[rash_powder]

Hey all,

I found your site while trying to find a way to remove a program called Spy Falcon from my computer. I tried the Windows XP Add/Remove Programs route. The prog just reinstalls itself everytime I reboot. I have run all the programs listed on your remove spysheriff stickie, and some others, to no avail. I have posted this issue to annoyances.org also. Anyway, i have attached all the required log files in a zip. Hope someone can figure this out.

Thanx,

Matt N

Attached Files

•  scan_reports.zip   6.67KB   81 downloads

[Advertisements]

Hi there, I'll start helping you out, but a few questions.

You ran SmitRem, is that a current copy that was just downloaded? If it was downloaded even a few days ago, it may not be updated with the latest definitions. If you didn't just download SmitRem, then please download a new copy. Also, download the trial version of Ewido Security Suite here. Install it and check for updates. After you have updated it, close it and reboot into safe mode. You should copy the instructions to notepad or print them out, since you won't have Internet access in safe mode.

Safe mode instructions:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode

Once in safe mode, run the SmitRem file 1st. When that is done, run ewido. Be sure to save the logs that both make so you can post them in your next reply. Reboot normally after finishing and see how things work. Please copy and paste the logs in your replies instead of attaching them. , it is easier to work with and it makes it easier for other helpers to search.





If that doesn't work, then please do the following so i can get some more info:

Run HijackThis, click on Open the Misc Tools Section, put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, answer Yes and copy/past the content in your reply.

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingc...es/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.


REgardless of what happens, please post a fresh HJT log, the SmitRem log, and the ewido log. If you haven't been cleaned, then include the other two as well. Use more than one post, since some of the logs can be long.

Edited by Nick-YF19, 09 February 2006 - 08:54 AM.

[Nick-YF19]

Hi there, I'll start helping you out, but a few questions.

You ran SmitRem, is that a current copy that was just downloaded? If it was downloaded even a few days ago, it may not be updated with the latest definitions. If you didn't just download SmitRem, then please download a new copy. Also, download the trial version of Ewido Security Suite here. Install it and check for updates. After you have updated it, close it and reboot into safe mode. You should copy the instructions to notepad or print them out, since you won't have Internet access in safe mode.

Safe mode instructions:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode

Once in safe mode, run the SmitRem file 1st. When that is done, run ewido. Be sure to save the logs that both make so you can post them in your next reply. Reboot normally after finishing and see how things work. Please copy and paste the logs in your replies instead of attaching them. , it is easier to work with and it makes it easier for other helpers to search.





If that doesn't work, then please do the following so i can get some more info:

Run HijackThis, click on Open the Misc Tools Section, put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, answer Yes and copy/past the content in your reply.

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingc...es/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.


REgardless of what happens, please post a fresh HJT log, the SmitRem log, and the ewido log. If you haven't been cleaned, then include the other two as well. Use more than one post, since some of the logs can be long.

Edited by Nick-YF19, 09 February 2006 - 08:54 AM.

[Nick-YF19]

Don't know if you are still out there, but there is an automated process you can do now.

Instructions here and here


If I don't hear back from you in a few days, the topic will be archived.