SpyFalcon: A Major Issue
| Author |
Message |
GanjaSmoker
Joined: 06 Mar 2006
Posts: 2
|
 Post subject: SpyFalcon: A Major Issue |
 |
|
Ok guys, heres the rundown:
Both Spybot and Spydoctor attempt to delete the spyfalcon application, and appear to do so. The problem is a new variant has popped up that comes back on restart. I contacted Spy Doctor technical support regarding the issue, and they had this to say:
| Quote: |
The problem that you are experiencing appears to be caused by a new
variant of a known malware threat.
Our Malware Research Center is currently aware of the Spyfalcon issue
and they are working on resolving the problem shortly.
Please make sure to keep Smart Updating as the problem will be fixed
very shortly with a newly created signature that will be downloaded via
the Smart Update. |
Obviously they have not provided a fix for the issue yet. I have dealt with spyware of this engineering before and have never been able to remove it. I attempted to remove the spyware by deleting my entire WINDOWS/Prefetch, and all the Temp folders windows has manually. I then ran Spy Doctor which promptly uninstalled the program. Spy Doctor didnt even find the orphaned files in my windows prefetch, I was dissapointed to say the least.
After this didnt work, I googled spy falcon and arrived herehttp://www.infopackets.com/channels/en/windows/gazette/2006/20060211_remove_spyfalcon_removal_instructions.htm and followed their directions to a T. The proposed SmitRemFix didnt even come close.
From what i have discerned regarding the issue, the installer must hide in the memory waiting for shutdown to restore itself. I cannot find any strange executables running, however the windows update poser popup still appears. I have AVG Anti Virus, spydoctor, spybot and Kerio/Sunbelt Firewall 4 all monitoring my computer for malicious activity. If the program can fool all these excellent security programs, it obviously has some highly malicious coding, and may possible be exploting one of many undiscovered windows security flaws. Overall the program does very little except reinstall on each reboot and constantly annoy me with baloon popups. Spybot or SpyDoctor effectivly remove its balls and delete the program no problem, its the baloon popups which make me want to kill myself.
[/quote] |
|
Mon Mar 06, 2006 7:31 am
 |
|
 |
nitesystem
Joined: 04 Mar 2006
Posts: 5
|
| Post subject: Re: SpyFalcon: A Major Issue |
|
|
| GanjaSmoker wrote: |
Ok guys, heres the rundown:
Both Spybot and Spydoctor attempt to delete the spyfalcon application, and appear to do so. The problem is a new variant has popped up that comes back on restart. I contacted Spy Doctor technical support regarding the issue, and they had this to say:
| Quote: |
The problem that you are experiencing appears to be caused by a new
variant of a known malware threat.
Our Malware Research Center is currently aware of the Spyfalcon issue
and they are working on resolving the problem shortly.
Please make sure to keep Smart Updating as the problem will be fixed
very shortly with a newly created signature that will be downloaded via
the Smart Update. |
Obviously they have not provided a fix for the issue yet. I have dealt with spyware of this engineering before and have never been able to remove it. I attempted to remove the spyware by deleting my entire WINDOWS/Prefetch, and all the Temp folders windows has manually. I then ran Spy Doctor which promptly uninstalled the program. Spy Doctor didnt even find the orphaned files in my windows prefetch, I was dissapointed to say the least.
After this didnt work, I googled spy falcon and arrived herehttp://www.infopackets.com/channels/en/windows/gazette/2006/20060211_remove_spyfalcon_removal_instructions.htm and followed their directions to a T. The proposed SmitRemFix didnt even come close.
From what i have discerned regarding the issue, the installer must hide in the memory waiting for shutdown to restore itself. I cannot find any strange executables running, however the windows update poser popup still appears. I have AVG Anti Virus, spydoctor, spybot and Kerio/Sunbelt Firewall 4 all monitoring my computer for malicious activity. If the program can fool all these excellent security programs, it obviously has some highly malicious coding, and may possible be exploting one of many undiscovered windows security flaws. Overall the program does very little except reinstall on each reboot and constantly annoy me with baloon popups. Spybot or SpyDoctor effectivly remove its balls and delete the program no problem, its the baloon popups which make me want to kill myself.
|
[/quote]
You and i both, i have the same problem, and used the same methods. My spyfalcon came at the hands of my younger neice wanting to watch a music video and downloading a codec to do so which put spyfalcon on. Like you have many prevenitive measures running and it still breaks all of them, the fake virus alert and all. I too have used smitrem to no success, and because this happned last week, this has to be a new type. I have to admit, whoeever is behind this is very very good. |
|
Mon Mar 06, 2006 9:23 am
|
|
|
kevin89
Joined: 04 Mar 2006
Posts: 2
|
| Post subject: |
|
|
Thanks for looking into this GanjaSmoker! I just emailed the Spybot people and I'll let you know what they reply. I've got the same problem as you guys and I think I caught this new version of SpyFalcon through a codec as well. I'd love to hear how to get rid of this thing - it's really pissing me off!!!
Kevin |
|
Mon Mar 06, 2006 1:38 pm
|
|
|
hardulph
Joined: 06 Mar 2006
Posts: 2
|
| Post subject: |
|
|
Is it possible to get rid of it by reinstalling windows? |
|
Mon Mar 06, 2006 3:57 pm
|
|
|
kevin89
Joined: 04 Mar 2006
Posts: 2
|
| Post subject: Got rid of it!! |
|
|
|
|
Mon Mar 06, 2006 4:36 pm
|
|
|
hardulph
Joined: 06 Mar 2006
Posts: 2
|
| Post subject: Thanks - worked for me too! |
|
|
Many Thanks Kevin - did the same and so far fingers crossed everything seems OK
[/quote] |
|
Mon Mar 06, 2006 8:10 pm
|
|
|
GanjaSmoker
Joined: 06 Mar 2006
Posts: 2
|
| Post subject: |
|
|
Apparently yall have found a fix, but while you were doing that I found my own!
http://www.bleepingcomputer.com/forums/topic43659.html
This webpage has a registry file that worked. I didnt even need a safemode boot or run smitremfix. All I did was run the reg file, and then restart. During the next boot, I ran Spydoctor which promptly unintalled the program. Then I found the files it left behind that spy doctor is too stupid to find, deleted all my temp folders manually (documents and settings/local user/temp,) and my windows/prefetch. Following this, I restarted again, and havnt seen the popups since the first reboot and spyfalcon was gone by the second. This solution worked for me, but i would recommend using the directions provided in the URL. |
|
Tue Mar 07, 2006 6:08 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
A new variant of SpyFalcon has appeared recently. It uses a few different files, that is why current anti-spyware programs as well as most antiviruses cannot detect and eliminate the infection. It took some time to research a new variant and update manual removal instructions. Please check updated SpyFalcon removal instructions.
P.S. This thread will be moved to a more appropriate section. |
|
Tue Mar 07, 2006 1:06 pm
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
SUPERAntiSpyware
 (89/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
CounterSpy
 (85/100)
CounterSpy is a powerful spyware remover based on revolutionary hybrid engine, which incorporates traditional anti-spyware and advanced antivirus engines. Such combination allows CounterSpy...
Malwarebytes Anti Malware
 (75/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Windows Defender
(75/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
Encyclopedia of parasites:
|
