1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

How do I remove Spyfalcon?

Discussion in 'Malware and Virus Removal Archive' started by hunPaladin, 2006/04/30.

  1. 2006/04/30
    hunPaladin

    hunPaladin Inactive Thread Starter

    Joined:
    2006/04/30
    Messages:
    11
    Likes Received:
    0
    hi i have this atmclk.exe too and i sucesfully deleted it and other spyware whith it the onlything thats remains is the litle icon thats pops up and direct me to spyfalcon hme page.I could not remove it with spyware Doctor or with spybot S&D nether with registry mechamics pls help!!
     
    hunPaladin,
    #1
  2. 2006/04/30
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/04/30
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    A slight problem arose in splitting your post to a new thread - resolved
     
    PeteC,
    #3
  5. 2006/04/30
    hunPaladin

    hunPaladin Inactive Thread Starter

    Joined:
    2006/04/30
    Messages:
    11
    Likes Received:
    0
    I did it. BUT that ddamn ICON IS STIL THERE!!!

    WHO PROGRAMED THIS ******* SPYFALCON?? I GONNA KILL HIM/HER!!!

    I was up all night to remove it and i couldnt **** this spyware

    Now i read that post i did it right evrything but its still there!!

    could it be becouse i downloaded SmitRem and not SmitRemFix ????
     
    hunPaladin,
    #4
  6. 2006/04/30
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    FYI SpyFalcon, a nightmare rebranded
    I am sure you downloaded the correct file - there is only one on Dave's site. Although Dave is a staff member on this Board he is presently away dealing with other matters. I am surprised that it failed to cleanup - maybe it has got just that bit clever.

    You could try an online trojan scan here and if that fails then download and run the trial version of Ewido. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ".

    Boot into Safe Mode and run Ewido, save the report and post it here.

    Downoad HijackThis through Quicklinks in my signature, save it to a folder on your hard drive, say C:\HJT, not to the desktop or a temporary location. Reboot into Safe Mode, scan with HJT and post the log here.
     
    PeteC,
    #5
  7. 2006/05/01
    hunPaladin

    hunPaladin Inactive Thread Starter

    Joined:
    2006/04/30
    Messages:
    11
    Likes Received:
    0
    i did it with ewido and this is the report:

    ---------------------------------------------------------
    ewido anti-malware - Találati jelentés
    ---------------------------------------------------------

    + Készült: 8:35:45, 2006.05.01.
    + Jelentés-Ellenőrzőösszeg: D5359B9

    + Keresés eredménye:

    [912] C:\WINDOWS\System32\twain32.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Tisztítás mentéssel
    :mozilla.10:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.11:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.12:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.13:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.45:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Yieldmanager : Tisztítás mentéssel
    :mozilla.46:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Yieldmanager : Tisztítás mentéssel
    :mozilla.47:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Yieldmanager : Tisztítás mentéssel
    :mozilla.48:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Yieldmanager : Tisztítás mentéssel
    :mozilla.49:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Yieldmanager : Tisztítás mentéssel
    :mozilla.90:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Revenue : Tisztítás mentéssel
    :mozilla.92:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.2o7 : Tisztítás mentéssel
    :mozilla.93:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.2o7 : Tisztítás mentéssel
    :mozilla.94:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Euroclick : Tisztítás mentéssel
    :mozilla.95:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Euroclick : Tisztítás mentéssel
    :mozilla.120:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Com : Tisztítás mentéssel
    :mozilla.172:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Serving-sys : Tisztítás mentéssel
    :mozilla.173:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Serving-sys : Tisztítás mentéssel
    :mozilla.174:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Serving-sys : Tisztítás mentéssel
    :mozilla.175:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Serving-sys : Tisztítás mentéssel
    :mozilla.186:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Spylog : Tisztítás mentéssel
    :mozilla.187:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Statcounter : Tisztítás mentéssel
    :mozilla.188:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Statcounter : Tisztítás mentéssel
    :mozilla.189:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Statcounter : Tisztítás mentéssel
    :mozilla.190:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Statcounter : Tisztítás mentéssel
    :mozilla.194:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Tacoda : Tisztítás mentéssel
    :mozilla.195:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Tacoda : Tisztítás mentéssel
    :mozilla.198:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Tradedoubler : Tisztítás mentéssel
    :mozilla.199:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Tradedoubler : Tisztítás mentéssel
    :mozilla.212:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Zedo : Tisztítás mentéssel
    :mozilla.213:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Zedo : Tisztítás mentéssel
    :mozilla.214:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Zedo : Tisztítás mentéssel
    :mozilla.221:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.222:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.223:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.224:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.225:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Falkag : Tisztítás mentéssel
    :mozilla.259:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Adrevolver : Tisztítás mentéssel
    :mozilla.260:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Adrevolver : Tisztítás mentéssel
    :mozilla.271:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Onestat : Tisztítás mentéssel
    :mozilla.272:C:\Documents and Settings\The Holy Paladin\Application Data\Mozilla\Firefox\Profiles\l1setequ.default\cookies.txt -> TrackingCookie.Onestat : Tisztítás mentéssel
    C:\Program Files\Таsks\rυndll32.exe -> Adware.PurityScan : Tisztítás mentéssel
    C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Tisztítás mentéssel
    C:\WINDOWS\system32\twain32.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Tisztítás mentéssel
    C:\WINDOWS\system32\winbau32.dll -> Trojan.Agent.qt : Tisztítás mentéssel
    E:\hasznos cocok\Hekkerkedések\Jelszó megjeleníto\Megmondja_a_jelszot_a_csillagokbol.exe -> Not-A-Virus.PSWTool.Win32.SnadBoy.11 : Tisztítás mentéssel
    E:\hasznos cocok\Hekkerkedések\Jelszó megjeleníto\Megmondja_a_jelszot_a_csillagokbol.rar/Megmondja_a_jelszot_a_csillagokbol.exe -> Not-A-Virus.PSWTool.Win32.SnadBoy.11 : Tisztítás mentéssel
    E:\My Downloads\FIFA 2006 CRACK NOCD+SERIAL+KEYGEN.rar/FIFA 2006 CRACK NOCD+SERIAL+KEYGEN\La 1Šre astuce pour tricher avec eurobarre\Eurofake.exe -> Worm.Kelvir.bp : Tisztítás mentéssel


    ::Jelentés Vége
     
    hunPaladin,
    #6
  8. 2006/05/01
    hunPaladin

    hunPaladin Inactive Thread Starter

    Joined:
    2006/04/30
    Messages:
    11
    Likes Received:
    0
    and here is the hajack:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:36:46, on 2006.05.01.
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\HJT\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
     
    hunPaladin,
    #7
  9. 2006/05/01
    hunPaladin

    hunPaladin Inactive Thread Starter

    Joined:
    2006/04/30
    Messages:
    11
    Likes Received:
    0
    an off-topic question:

    How do you undertsand the log files??
     
    hunPaladin,
    #8
  10. 2006/05/01
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Ewido has removed a number of tracking cookies, a trojan and a worm.

    BTW the crack you downloaded for FIFA 2006 was infected with a worm ....

    E:\My Downloads\FIFA 2006 CRACK NOCD+SERIAL+KEYGEN.rar/FIFA 2006 CRACK NOCD+SERIAL+KEYGEN\La 1Å re astuce pour tricher avec eurobarre\Eurofake.exe -> Worm.Kelvir.bp

    Your HJT log looks clean to me - do you still have the problem with the icon popping up?
    Here is an explanation of what the various lines in an HJT log mean. We look for entries which refer to files, etc which are not recognised or are not legitimate. This often involves a lot of Googling to determine the source of the file and whether or not it is malicious. Obviously more to it than that, but in time you recognize entries which should not be there.
     
    PeteC,
    #9
  11. 2006/05/01
    hunPaladin

    hunPaladin Inactive Thread Starter

    Joined:
    2006/04/30
    Messages:
    11
    Likes Received:
    0
    Sing halleuja its Gone!!!

    THX for the big help
     
    hunPaladin,
    #10
  12. 2006/05/01
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Well, that's a relief :) You're welcome!
     
    PeteC,
    #11
  13. 2006/05/06
    USER395

    USER395 Inactive

    Joined:
    2006/05/06
    Messages:
    4
    Likes Received:
    0
    Same problem!

    Hi,

    I have the same problem as hunPaladin. I seem to have gotten rid of the program itself (it no longer appears in the Add/Remove Software list) yet the icon carries on BLINKING all the time. I have downloaded Ewido Anti-Malware and HijackThis, but before I do anything (I don't have much experience in spyware removal etc.), I would greatly appreciate it if someone could offer me some help.

    Thanks.
     
    USER395,
    #12
  14. 2006/05/06
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    USER395 - Welcome to the Board :)

    Follow my instructions in post #5
     
    PeteC,
    #13
  15. 2006/05/06
    USER395

    USER395 Inactive

    Joined:
    2006/05/06
    Messages:
    4
    Likes Received:
    0
    Are you sure it's this easy?! I have been to millions of sites all saying the same thing, of which none work! I already have Ewido installed, so does this mean I need to re-install it?

    I have read your posts by the way, but I decided to post incase you needed any logs or anything. Do you?

    Thanks for this, greatly appreciated.
     
    USER395,
    #14
  16. 2006/05/06
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    USER395

    Please follow the instructions posted in this thread step by step and post the appropriate logs when requested - and wait for my response before you proceed to the next step.

    http://www.windowsbbs.com/showthread.php?t=54042

    If the instructions are too simplified for you please bear in mind that they were written for an absolute beginner :)
     
    PeteC,
    #15
  17. 2006/05/06
    USER395

    USER395 Inactive

    Joined:
    2006/05/06
    Messages:
    4
    Likes Received:
    0
    Thanks for the reply!

    Could you please tell me where I could download SmitFraudFix from a safe source? (I don't want another one of these blinking things! haha)

    Thanks
     
    USER395,
    #16
  18. 2006/05/06
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    PeteC,
    #17
  19. 2006/05/06
    USER395

    USER395 Inactive

    Joined:
    2006/05/06
    Messages:
    4
    Likes Received:
    0
    Well you'll never guess what just happened. I just rebooted my computer without taking any action, and it just seems to have disappeared! I didn't do anything at all, I just decided to reboot my computer and it had randomly vanished. Just to make sure it wasn't decieving me, I logged off, logged back on, still no presence, then rebooted again and it still wasn't there! It's a miracle!

    Thanks for the help anyway, I'll be sure to use it if it ever happens again! :D
     
    USER395,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...