« If you are running an older version of Java Update ASAP | Main | Wow this is too creepy for words »

February 09, 2006

SpyFalcon Removal

While reading Sunbelt Software I saw a post for a new rouge anti spyware application called SpyFalcon, going to my favorite spyware assistance boards I saw a blitz of help requests regarding spy falcon. A cursory look at SpyFalcon it seems to be yet the latest fake anti-spyware application in a recent blitz of rouge anti-spyware programs that infect computers mask themselves as beneficial and then resist removal. Once installed on a users system SpyFalcon adds an icon to the system tray, the icon says the computer is "is infected with dangerous spyware parasites and asks the user to download and install a removal program". If the user says ok then spy falcon runs tell the user there is numerous issues with their system and then offers to remove the problem if they will pay for the full version of SpyFalcon.

To remove SpyFalcon:

Download and run hijackthis, in hijackthis check off the boxes next to the following and click remove

O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h

Using my SSQKit kill the following processes

spyfalcon.exe

Next copy the following and paste in notepad and save as killap.reg

**after you have saved the killap.reg file double click the file to add the changes to the registry

REGEDIT 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
"SpyFalcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\]
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}]

Next using the SSQKit search for and unregister the following dll*
dxmpp.dll

In the find section type the name of the dll and then right click on it once found and choose unregister

Finally using the ssqkit find and delete the following files and folders

C:\Program Files\SpyFalcon
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpyFalcon

From the system folder (C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32) delete the following file

dxmpp.dll

After you are all done restart your computer and once satisfied delete the backup files from c:\killit

February 09, 2006 in Spyware Removal |

Comments

Toni

Thank you very much for this detailed description aof the removal of spyfalcon. It was a great and successfull help.

Thanks again.
Great site.

Posted by: Toni | February 11, 2006 at 10:35 AM

Ed

Hi

I just want to say thanks. I tried other sugestions on the web and only this one removed skyfalcon.

Thanks,
Ed

Posted by: Ed | February 20, 2006 at 04:34 AM

Björn Are

At last! Spyfalcon is no longer present on my computer. Many thanks!

Björn Are

Posted by: Björn Are | February 22, 2006 at 05:23 AM

Block G Raptor

Nice one that spyfalcon was really getting on my tits

Posted by: Block G Raptor | February 22, 2006 at 02:28 PM

The comments to this entry are closed.

My Photo

Search This Blog

Subscribe

Categories

June 2006

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Archives

Blog Worm

  • Infected by Blog.Worm

    Please note this not a real virus but only an embeded GIF file meant for humor.

      Blog.Worm

Other Blogs of Note

Creative Commons