Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

For Sovath- Spyfalcon Removal Problem


  • Please log in to reply
5 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 AM

Posted 11 May 2006 - 01:36 PM

I need to get an export of the files being started via the SharedTaskScheduler registry key.

Please download the following file and save it to your desktop:

getsts.exe

Once it has downloaded, please double-click on the file, which should now be on your desktop. When the program is finished, it will create a text file on your desktop called getsts.txt and open it in notepad.

Please post the contents of this notepad as a reply to this topic.

BC AdBot (Login to Remove)

 


m

#2 sovath

sovath

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 11 May 2006 - 01:42 PM

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

(HKLM) {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader => %SystemRoot%\System32\browseui.dll

(HKLM) {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon => %SystemRoot%\System32\browseui.dll

(HKCU) {64ba30a2-811a-4597-b0af-d551128be340} - AppManager => C:\WINDOWS\system32\appmagr.dll

#3 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 AM

Posted 11 May 2006 - 01:43 PM

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


C:\WINDOWS\system32\appmagr.dll


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example grinler.cab).

Then go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

#4 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 AM

Posted 11 May 2006 - 01:46 PM

Ok new variant of SpyFalcon..updating the guide.

#5 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:22 AM

Posted 11 May 2006 - 01:49 PM

Guide updated to reflect this new file:
http://www.bleepingcomputer.com/forums/t/43659/how-to-remove-spyfalcon-removal-instructions/

#6 sovath

sovath

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 11 May 2006 - 03:06 PM

Big thanks to Grinler. Finally that annoying Spyfalcon pop up alert on the task bar was gone out of my computer! I got the problem solved just in 10 minutes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users