1. /
  2. Security Response/
  3. SpywareStrike

SpywareStrike - Removal

Updated:
February 13, 2007 11:47:37 AM
Type:
Misleading Application
Risk Impact:
Medium
File Names:
ss_setup.exe spywarestrike.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

The following instructions pertain to all Symantec antivirus products that support security risk detection.
  1. Update the definitions.
  2. Uninstall the security risk.
  3. Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To uninstall the security risk
This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions:
  1. Click Start > Settings > Control Panel or Start > Control Panel (this varies with the operating system).

  2. In the Control Panel window, double-click Add/Remove Programs.

    Windows Me only: If you do not see the Add/Remove Programs icon, click ...view all Control Panel options.

  3. Click SpywareStrike 2.5

    Note:
    You may need to use the scroll bar to view the whole list.

  4. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

    Note: After running the Add/Remove programs applet, all the files may have been removed. You will want to run a full system scan to ensure that this is the case. However, it is possible that no files will be detected after using Add/Remove programs.
3. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document: How to make a backup of the Windows registry.
  1. Click Start > Run.
  2. Type regedit

    Then click OK.

    Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

  3. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  4. In the right pane, delete the value:

    "SpywareStrike" = "%ProgramFiles%\SpywareStrike\SpywareStrike.exe /h"

  5. Navigate to and delete the following subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SpywareStrike.EXE
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C15CDEA-3EF4-4405-90B0-19A1389B36ED}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3115A433-3FA0-483B-AB01-2A61C951FE58}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51FEFA9C-1D5A-41C4-81FE-8C0FBE9254F0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CCC8D01-9F75-4F07-9ACF-DEB314176C79}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E7BF614-960B-4A1F-9236-9EC01AC4C5E2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66F0AC1C-DED5-4965-9E31-39788DF1B264}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{849E056A-D67A-431E-9370-2275F26D39B5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B7AFBFD-631C-45BA-9145-F059EB58DD73}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFEB8519-0B8B-4023-8C15-FFB17D5225F9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA9CC151-4581-438E-94AF-4C703201B7CA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC74C336-FF2C-40C9-AD4E-3772C208406B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF00F24-A571-4392-95EC-04FDFF82A82C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4E953E6-770E-4F59-A5E3-43E9F0D682E2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0105E7C-D0C4-4DEA-AA21-B02F2960ECAF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED39CB7C-1BF6-429B-A275-F183B4A3EFCB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F23AA637-31D5-4526-B5C6-9FF89E16202C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C1A4C0C9-DBD0-493A-93F8-0B05EDC96224}

  6. Exit the Registry Editor.



Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver