Spyaxe, also known as Spaxe,  is a rogue antispyware product that issues fake warnings in order to get you to buy their product. Spyaxe exploits a flaw in the Windows Operating System that allows itself to be installed without any input from the user. Once installed, it uses a pop-up balloon warning the computer is infected. Essentially, Spyaxe is spyware and a facilitator of allowing other harmful items to install such as Trojans, viruses and other malware.

I found this out quite surprisingly just yesterday morning. I unlocked my computer to find this annoying pop-up that would not go away. Immediately I unplugged the network connection, and began running an antivirus scan and an Ewido scan. Luckily I have two computers sitting next to each other connected by a KVM. More important, it wasn't the computer that I get my email. this allowed me to research the fix without having to run back and forth to another computer in my house.

What really surprised me was that I have Ewido Malware Suite, AVG Antivirus, Spybot, Adaware, and Microsoft Antispyware all running. So this should not have been allowed to get installed. I also have the spywareblaster database blocking ActiveX spyware controls. I, of course, blamed it on my 17 year old son that I let on the computer the night before. Immediately I knew something had happened because it was sitting at the login screen, having been rebooted.

I spent the most of the last 2 days trying to remove this garbage called Spyaxe and the Trojans it brought with it. Anyone who is dumb enough to actually buy this product deserves what they get. Spyaxe is based in New Zealand, and though their website makes them sound reputable, their actions are criminal.

Depending on what removal tool I used, I repeatedly found:

MSSearchNet

Spyware.cookie.Yieldmanager

Downloader.Zlob.dn

Downloader.Zlob.do

Trojan.Zlog.G

Vcodec

PSGuard

Doppler.small.akq

The solution is to download and install Smitrem.exe from Dave's World - noahdfear’s page. Executing the file will prompt you to extract files to another folder. If you're using XP you'll need to turn off system restore, and boot into safe mode. Complete removal instructions can be found at Infopackets.com. Smitrem is a great tool that can do many things. Besides being a Spyaxe remover (Spaxe remover), It's a free PSGuard remover, and it appears to be successful at removing zlob Trojan variants, including MSsearchnet (Trojan.Zlob.D Trojan).

It was originally created to remove the Trojan-spy.html.smitfraud.c malware infection and it's variants, AntivirusGold, PSGuard Spyware Remover, SpySheriff, Spy Trooper, SpyAxe, and Security Toolbar.

Only the first time I used hijackthis did the spyaxe.exe entry show up. But after each attempt to Eradicate the pest, and it reared it's ugly head, hijackthis did not see it. AVG would immediately find an infected file called "gohus2218.exe" buried in the temporary internet files. Spybot was also partially disabled by Spyaxe. Under "immunize", the "Enable permanent blocking of bad addresses in Internet Explorer" was disabled and could not be enabled. Once Spyaxe was FINALLY gone, I had to reinstall Spybot to regain that function.

Spyaxe also managed to exclude itself from being scanned by Ewido. While Ewido would catch the "Yieldmanager" and "Zlob" variants, I had to go online to Ewido.net to do an online scan that finally got rid of the last bit. Together with Smitrem.exe, Spyaxe is gone from my system (expletives purposely left out). 

Infopackets.com is an excellent source for removing SpyAxe, and I'd like to thank them for their assistance.

About The Author

John Crawford works as a Computer Systems Administrator for a small defense contracting company in Maryland.