SpyDawn Removal Guide

Table of contents.
Why do you need to get rid of SpyDawn?
What installs SpyDawn without your knowledge and consent?
Are you infected?
Automatic removal of the SpyDawn trojan
Manual removal of the SpyDawn trojan
Alternative SpyDawn manual removal instructions

SpyDawn is a corrupt anti-spyware program illegally installed to user computers by widely spread trojans, through malicious advertisements and via numerous exploits. This application is not only a weak spy ware remover, but also a clone of the infamous rogues.

Results of thorough tests we have conducted reveal that although the program does not produce false positives and really finds some malicious parasites, it cannot completely eliminate most prevalent infections, and therefore is definitely unable to protect user privacy and system security.

The program refuses to remove any parasites it finds and asks to register and purchase the full version. Active Guard, SpyDawn’s real-time monitor, is also disabled.

SpyDawn is a trojan that displays an icon in the system tray. This icon shows a message, which says that the compromised computer is infected with dangerous spyware parasites and asks the user to download and install a removal program, which actually is SpyDawn, the same named corrupt illegally distributed spyware remover. Once the user clicks on that message, the trojan opens a web site distributing SpyDawn. It may also try to download the application. The trojan is able to change the Internet Explorer default home page and redirect the web browser to malicious web sites. SpyDawn automatically runs on every Windows startup.

Your system is infected with SpyDawn if you can see any of the following symptoms:

a) There is a suspicious icon in the system tray. It might be a blue circle with a question mark inside it, a circle with a red cross or an icon similar to one of the Windows Update tool.

b) A suspicious icon in the system tray pops up a message saying that your computer is infected with dangerous parasites. It asks you to download and install a removal program, which actually is SpyDawn. This message usually contains the following text:

System alert!
System has detected a number of active spyware applications that may impact the performance of your computer.
Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution.

c) SpyDawn, a corrupt spyware remover is installed to your system. It runs on every Windows startup. The program’s main window is shown above.

d) Your Internet Explorer home page has changed and you cannot get it back. Now you get a warning page saying that spyware and viruses are detected on your PC and asking you to run a free scan in order to remove malware.

e) The spydawn.exe process is running.

f) Your HijackThis log contains any of the following entries:
O4 – HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\spydawn.exe
O21 – SSODL: eitheror – {2016a466-91a2-43c6-97d8-2fd380f065ef} – C:\WINDOWS\system32\higehsg.dll
O21 – SSODL: didynamia – {8329660f-e248-4872-98cc-fb9c4fec7ba8} – C:\WINDOWS\system32\xkrdk.dll

%System% is your default system directory, which usually is C:\WINDOWS\System for Windows 98 and Windows Me, C:\WINDOWS\System32 for Windows XP, and C:\WINNT\System32 for Windows 2000.

Removing the SpyDawn trojan along with the same named corrupt spyware remover automatically is easy. Just follow these steps:

1. Download PC Tools STOPzilla or Webroot Spy Sweeper. These programs are the most effective and popular spyware removers available.
2. Install the downloaded program to your system. Read STOPzilla and Spy Sweeper tutorials to learn more.
3. Update the installed anti-spyware.
4. Run full system scan.
5. Remove all the threats the application will find.

Please note that eliminating the parasites automatically might be a paid function, which is not available in the limited free version. Purchasing STOPzilla or Spy Sweeper makes these products fully functional also enabling built-in real-time protection.

1. Download the SmitFraudFix tool and unpack its files to a chosen folder.

2. Download Pocket KillBox or KillBox utility.

3. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the SpyDawn entry. Uninstall the corresponding program.

4. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O4 – HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\spydawn.exe
O21 – SSODL: eitheror – {2016a466-91a2-43c6-97d8-2fd380f065ef} – C:\WINDOWS\system32\higehsg.dll
O21 – SSODL: didynamia – {8329660f-e248-4872-98cc-fb9c4fec7ba8} – C:\WINDOWS\system32\xkrdk.dll

%System% is your default system directory, which usually is C:\WINDOWS\System for Windows 98 and Windows Me, C:\WINDOWS\System32 for Windows XP, and C:\WINNT\System32 for Windows 2000.

5. Now restart your system in Safe Mode. This step is very important!
Please note that you must have the administrator’s privileges.

6. Once in Safe Mode, run the SmitFraudFix tool by executing the smitfraudfix.cmd file.
The official SmitFraudFix tutorial can be found here.

7. Use either Pocket KillBox or KillBox to delete the following file (if present):

C:\WINDOWS\System32\geplxss.dll
C:\WINDOWS\System32\higehsg.dll
C:\WINDOWS\System32\tvomnc.dll
C:\WINDOWS\System32\xkrdk.dll

Windows 2000 users should replace WINDOWS with WINNT here.

8. Delete the following directory (if present):
C:\Program Files\SpyDawn

If you cannot download or use the SmitFraudFix tool, please follow alternate manual removal instructions:

1. Download Pocket KillBox or KillBox utility.

2. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the SpyDawn entry. Uninstall the corresponding program.

3. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O4 – HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\spydawn.exe
O21 – SSODL: eitheror – {2016a466-91a2-43c6-97d8-2fd380f065ef} – C:\WINDOWS\system32\higehsg.dll
O21 – SSODL: didynamia – {8329660f-e248-4872-98cc-fb9c4fec7ba8} – C:\WINDOWS\system32\xkrdk.dll

%System% is your default system directory, which usually is C:\WINDOWS\System for Windows 98 and Windows Me, C:\WINDOWS\System32 for Windows XP, and C:\WINNT\System32 for Windows 2000.

4. Now restart your system in Safe Mode. This step is very important!
Please note that you must have the administrator’s privileges.

5. Once in Safe Mode, use either Pocket KillBox or KillBox to delete all the files from the list above present in your system.

Malicious files in C:\WINDOWS\System32 or C:\WINNT\System32:
geplxss.dll
higehsg.dll
tvomnc.dll
xkrdk.dll

Malicious files in C:\Program Files\SpyDawn:
spydawn.exe

6. Delete the following directory (if present):
C:\Program Files\SpyDawn


  • B-rad

    I have the system alert thing that everytime I click it, it goes to the spydawn thing… but highjackthis didn’t find any of that stuff… what should I do?

  • onerustyjeep

    1) Searched regedit for any “spydawn” and deleted everything found
    2) search C: drive for geplxss.dll
    3) rename it xxxgeplxss.dll (you can rename it, but you can not delete it because its running)
    4) hard reboot
    5) search and find xxxgeplsxx.dll and delete it.
    about 10 min – worked great.

    NOTE: could be other DLLs >>> Source: http://www.wiki-security.com [spydawn]

  • rob

    deleted all the file fine but have been left with a dissabled internet explorer and connot reconnect my laptop to the internet at present!!!!

  • richard

    this spydawn downloaded its self and i can’t get it off my computer can you help plz?

  • haiau

    i think that spyhunter is a good software that can help u get rid of this spydawn. i use this and i removed the pop op. u need to down load the sw at http://www.spyhunter.com and email me at haiau063@yahoo.com
    i will e mail the code to activate the sw.
    good luck to everyone.

  • Maria Reha

    i have opend some unknowing internet website i would like to find out who to find the icon to click and to get rid to unwanted spywar by downloading an up-to-date antispywar sloution?

Files
Software
Compare
Like us on Facebook