Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spy Falcon


  • Please log in to reply
9 replies to this topic

#1 matter

matter

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 08 February 2006 - 11:39 PM

This morning I found I had picked up some spyware called "Spy Falcon". There are little error boxes popping up every 30 seconds or so in the lower right corner of the screen (they look like genuine errors from windows, but are not) telling me "possible harmful infection was detected on your computer ...blah blah blah. To remove click here" Even when I try to close the box, I'm redirected to Spy Falcon's web page and given a dummy list of programs that were found, and in order to get rid of them, I need to buy their program. Then, no matter how many times I remove the spyfalcon software from the control panel, it installs itself again. I'm also getting annoying popups that show up in explorer every once in a while. Obviously the program causing the problem is the same one offering the fix. Adaware Se and Webroot have detected nothing, and I'm stumped. Can anyone help me?

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:55 PM

Posted 08 February 2006 - 11:54 PM

What you have is an adware infection.
You definitely do not need to buy the phony program that it's trying to sell you. It is a scam.

You do need the following:

The following freeware aps will detect and remove spyware/malware from your computer and in addition to your resident anti-virus program you should have several (if not all) of these installed (and used frequently - each may detect things that the others may not -always update them before you run them)

Download, install, update and then run the following aps (run from safe mode when possible)

AdAware SE: http://www.lavasoftusa.com/software/adaware/
Make sure you stick with the freeware version even though they will constantly try to get you to upgrade to a paid bundle version.

Spybot S&D: http://www.safer-networking.org/en/index.html
(install the Teatimer feature and have it run at startup - it will give you realtime protection)

Microsoft Antispyware Beta: http://www.microsoft.com/athome/security/s...re/default.mspx
(this program should also run at all times - it gives you real time protection)

SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

You should have several (if not all) of these installed (and used frequently - each may detect things that the others may not -always update them before you run them)




Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

A² - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

Set all of the above to update automatically if applicable.

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these as they require Active X.)

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest

Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

Online trojan scans here -

http://scan.sygatetech.com/pretrojanscan.html

http://windowsecurity.com/trojanscan

Windows Security Trojanscan
http://www.windowsecurity.com/trojanscan/trojanscan.asp

You can also use the following ap, Startup Inspector, to prevent the program from starting when your computer boots. Startup Monitor notifies you if any program is being added to the startup menu and gives you the option of whether or not you want it added:
http://www.windowsstartup.com/download.php

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:55 PM

Posted 09 February 2006 - 08:51 AM

Please submit the file C:\WINDOWS\System32\dxmpp.dll to

http://www.bleepingcomputer.com/submit-malware.php

Next,

Click on start, then run, and type notepad and press run. When the notepad opens, copy and paste all the text found in the below quote box into the notepad.

Download the attached sf.bat to your desktop.

Double-click on the sf.bat file, now on your desktop, and when the notepad opens, post the contents of the notepad as a reply to this topic.

Attached Files

  • Attached File  sf.bat   350bytes   256 downloads


#4 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:04:55 PM

Posted 09 February 2006 - 09:40 AM

quiteman7 just post this link I thought you may want to look at.


http://www.bleepingcomputer.com/forums/ind...=0&#entry234526
"2007 & 2008 Windows Shell/User Award"

#5 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:55 PM

Posted 09 February 2006 - 10:45 AM

Grinler has JUST posted a self-help removal instruction, no doubt as a result of the member's post, here:
http://www.bleepingcomputer.com/forums/ind...topic=43659&hl=

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#6 BillyRockett

BillyRockett

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 14 February 2006 - 01:51 PM

How to remove Spy Falcon (this malware/spyware may also be known as or be similar to SpyAxe, SpywareStrike, SpySheriff, Winhound and Smitfra)


After accidentally downloading a file, I experienced an auto-installing program named Spy Falcon designed to try to sell me their software. I was bombarded with popups, my browser constantly redirected, there were persistent pop-up warnings, and there was a blinking icon on my taskbar security center icon. In order to clean my computer I needed to run some software with my computer in “safe mode”. Here’s how I did it:



First step:
Download the following software onto your computer (before running any of the software make sure your definitions are up-to-date; click on “check for updates” on each of the applications you’ve just installed):

Freeware

Ccleaner: http://www.ccleaner.com/ccdownload.asp
Ad-Adware at : http://www.lavasoftusa.com/software/adaware/
AVG Free Edition at: http://free.grisoft.com/doc/2/lng/us/tpl/v5
Spyware Blaster at: http://www.javacoolsoftware.com/spywareblaster.html
Spybot Search and Destroy at: http://www.safer-networking.org/en/download/index.html
Windows Defender Beta 2 at: http://www.microsoft.com/athome/security/s...re/default.mspx

Trial

Ewido (free trial) at: http://www.ewido.net/en/download/


Second Step:
Startup computer in “Safe mode” and then use the following applications on them (be sure to install updates on the previously mentioned software prior to starting the computer up in safe mode).

How to start up your computer in “Safe mode”:

click on start > run
in the empty field type in: msconfig
under the BOOT.INI field check the box marked /SAFEBOOT
when asked to restart your computer click OK

to set your computer back to normal mode, follow the previous steps, only this time un-click the box marked /SAFEBOOT

Note: when in safe mode your computer will look different; you will have not access to the internet and you may not be able to run all programs.


Third Step:
Now run all of the software you have just installed (make sure you run the “search for issues” feature in Ccleaner – this is located on one of the tabs). This software should isolate and delete the infected files. Now all you have to do is reboot in normal mode and you’re healed (knock on wood).


Best luck,
Billy Rockett


If this doesn’t work, an extremely extensive fix is described at http://www.geekstogo.com/forum/You-Must-Re...-Log-t2852.html

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:55 PM

Posted 14 February 2006 - 01:58 PM

Thanks...but I think the method posted by JGWeed is a tad easier:

http://www.bleepingcomputer.com/forums/t/43659/how-to-remove-spyfalcon-removal-instructions/

#8 Harza

Harza

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 23 February 2006 - 07:49 AM

Hello and greetings from Finland.
I have problem with SpyFalcon and tried to do as told in
http://www.bleepingcomputer.com/forums/t/43659/how-to-remove-spyfalcon-removal-instructions/
I manage to do all except delete C :\Windows\System32\dxmpp.dll
I get:
Error deleting File or Folder:
Cannot delete dxmpp: Access is denied.
Make sure the disk is not full or write-protected and that file is not currently in use.
What to do?
Harza

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:55 PM

Posted 23 February 2006 - 08:25 AM

Did you import the reg file in normal mode and then try to delete the dxmpp.dll after you rebooted? If so, try renaming the file and then rebooting. Then try to delete that renamed file.

#10 Harza

Harza

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 23 February 2006 - 09:06 AM

Did you import the reg file in normal mode and then try to delete the dxmpp.dll after you rebooted? If so, try renaming the file and then rebooting. Then try to delete that renamed file.


I just scanned by Ewido and it did find dxmpp and after rebooting it was deleted from system32-folder.
There are no signs of SpyFalcon now.
Thank´s of your tip. Remember next time to try to rename.
:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users