HOW TO REMOVE VIRUS POP-UP MESSAGE

I have a message appearing from an icon on the bottom right hand toolbar.
"! System Instrusion Detected!"  Dangerous infection was detected on
your PC.  The system will now download and install the most efficient
antimalware program...bla bla".  It goes off to a website Spyware
Strike which basically only allows you to buy the full version.  I
don't want to.  Have run full virus check with Spyware Doctor. 
Problem persists.  I am running XP.  I can close the popup window
which appears with the message, but within seconds it reappears.    I
have tried to use something called "Anti-Puper" to no avail.

Wanted:  clear instructions on how to get rid of the pop-up.

According to:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
this is the same as:
reported desktop hijacking; uses inadequate scan/detection scheme;
same app as AdwareDelete, AntiVirus Gold, & SpyAxe [A: 1-5-06 / U:
1-5-06]

I would go to: http://spywarewarrior.com/viewforum.php?f=5 and follow
the steps there where you will likely go through a hijack this posting
and a registry change or two.

Good Luck!

They do have a 'canned solution' to SpyAxe (of which yours is a
variant) that 'may' work: here it is:
Source: http://spywarewarrior.com/viewtopic.php?t=18636&sid=e29d3fcf22467508252522bfe8dcf752
and
http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3

This site:
http://www.2-spyware.com/remove-spywarestrike.html?gclid=COfhp-HKt4ICFRYlGgodvStuBg
says that 

"SpywareStrike is a trojan that displays an icon in the system tray.
This icons shows a message, which says that the compromised computer
is infected with dangerous spyware parasites and asks the user to
download and install an anti-malware program, which actually is
SpywareStrike, corrupt illegaly distributed spyware remover. Once the
user clicks on such message, the trojan opens the official web site of
SpywareStrike. It may also try to download the application. The trojan
is able to change the Internet Explorer default home page and redirect
the web browser to malicious web sites. SpywareStrike automatically
runs on every Windows startup."

and it has a downloadable remover and the registry values that you
must delete, etc. I believe it is similar to what canandianhelper
said.

The short-term solution to turn off the popups when I had this malware was as
follows (in XP):

Start--> Control Panel---> Taskbar and Start Menu--> Click on
"Taskbar" tab--> Click on "Customize"--> find the offending icon-->
click on "Hide when Inactive" next to it (or "Always Show," if that's
what it says) and change to "Always Hide."

This is an extremely obnoxious (though not dangerous) bug that you can
catch merely by visiting a website with an image file on it. Microsoft
has a fix for it in an update just released. Visit
http://update.microsoft.com

Spyaxe installs the following registry keys:

HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\
{A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} 
HKEY_CURRENT_USER\Software\Classes\CLSID\
{A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72}\InProcServer32
"default"="C:\\WINDOWS\\system32\\svchosts.dll"
"ThreadingModel"="Apartment" 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\SharedTaskScheduler
"{A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72}"="Reload Browse" 

If you are an EXPERT computer user, you can remove them and restart to
MS-DOS mode to delete the file manually from the Windows and
Windows\System folders. If you don't know what I am talking about, you
should not do it.

We have put up an guide on how to remove spywarestrike here:

http://www.bleepingcomputer.com/forums/topic40303.html

There is a fairly detailed discussion about options to remove this
malware on the UK PC Advisor site.

For details see:
http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=225317&forumid=1

One identified option that eliminated the problem for some people was
to de-install and re-install Windows Media Player.

Note: This information was found by issuing a Google search using the
following keywords:

"Spyware Strike" "system intrusion detected"

i don't know if this has already been answered because i don't feel
like reading all of the comments. one thing you could try is the newly
released google pack, it comes with anti-spyware, anti-virus, and then
a load of google-branded tools. plus they all update automatically
(supposedly).

http://pack.google.com

My dear freind 

 you get these kind of problems  if you  are using  internet explorer .

The best solution is  use opera or mozilla  firefox - the latest versions

and you can browse without  popup troubling you

bye

Below is the info from the nuker database
(http://www.nuker.com/container/details/spywarestrike.php).
It should be safe to remove the components manually.

SpywareStrike might create following folders (and inject its files
inside the folders):


%PROGRAMS%SpywareStrike
%PROGRAM_FILES%SpywareStrike

SpywareStrike might create following files (some of the files might be
loaded in memory while the software is running):

%APPDATA%MicrosoftInternet ExplorerQuick LaunchSpywareStrike 2.5.lnk
%DESKTOP%SpywareStrike.lnk
%PROFILE%Local SettingsTempSSLanguage.ini
%STARTMENU%SpywareStrike 2.5.lnk
%PROGRAM_FILES%SpywareStrikemsvcp71.dll
%PROGRAM_FILES%SpywareStrikemsvcr71.dll
%PROGRAM_FILES%SpywareStrikesignatures.ref
%PROGRAM_FILES%SpywareStrikeSpywareStrike.exe
%PROGRAM_FILES%SpywareStrikeuninst.exe

SpywareStrike is often accompanied by the following tracking cookies:


spywarestrike.com

SpywareStrike might create following registry keys (and inject subkeys and values):


HKEY_CLASSES_ROOTAppIDSpywareStrike.EXE
HKEY_CLASSES_ROOTCLSID{0F25878F-F8AE-5D5D-2BB7-31B5F803290D}
HKEY_CLASSES_ROOTInterface{2C15CDEA-3EF4-4405-90B0-19A1389B36ED}
HKEY_CLASSES_ROOTInterface{3115A433-3FA0-483B-AB01-2A61C951FE58}
HKEY_CLASSES_ROOTInterface{51FEFA9C-1D5A-41C4-81FE-8C0FBE9254F0}
HKEY_CLASSES_ROOTInterface{5CCC8D01-9F75-4F07-9ACF-DEB314176C79}
HKEY_CLASSES_ROOTInterface{5E7BF614-960B-4A1F-9236-9EC01AC4C5E2}
HKEY_CLASSES_ROOTInterface{66F0AC1C-DED5-4965-9E31-39788DF1B264}
HKEY_CLASSES_ROOTInterface{849E056A-D67A-431E-9370-2275F26D39B5}
HKEY_CLASSES_ROOTInterface{8B7AFBFD-631C-45BA-9145-F059EB58DD73}
HKEY_CLASSES_ROOTInterface{AFEB8519-0B8B-4023-8C15-FFB17D5225F9}
HKEY_CLASSES_ROOTInterface{BA9CC151-4581-438E-94AF-4C703201B7CA}
HKEY_CLASSES_ROOTInterface{BC74C336-FF2C-40C9-AD4E-3772C208406B}
HKEY_CLASSES_ROOTInterface{BDF00F24-A571-4392-95EC-04FDFF82A82C}
HKEY_CLASSES_ROOTInterface{C4E953E6-770E-4F59-A5E3-43E9F0D682E2}
HKEY_CLASSES_ROOTInterface{E0105E7C-D0C4-4DEA-AA21-B02F2960ECAF}
HKEY_CLASSES_ROOTInterface{ED39CB7C-1BF6-429B-A275-F183B4A3EFCB}
HKEY_CLASSES_ROOTInterface{F23AA637-31D5-4526-B5C6-9FF89E16202C}
HKEY_CLASSES_ROOTTypeLib{C1A4C0C9-DBD0-493A-93F8-0B05EDC96224}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsSpywareStrike.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSpywareStrike
HKEY_LOCAL_MACHINESOFTWARESpywareStrike

SpywareStrike might create following registry values:

HKEY_LOCAL_MACHINESOFTWARELicenses|{IA4AF3E9A644EE5C8}
HKEY_LOCAL_MACHINESOFTWARELicenses|{0A4AF3E9A644EE5C8}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun|SpywareStrike

hanuman1234-ga

SpywareStrike could be put on your computer through the WMF
problem...Firefox or Opera are not going to help with that.

Since this question is now over 1 month old lets all hope that the virus is gone!

WARNING:

Above solution:

There is NO SUCH THING as a Google Firefox Internet Browser.

Google DOES NOT have a browser.
There is NO Firefox/IE mashup.

Do NOT download such things from third party websites like the one mentioned!!!

If you want Firefox to to: getfirefox.com
If you want IE go to: www.microsoft.com/windows/ie/downloads/default.mspx
If you want the Google Pack (Firefox Browser and some anti
virus/spyware tools and some google programs like Earth and Picasa go
to: pack.google.com

DO NOT GET YOUR PROGRAMS FROM THIRD PARTIES! (There are some possible
exceptions such as getting FF from Google Pack or getting prog from
download.com) but you assured of getting the latest releases from the
direct site.

Hi,

 If you have spyware doctor that is not enough.

Spyware doctor helps adware but not viruses.

I use two software

1) McFee that helps removes viruses
2) http://www.deletespyware-adware.com that helps remove adware
and spyware...

Those two and you are safe. Probably your PC is not in danger.
It is just the company that wants you to but their product. They 
try to trick you that you have adware. Obviously this is not a good
Company but rather the opposite.

Lashley