific removal scripts, registry settings changes suggested on various forums, anti virus and anti spyware tools and Hijack This....

Whoever wrote this piece of scumware really needs to be prosecuted.

technorati tag:   

1 comment:

DeathOwl said...

Updated fix instructions that should work are available here: