How To Remove SpyFalcon!
This guide will show you how to identify and remove SpyFalcon!
SpyFalcon is an anti-spyware program that is known to issue fake warning messages on your computer, similar (and almost identical to) Windows Update Notification balloons in order to manipulate you into registering for the full paying version. SpyFalcon is the latest rogue program from the creaters of
SpyAxe, who also created
Spyware Strike.
It is easy to know you have been infected by SpyFalcon, because you will be prompted to buy it.
The following entry in HijackThis will show that SpyFalcon is on your computer:
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
Please follow the instructions below on how to remove SpyFalcon from your computer
================================================================
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Download
smitRem.exe and save the file to your desktop.
Right click on the file and extract it to it's own
folder on the desktop. Don't use it yet!
Download
FixSF.reg by right clicking
here and selecting "
Save Target As..." for Internet Explorer or "
Save Link As..." for Firefox. Save the file to your desktop!
Double-click
FixSF.reg on your desktop and when it asks if you would like to merge the information, press the
Yes button and then the
OK button.
Next, please reboot your computer in
SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
- Log in as Administrator
Once in Safe Mode, go into
Add/Remove Programs in
Control Panel and look for
SpyFalcon. Double-click on it and follow the prompts to uninstall the program.
Do not restart the computer if you are told to.
Find and Delete the following Files and Folders. (Do not worry if the SpyFalcon Folder is not found)
C:\Windows\System32\
dxmpp.dll <<
this file
C:\Windows\System32\
ginuerep.dll <<
this file
C:\Program Files\
SpyFalcon <<
this folder
If you can not find the
dxmpp.dll or
ginuerep.dll files, then enable Hidden Files and Folders by doing the following and searching again:
* Double-click
My Computer.
* Click the
Tools menu, and then click
Folder Options.
* Click the
View tab.
* Clear "
Hide file extensions for known file types."
* Under the "
Hidden files and folders", select "
Show hidden files and folders."
* Clear "
Hide protected operating system files."
* Click
Apply, and then click
OK.
Close all programs and windows. Open the
smitRem folder, then double click the
RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named
smitfiles.txt in the root of your drive, eg;
Local Disk C: or partition where your operating system is installed. Examining the log should show that the infection was cleaned. Please keep it safe!
Reboot back into Normal Mode!
Run an onlinescan with
Panda ActiveScan
- Once you are on the Panda site, click the
Scan your PC button
- A new window will open...click the
Check Now button
- Enter your
Country
- Enter your
State/Province
- Enter your
e-mail address and click
send
- Select either
Home User or
Company
- Click the big
Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When download is complete, click on
Local Disks to start the scan
- When the scan completes save the report to a convenient location.
================================================================
You should now be free of
SpyFalcon. If you require help with the removal of SpyFalcon or to check your HJT log, then please start your own thread in the
Spyware/Virus/Trojan Forum and post the logs from SmitRem.exe, Panda and a new HijackThis log.
Similar Threads
