NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Falsu. Description and removal instructions

 
Title: Falsu
Type: Worms
Severity scale:Falsu severity is 44  (44 / 100)
 
Falsu is a worm that spreads through the Kazaa file sharing network and IRC chat channels using the mIRC client. Once executed, the parasite silently installs itself to the system, modifies Kazaa settings, creates infected files with meaningful names in the Kazaa shared folder and attempts to send itself to IRC users. However, the latter function doesn't work due bugs in Falsu code. The worm is designed only to spread and therefore does not carry any destructive payload. Falsu automatically runs on every Windows startup.

FORUM:
Discuss Falsu in
spyware removal forum

Falsu properties:
• Hides from the user
• Stays resident in background

Automatic Falsu removal:

remover for Falsu

Falsu manual removal:

Kill processes:
commando.exe, my_sister_nude.exe, winexec.exe, winsys.exe, winupdate.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winexec
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DisableSharing=0
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir0=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir1=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir2=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir3=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir4=012345:%Windir%\Shared
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir5=012345:C:\
HKEY_CURRENT_USER\Software\KAZAA\ResultsFilter\firewall_filter=0
HKEY_CURRENT_USER\Software\KAZAA\ResultsFilter\virus_filter=0
HELP:
how to remove registry entries

Delete files:
commando.exe, my_sister_nude.exe, winexec.exe, winsys.exe, winupdate.exe, command.pif, command.scr, srvwin.scr
HELP:
how to remove harmful files

Delete directories:
C:\Windows\Shared
C:\Winnt\Shared
Misc:
Exact file location:
commando.exe, command.scr - C:
winexec.exe, command.pif, srvwin.scr - C:\Windows or C:\Winnt
winupdate.exe, winsys.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
my_sister_nude.exe - C:\Program Files\mIRC\Download

Other programs to remove Falsu:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 07/12/05
Information updated: 07/12/05

Additional resources related to Falsu:

Attention: If you know or you have a website or page about Falsu removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Falsu parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.