Spy Falcon [CLOSED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Spy Falcon [CLOSED], Removing Spy falcon

Options

hinckleya View Member Profile	May 11 2006, 12:52 PM Post #1
New Member Posts: 1 OS: XP	Hi I followed Bugbatter's procedure and here is my log. Could you please help SmitFraudFix v2.43 Scan done at 13:43:23.83, Thu 05/11/2006 Run from C:\Documents and Settings\andre\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] 换换换换换换换换换换换换 C:\ C:\drsmartload1.exe FOUND ! C:\keyboard.exe FOUND ! C:\keyboard?.exe FOUND ! C:\keyboard?.exe FOUND ! C:\mousepad.exe FOUND ! C:\mousepad?.exe FOUND ! C:\mousepad?.exe FOUND ! 换换换换换换换换换换换换 C:\WINDOWS C:\WINDOWS\kl1.exe FOUND ! C:\WINDOWS\secure32.html FOUND ! C:\WINDOWS\tool2.exe FOUND ! C:\WINDOWS\tool3.exe FOUND ! 换换换换换换换换换换换换 C:\WINDOWS\system 换换换换换换换换换换换换 C:\WINDOWS\Web 换换换换换换换换换换换换 C:\WINDOWS\system32 C:\WINDOWS\system32\appmagr.dll FOUND ! C:\WINDOWS\system32\atmclk.exe FOUND ! C:\WINDOWS\system32\dcom_14.dll FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\simpole.tlb FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! 换换换换换换换换换换换换 C:\WINDOWS\system32\LogFiles 换换换换换换换换换换换换 C:\Documents and Settings\andre\Application Data 换换换换换换换换换换换换 Start Menu 换换换换换换换换换换换换 C:\DOCUME~1\andre\FAVORI~1 C:\DOCUME~1\andre\FAVORI~1\Antivirus Test Online.url FOUND ! 换换换换换换换换换换换换 Desktop 换换换换换换换换换换换换 C:\Program Files C:\Program Files\SpyFalcon\ FOUND ! C:\Program Files\Common Files\VCClient\VCMain.exe FOUND ! C:\Program Files\Common Files\VCClient\VCClient.exe FOUND ! 换换换换换换换换换换换换 Corrupted keys 换换换换换换换换换换换换 Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" 换换换换换换换换换换换换 Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager" [HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32] @="C:\WINDOWS\system32\appmagr.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32] @="C:\WINDOWS\system32\appmagr.dll" 换换换换换换换换换换换换 Scanning wininet.dll infection 换换换换换换换换换换换换 End

Buckeye_Sam View Member Profile	May 11 2006, 01:20 PM Post #2
Malware Expert Posts: 10,019 OS: XP	Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. Please download the trial version of Ewido Anti-malware 3.5 from here: Install Ewido anti-malware. When installing, under Additional Options uncheck Install background guard and Install scan via context menu. When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok. The program will prompt you to update. Click the Ok button. The program will now go to the main screen. You will need to update Ewido to the latest definition files. On the left-hand side of the main screen click the Update Button. Click on Start. The update will start and a progress bar will show the updates being installed. Once finished updating, close Ewido. If you are having problems with the updater, you can use this link to manually update ewido. Ewido manual updates. Make sure to close Ewido before installing the update. ============ Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. ______________________________ Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ______________________________ Clean out your Temporary Internet files. Proceed like this: Quit Internet Explorer and quit any instances of Windows Explorer. Click Start, click Control Panel, and then double-click Internet Options. On the General tab, click Delete Files under Temporary Internet Files. In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK. On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK. Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK. Click OK. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. ______________________________ Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan. Click on Scanner Click on Settings Under How to scan all boxes should be checked Under Unwanted Software all boxes should be checked Under What to scan select Scan every file Click on Ok Click on Complete System Scan to start the scan process. Let the program scan the machine. If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok. Once the scan has completed, there will be a button located on the bottom of the screen named Save Report. Click Save Report button Save the report to your Desktop Close Ewido and Reboot in Normal Mode. ______________________________ Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. ______________________________ Please post: c:\rapport.txt Ewido log A new HijackThis log Your may need several replies to post the requested logs, otherwise they might get cut off.

Buckeye_Sam View Member Profile	May 24 2006, 03:54 PM Post #3
Malware Expert Posts: 10,019 OS: XP	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Spy Falcon [CLOSED]	4 / 465	14th April 2006 - 02:21 PM redyert started - last by greyknight17
Virus, Spyware and Trojan Removal Help remove spy falcon [CLOSED]	8 / 993	17th April 2006 - 09:32 AM Illusion42 started - last by greyknight17
Virus, Spyware and Trojan Removal Spy Falcon [CLOSED]	2 / 265	24th July 2006 - 10:54 PM PhishSucks2625 started - last by Octagonal
Virus, Spyware and Trojan Removal Spy Falcon [CLOSED]	2 / 358	23rd May 2006 - 03:17 PM metrina2 started - last by pomp