SpyFalcon manual removal:
Kill processes:
atmclk.exe, dcomcfg.exe, dfrgsrv.exe, mscornet.exe, mssearchnet.exe, nvctrl.exe, spyfalcon.exe
Delete registry values:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyFalcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{244B730E-D899-4E38-9428-03D1143242E0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpyFalcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
Unregister DLLs:appmagr.dll, bolnyz.dll, dxmpp.dll, fyhhxw.dll, ginuerep.dll, higjxe.dll, htey.dll, iqzv.dll, oerucu.dll, oqipt.dll, reglogs.dll, sbnudh.dll, twain32.dll, ulztc.dll
Delete files:atmclk.exe, dcomcfg.exe, dfrgsrv.exe, mscornet.exe, mssearchnet.exe, nvctrl.exe, spyfalcon.exe, appmagr.dll, bolnyz.dll, dxmpp.dll, fyhhxw.dll, ginuerep.dll, higjxe.dll, htey.dll, iqzv.dll, oerucu.dll, oqipt.dll, reglogs.dll, sbnudh.dll, twain32.dll, ulztc.dll, sf.ini, hp[X].tmp, ld[X].tmp
Delete directories:C:\Program Files\SpyFalcon
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpyFalcon
Misc:[X] is a combination of four random characters.
Exact file location:
spyfalcon.exe, sf.ini - C:\Program Files\SpyFalcon
atmclk.exe, dcomcfg.exe, dfrgsrv.exe, mscornet.exe, mssearchnet.exe, nvctrl.exe, hp[X].tmp, ld[X].tmp, appmagr.dll, bolnyz.dll, dxmpp.dll, fyhhxw.dll, ginuerep.dll, higjxe.dll, htey.dll, iqzv.dll, oerucu.dll, oqipt.dll, reglogs.dll, sbnudh.dll, twain32.dll, ulztc.dll - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
Domain Name: SPYFALCON.COM (195.225.176.79)
Registrant:
SunShine Ltd
David Taylor
U-12 Gamma Commercial Complex # 47
Rizal Highway cor. Manila Ave Subic Bay
Olongapo City
null, 98101, PH
Tel. +206.9543154
Other domains at the same IP address:
Spyfalconupdate.com
Updateyourwindows.com
AVOID THESE DOMAINS AND THESE IPs! Better block it in your hosts File.
Comments from visitors:
1. by Guest. 2006-07-05 14:07:04
Couldn't delete it or anything so I restarted in safe mode, found the file and deleted it, now it's all gone.
Thanks a lot guys :D
Anyway, this is what worked for me:
I used regedit to get rid of the registry entries, manually deleted the installation folder(c:program filesspyfalcon), then copied/pasted the list of files to delete from above into windows search and found only one: sbnudh.dll. Tried to unregister it, but couldn't--the message said that this dll couldn't be registered in the first place. Restarted in safe mode and deleted it, system tray icon gone!
Hope this helps SOMEONE. Man, what a pain...
Registration Service Provided By: ESTDOMAINS
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: SPYFALCON.COM
Registrant:
SpyFalcon ltd.
David Taylor (david.alant@gmail.com)
Unit 110 Alpha Bldg. Subic International Hotel Rizal cor.
Sta. Rita Road, Subic Bay Freeport
Olongapo City
null,2200
PH
Tel. +206.9543154
Creation Date: 16-Jan-2006
Expiration Date: 16-Jan-2007
Domain servers in listed order:
ns1.antispydns.biz
ns2.antispydns.biz
ns3.antispydns.biz
But there's an question that I wanna know. That is I just found "appmgr.dll" in Windows XP
platform (in windowssystem32) instead of "appmagr.dll". Is it mis-typing ???
so you can't find it I look for all the dll's that were listed and no luck I did find a new dll called
FYHHXW.DLL I reloged in safe mode as Administrator (I don't get the flashing green icon in admin mode) went to c:/windows/system32 and del the fyhhxw.dll and reloged that worked
for me. hope that helps
SOLTUION: Rename sbnudh.dll, kill the explorer.exe process or restart the computer, then delete the renamed file.
Then out of curiousity I changed the name to appmagr_begone.dll, it let me! I then restarted windows and the alert is now gone! Then I deleted appmagr_begone.dll out of system32 and it let me!!
Hopefully this will work for others too!
Norton did not find anything when I ran a scan. System Mechanic identified spyware but could not eliminate it.
I found this site in desperation. I tried the System Restre solution (which seems an obvious route to take) and it appears to have worked. My system is back to normal with no sign of any annoying pop-up warnings or flashing icons. The three short-cuts that appeared on my desktop have gone too.
Marvellous!
I only could delete it in safe mode under c: prompt and deleting it manually from C:windowssystem32.
spyware doctor removed all the files but I am still
pestered by the icon in the task bar
anybody got ideas to remove
thanks