Re: Remove SpyFalcon

On Wed, 08 Mar 2006 14:47:35 -0800, "Postman delivers"
<JR_the_Postman@xxxxxxxxxxx> wrote:

David H. Lipman expressed precisely :
From: "Postman delivers" <JR_the_Postman@xxxxxxxxxxx>

Is there a simple solution to removing this spyware, or malware?




Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate utility.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being
exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun
Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0
Update 6 be installed ASAP.

http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your FireWall to enable WGET.EXE to download the needed McAfee
related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it
will be displayed in your browser (Opera, FireFox or Internet Explorer).
However, if you are using WinXP, Win2K or Win2003 your system will be left in
a state where you will have to manually shutdown/reboot the PC. On Win9x/ME
platforms the report will not be shown in your bowser but your PC will
automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy
of the HTML report for each session.


ALTERNATE:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your
reply.

* * * Please report back your results * * *

NO, I have also tried all of your suggestion, and the suggestions on
ad-aware and spybot searcgh and destroy forums...

It now places a false message infront of Microsoft anti-spyware
notices, and when I run ad-aware & spybot search and destroy in safe
mode the number of problems is growing, I now have 64, when it was
only 8 early in the infection.

This company or indicvidual needs to be hunted down, and skined
alive...

I have sent notes to ad-aware, and spybot search & destroy... next is
the newsgroup for bit defender/anti-spyware...

Must have gotten a new varient from this person...

JR the postman

My father-in-law's PC picked this up. I followed the advice given in
the same pages (and elsewhere) above three times but the system tray
nag would not go and the whole damn thing just kept coming back.
Eventually I found a file in the system32 folder from around the date
of the infection called genuirep.dll which showed no company
attributes of any kind. Renamed it and the system tray nag stopped. I
then searched the registry for the same file name and found an entry
for it and deleted it but sorry, I can't remember where it was!

Next I followed the instructions at
http://www.spywaredb.com/remove-spyfalcon/ and finally seemed to have
got rid of it. I also found a load of infected java files, which is
probably where this thing got in, after various online virus scans.
Uninstalling all Java versions, deleting the infected files and
installing the latest version seems to have got shot of them but there
were a number of other trojans found on the system. Panda and
Kaspersky online scans picked these up but they needed manual removal
afterwards. Their dates suggest they all got onto the system around
the same time.

The system did have Zone Alarm but it had been uninstalled at some
point.

John
.

Relevant Pages

  • Re: Antivirus Software - Reviews
    ... Nemo's suggestion of Nod32 is likely a good one. ... close off or plug all the infection vectors I possibly can. ... There's no valid reason for having Java and any ... Javascript enabled so all the nice "BACK" buttons and my webmail work, ...
    (alt.computer.security)
  • Re: "Your computer has been infected with malware" windows update
    ... I removed the other version of Java Runtime per your suggestion. ... >> If you are using any version of Sun Java that is prior to JRE Version ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Uncoordinated Hind End in Older Horse- Stroke?
    ... Thank you for your suggestion. ... so I would think if it was an infection it would ... her system from the frog. ... weight during that period and is now getting back to her normal ...
    (rec.equestrian)
  • Re: Dumpexe.
    ... In my view that suggestion is a red ... Enquire, plan and execute ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Cheap/Free Patch Librarian Wanted
    ... guessed) so if you've got any suggestion on requirements etc it would ... The Multi patches are an interesting one. ... and fun to do. ... work with has written one for a Yamaha EX5 in Java. ...
    (rec.music.makers.synth)