Home About us Malwarebytes Spyware Doctor Threats Contact us
Home > Threats > SpywareQuake

What is SpywareQuake

Posted on 3 July 2006 under Rogue Programs

1. What is SpywareQuake?

It is rogue anti-spyware application which is being downloaded and installed on your computer by a trojan. It also generates fake computer security notifications, usually in the taskbar area: "Your computer is infected! Critical System Error! System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software." After clicking on the warning message user is redirected to SpywareQuake webpage in order to get commercial program version, which is incapable to clean PC properly.
Also known as Spyware Quake 2.3, SpywareQuaked 2.4.

Related threats: VirusHeat, VirusRay, AntiVirGear, VirusProtect

2. SpywareQuake screen shot:

SpywareQuake

3. How to remove SpywareQuake:

  1. Internet connection might be disabled or Internet browser might be blocked by SpywareQuake, so it won't be possible to download any files to infected computer. In this case please download all files required for SpywareQuake removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove SpywareQuake download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove SpywareQuake.

  5. Restart the computer to complete SpywareQuake removal procedure.

4. SpywareQuake files:

acvgxw.dll, autodisc32.dll, guxxa.dll, hvcycg.dll, hzclqhc.dll, icima.dll, imfdfcj.dll, msvcp71.dll, msvcr71.dll, mzoeut.dll, ofcukiz.dll, rmzdzx.dll, Security Toolbar.dll, suprox.dll, viwpzla.dll, wfkduei.dll, xuefh.dll
SpywareQuake.exe, spy-quake2.exe, SpywareQuakeInstaller.exe (setup file), SpywareQuaked.exe

5. Hijackthis entries:

O3 Entries:
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 Entries:
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [SpywareQuaked] C:\Program Files\SpywareQuaked\SpywareQuaked.exe /h
O22 Entries:
O22 - SharedTaskScheduler: acheweed - {5aaf6542-f4ba-4df4-873d-4902ecbe794c} - C:\WINDOWS\system32\acvgxw.dll
O22 - SharedTaskScheduler: AutoDisc Ware - {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} - C:\WINDOWS\system32\autodisc32.dll
O22 - SharedTaskScheduler: ecosystems - {af3fd9a8-1287-4159-9212-9a5b4494af70} - C:\WINDOWS\system32\guxxa.dll
O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - C:\WINDOWS\system32\hvcycg.dll
O22 - SharedTaskScheduler: articulation - {8dc1f789-e073-4363-b40d-07376bc5ecc5} - C:\WINDOWS\system32\hzclqhc.dll
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - C:\WINDOWS\System32\icima.dll
O22 - SharedTaskScheduler: incatenate - {e5b1e382-817e-4b74-8a96-ec78751e6acf} - C:\WINDOWS\system32\imfdfcj.dll
O22 - SharedTaskScheduler: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll
O22 - SharedTaskScheduler: incaged - {05a91164-3c96-47d6-aa74-2c855791b2d0} - C:\WINDOWS\system32\ofcukiz.dll
O22 - SharedTaskScheduler: corindon - {9ae613a2-a13b-4379-8d0e-86a1a78476ec} - C:\WINDOWS\system32\rmzdzx.dll
O22 - SharedTaskScheduler: USB Mouse Driver - {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} - C:\WINDOWS\system32\suprox.dll
O22 - SharedTaskScheduler: forevouched - {6af69c4d-420a-4c95-b34f-e4635f84f53b} - C:\WINDOWS\system32\viwpzla.dll
O22 - SharedTaskScheduler: glochid - {0c7416f0-dd23-420f-97f5-aae352ea2bf1} - C:\WINDOWS\System32\wfkduei.dll
O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - C:\WINDOWS\System32\xuefh.dll