SpywareStrike is a program that displays an icon in the system tray.
This icons shows a balloon, which says that your computer is infected with dangerous spyware parasites and asks the user to download and install an antispyware program, which actually is SpywareStrike. Once the user clicks on such balloon, the trojan opens the official web site of SpywareStrike. It may also try to download the application. The SpywareStrike is able to change the Internet Explorer default home page and redirect the web browser to fake securety sites. SpywareStrike automatically runs on every Windows startup. Read more about SpywareStrike here.
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: SpywareStrike
Then using Windows Explorer, delete the following folder: C:\Program Files\SpywareStrike
Download smitRem and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.
Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.
Next, Download, install, and update the free version of Ewido trojan scanner:
1. When installing, under “Additional Options” uncheck “Install background guard” and “Install scan via context menu”.
2. Run Ewido — When you run it for the first time, you may get a warning “Database could not be found!”. Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display “Update successful”)
5. Exit Ewido. DO NOT scan yet.
If you do not already have Ad-Aware SE installed, follow these download and setup instructions. Also check for updates.
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):
O2 - BHO ... C:\Windows\SYSTEM32\hp*.tmp (the name changes)
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again — this is normal.
Wait for the tool to complete and Disk Cleanup to finish — this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Run Ewido
1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
2. If Ewido finds anything, it will pop up a notification. Please select “clean” and check the boxes “Perform action with all infections” and “Create encrypted backup” before clicking on OK.
3. When the scan finishes, click on “Save Report”. This will create a text file. Make sure you know where to find this file again.
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck “Security Info” if present.
Using Windows Explorer, locate and delete the following file:
C:\Windows\SYSTEM32\ncompat.tlb
C:\Windows\SYSTEM32\netwrap.dll
C:\Windows\SYSTEM32\ot.ico
C:\Windows\SYSTEM32\ts.ico
Where “C:\Windows\SYSTEM32 ” – patch to your Windows\System32 directory.
if you can`t remove these files, use KillBox, download here.
Finally, restart your computer.
