What is SpywareQuake?
It is rogue anti-spyware application which is being downloaded and installed on your computer by a trojan. It also generates fake computer security notifications, usually in the taskbar area: "Your computer is infected! Critical System Error! System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software." After clicking on the warning message user is redirected to SpywareQuake webpage in order to get commercial program version, which is incapable to clean PC properly.
Also known as Spyware Quake 2.3, SpywareQuaked 2.4.
Related threats: VirusHeat, VirusRay, AntiVirGear, VirusProtect
Also known as Spyware Quake 2.3, SpywareQuaked 2.4.
Related threats: VirusHeat, VirusRay, AntiVirGear, VirusProtect
SpywareQuake removal tool:
- Spyware Doctor (see here for the installation guide)
Screenshot:
SpywareQuake Entries:
The following dll files are created: acvgxw.dll, autodisc32.dll, guxxa.dll, hvcycg.dll, hzclqhc.dll, icima.dll, imfdfcj.dll, msvcp71.dll, msvcr71.dll, mzoeut.dll, ofcukiz.dll, rmzdzx.dll, Security Toolbar.dll, suprox.dll, viwpzla.dll, wfkduei.dll, xuefh.dll
The following files are created:
SpywareQuake.exe, spy-quake2.exe, SpywareQuakeInstaller.exe (setup file), SpywareQuaked.exe
Hijackthis Entries:
O3 Entries:
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 Entries:
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [SpywareQuaked] C:\Program Files\SpywareQuaked\SpywareQuaked.exe /h
O22 Entries:
O22 - SharedTaskScheduler: acheweed - {5aaf6542-f4ba-4df4-873d-4902ecbe794c} - C:\WINDOWS\system32\acvgxw.dll
O22 - SharedTaskScheduler: AutoDisc Ware - {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} - C:\WINDOWS\system32\autodisc32.dll
O22 - SharedTaskScheduler: ecosystems - {af3fd9a8-1287-4159-9212-9a5b4494af70} - C:\WINDOWS\system32\guxxa.dll
O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - C:\WINDOWS\system32\hvcycg.dll
O22 - SharedTaskScheduler: articulation - {8dc1f789-e073-4363-b40d-07376bc5ecc5} - C:\WINDOWS\system32\hzclqhc.dll
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - C:\WINDOWS\System32\icima.dll
O22 - SharedTaskScheduler: incatenate - {e5b1e382-817e-4b74-8a96-ec78751e6acf} - C:\WINDOWS\system32\imfdfcj.dll
O22 - SharedTaskScheduler: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll
O22 - SharedTaskScheduler: incaged - {05a91164-3c96-47d6-aa74-2c855791b2d0} - C:\WINDOWS\system32\ofcukiz.dll
O22 - SharedTaskScheduler: corindon - {9ae613a2-a13b-4379-8d0e-86a1a78476ec} - C:\WINDOWS\system32\rmzdzx.dll
O22 - SharedTaskScheduler: USB Mouse Driver - {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} - C:\WINDOWS\system32\suprox.dll
O22 - SharedTaskScheduler: forevouched - {6af69c4d-420a-4c95-b34f-e4635f84f53b} - C:\WINDOWS\system32\viwpzla.dll
O22 - SharedTaskScheduler: glochid - {0c7416f0-dd23-420f-97f5-aae352ea2bf1} - C:\WINDOWS\System32\wfkduei.dll
O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - C:\WINDOWS\System32\xuefh.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 Entries:
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [SpywareQuaked] C:\Program Files\SpywareQuaked\SpywareQuaked.exe /h
O22 Entries:
O22 - SharedTaskScheduler: acheweed - {5aaf6542-f4ba-4df4-873d-4902ecbe794c} - C:\WINDOWS\system32\acvgxw.dll
O22 - SharedTaskScheduler: AutoDisc Ware - {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} - C:\WINDOWS\system32\autodisc32.dll
O22 - SharedTaskScheduler: ecosystems - {af3fd9a8-1287-4159-9212-9a5b4494af70} - C:\WINDOWS\system32\guxxa.dll
O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - C:\WINDOWS\system32\hvcycg.dll
O22 - SharedTaskScheduler: articulation - {8dc1f789-e073-4363-b40d-07376bc5ecc5} - C:\WINDOWS\system32\hzclqhc.dll
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - C:\WINDOWS\System32\icima.dll
O22 - SharedTaskScheduler: incatenate - {e5b1e382-817e-4b74-8a96-ec78751e6acf} - C:\WINDOWS\system32\imfdfcj.dll
O22 - SharedTaskScheduler: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll
O22 - SharedTaskScheduler: incaged - {05a91164-3c96-47d6-aa74-2c855791b2d0} - C:\WINDOWS\system32\ofcukiz.dll
O22 - SharedTaskScheduler: corindon - {9ae613a2-a13b-4379-8d0e-86a1a78476ec} - C:\WINDOWS\system32\rmzdzx.dll
O22 - SharedTaskScheduler: USB Mouse Driver - {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} - C:\WINDOWS\system32\suprox.dll
O22 - SharedTaskScheduler: forevouched - {6af69c4d-420a-4c95-b34f-e4635f84f53b} - C:\WINDOWS\system32\viwpzla.dll
O22 - SharedTaskScheduler: glochid - {0c7416f0-dd23-420f-97f5-aae352ea2bf1} - C:\WINDOWS\System32\wfkduei.dll
O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - C:\WINDOWS\System32\xuefh.dll