Skip to content →

War on SpyQuake

I used to scoff at people who got spyware attacks. Why? Because I’m very careful about what I download. I don’t frequent random ass websites. My antivirus program is always on and always scanning. I scan for spyware at least once a month (usually once every other week). I figured I was untouchable.

Oh how the mighty have fallen.

About a week ago, after a crazy rush of downloading of some utilities to see if they would improve my computer’s usefulness to me, I noticed that I started getting warnings of virus presence on my computer. This happens every now and then and as I have a fully upgraded version of Norton Antivirus, I felt I was reasonably safe, and responded simply by initiating a full system scan. I found a couple of infected files, wiped a couple of them off my computer, and quarantined a few which looked like I might need them.

With the exception of an antivirus warning popping up like two more times after that, I had no other cause for worry.

Then, after cooking up some ramen to supplement a meal that was just a tad too small, I returned to my computer screen and noticed that a bizarre warning was flashing on my computer screen — it was a little alert window emanating from an icon in my system tray telling me that it had detected spyware. When I right clicked on the window, it took me to an Internet Explorer window which told me about a program called “SpyQuake” which was an anti-spyware program.

At this point, I knew something was wrong:

  1. My programs never open windows in Internet Explorer unless something really weird happens, because I’ve set my default browser as my uber-customized Firefox.
  2. My spyware’s attempts to find the spyware resulted in the program being able to detect the spyware, but crashing everytime I told it to remove it
  3. Upon installing Ad-aware and having it run a scan, I noticed that the program shut itself off — a problem I encountered before when trying to save a friend’s computer when the computer deleted a utility that I had installed to correct the problem

On top of all of this, my Norton kept spitting out messages that it had detected some virus in a dll that I had never heard of and had no real physical trace for (everytime I searched the directory in question where the dll was supposed to be, there was no such file).

So, my computer was not in good shape, and every couple of seconds I kept getting more and more error messages. I was under attack — and losing the battle every step of the way. I had heard about Spyware which disguised itself as spyware detectors, and I was positive this was one of them — especially when I was unable to find any trace of the spyquake program in my task manager.

So, I called in the big guns — Google. A few minutes later, I had confirmed my suspicions, SpyQuake was a particularly malicious form of malware. Thankfully, I found a utility which would wipe it clean at a very useful website with a very amusing name: bleepingcomputer. I found a utility (RogueScanFix) which would help eliminate the problem and after booting the computer in Safe Mode and running another utility called Autoruns which identifies the processes that run when you start your computer (including all the dll’s being called, etc) I was able to track down not only the SpyQuake bug, but also the virus that had been plaguing me and put a stop to SpyQuake and safely delete the infected dll file which harbored the virus.

I then re-started the computer once more, did a full system scan for spyware and viruses (wiping out what was left of that rebel virus scum) and — well, my computer is as good as new — in fact, it seems to boot up a bit faster than it used to.

Long story short: REGULARLY scan your computer for viruses and spyware, REGULARLY install updates to your operating system, and be careful who you download from. If you do run into a problem, there is a world of information on BleepingComputer (as soon as GREs are over, I wil be reading a lot of their tutorials) and Microsoft’s Knowledge Base that you can use to save your computer’s sorry hide if it ever goes down.

Published in Blog

%d bloggers like this: