SPYFALCON - BEWARE

[Cipherfaction]

just reminding everyone to beware of spyfalcon, simaliar to spyaxe type programs use this site to have a step by step instrctions on removing spyfalcon Removing Spy Falcon Please note the files you must delete in order for this to work either C :\Windows\System32\dxmpp.dll
C:\Windows\System32\ginuerep.dll , when i was trying to get rid of it i didn't have dxmpp.dll so i couldn't get spyfalcon off my comp till the figured out u need to get rid of gunuerep.dll . good luck on all trying to fix it!! and just be careful!!!

 

[pkme2]

No problem if you have the proper spyware removal tools. I use Spysweeper and have had no spyware problems in the past 3 yrs. You have to run scans at least once a week and have auto updates scheduled twice a week. With that, one can concentrate on other matters.

 

[mechBgon]

Also, for anyone stumbling onto this who hasn't already figured it out, make sure your computer is patched and has Automatic Updates enabled in the Control Panel, and make sure you have an up-to-date antivirus program with all options enabled, frequent updates (such as daily), and re-scan routinely. Because SpyFalcon and its clones are often installed by using Windows exploits that can be patched, or using Trojan Horse programs that can be detected before they make any headway.

Limited-class user accounts are good too, if they work for you.

 

[John]

Originally posted by: pkme2
No problem if you have the proper spyware removal tools. I use Spysweeper and have had no spyware problems in the past 3 yrs. You have to run scans at least once a week and have auto updates scheduled twice a week. With that, one can concentrate on other matters.

Spy Sweeper is an excellent tool, but it is not 100% effective. In fact it is unable to remove most of the smitfrauds, including Spy Falcon and the other variants.

 

[Broadkipa]

Webroot Spysweeper and Kaspersky labs anti virus were both unable to get rid of Spy Falcon on my sons computer. I have e-mailed both companys and I expect so have many others about this. I think the problem is that Spy Falcon has been changed in some way and most of the methods on the net for getting rid of it dont work. I have to thank mechBgon for pointing me in the right direction with this one and getting rid of it after allmost a day spent trying.

 

[Nextman916]

Yah you guys kno wats really crazy, i just got spyfalcon.....I swear to god it happend this instance(maybe a couple of minutes before). Ive been trying to get it off all night and couldnt find anyway. And luckily i just entered the forums and found this thred lying there for me, thanks a bunch Cipherfaction!!!!

 

[pkme2]

I use Spysweeper and Norton Antivirus to protect my systems, have auto updates and regular scans scheduled.
How does one get Spy Falcon?
Do you have to download something to get it?
How does that work?
What kind of variant will my AV & SW miss?

 

[Broadkipa]

in reply to pkme2 my son got it by first downloading a codec that he said he needed to run a movie he had. second I hadn't got round to installing spysweeper as I had just rebuilt his computer because of a bad motherboard but I did have Kaspersky anti virus installed and it got by that. I installed spysweeper after the infection so I expect thats why it couldn't get rid of it. The damage was already done.

 

[Cipherfaction]

spysweeper = no good against spyfalcon sry

 

[Cipherfaction]

spy falcon is aquirred simply by browsing sites, and downloading stuff , you may think a lot of the antispyware programs cna get rid of it, and during the search they DO find thses files and they DO delete, this spyfalcon just reinstall next time you boot up.

 

[mechBgon]

Originally posted by: Broadkipa
in reply to pkme2 my son got it by first downloading a codec that he said he needed to run a movie he had. second I hadn't got round to installing spysweeper as I had just rebuilt his computer because of a bad motherboard but I did have Kaspersky anti virus installed and it got by that. I installed spysweeper after the infection so I expect thats why it couldn't get rid of it. The damage was already done.

Sounds like what Sunbelt blogged about here: VideoC CODEC Monstrosity (the host site seems to be down at the moment, try later).

 

[whitedog2]

I just removed spyfalcon by using system restore. Try it.

 

[DidlySquat]

Originally posted by: pkme2
No problem if you have the proper spyware removal tools. I use Spysweeper and have had no spyware problems in the past 3 yrs. You have to run scans at least once a week and have auto updates scheduled twice a week. With that, one can concentrate on other matters.

wow this guy is so clueless ! no anti-psyware software is yet capable of removing spyFalcon. And it's one of the worse infections you can get as it keeps popping windows and dialog boxes on your screen, not to mention annoying messages and flashing task bar icons. The only way to remove it is to follow the instructions which involve doing stuff in safe mode etc. System restore might also be able to get rid of it. But it's a nasty thing which takes advantage of windows flawed design, and like I said no anti-spyware can do nothing against it.

 

[mechBgon]

From what I know about SpyFalcon, SpyAxe, and their clones, there's a lot more than just Windows that's faulty :evil: Users who are greedy or gullible bring it down upon themselves by installing junk off the Internet, or by believing these fraudulent fake-security-warning sites that are pimping this stuff. No operating system is safe from people mis-wielding Admin/Root powers.

 

[John]

They also can be installed thru trojans, people using P2P apps, surfing warez sites, pr0n, video sites saying that you need a special codec to view the clip, etc.....

The PEBKAC; end of story.

 

[pkme2]

Originally posted by: DidlySquat

Originally posted by: pkme2
No problem if you have the proper spyware removal tools. I use Spysweeper and have had no spyware problems in the past 3 yrs. You have to run scans at least once a week and have auto updates scheduled twice a week. With that, one can concentrate on other matters.

wow this guy is so clueless ! no anti-psyware software is yet capable of removing spyFalcon. And it's one of the worse infections you can get as it keeps popping windows and dialog boxes on your screen, not to mention annoying messages and flashing task bar icons. The only way to remove it is to follow the instructions which involve doing stuff in safe mode etc. System restore might also be able to get rid of it. But it's a nasty thing which takes advantage of windows flawed design, and like I said no anti-spyware can do nothing against it.

Well, since I 've haven't gotten spyFalcon and neither have any of my students, I find this thread to be interesting. We use Spysweeper and NAV and so far this spyFalcon hasn't arrived in our part of the world. I've also downloaded the program to check if spyFalcon has even attempted to penetrate our systems, but it hasn't. So, thanks for the warning; we'll keep a lookout for it.

 

[SJP0tato]

I ran into Spy Falcon on my sister in-law's computer last night for the first time. It's a persistant little ah heck. What I did to remove it was start in safe mode, disable system restore, remove suspcious looking startup keys from the windows registry:
Hkey_local_machine/software/microsoft/windows/currentversion/run
Anything that looks suspicious (Something like hqRW3.exe is probably suspect) remove. From here go to add/remove programs and uninstall anything with "toolbar" or "helps surf" or spyfalcon itself if you see it there.

From here I rebooted normally, went to microsoft.com and did a search for spyware. Downloaded the free microsoft spyware removal beta program, updated & let it run. Had to restart the comp twice, but it tested out okay after doing this. This might be close to what the link above mentions, but thought I'd give my experience with it as well.

Good luck!