So, last night my home computer got anally raped by something called "SpyFalcon." If you don't know what it is, it's actually supposed to be a legitimate Spyware program like AdAware, Spybot, etc. The problem is that it attaches itself deep within your hard drive with hard to find file name and folders. It wants you to BUY the SpyFalcon software and tries to trick you into it by inundating your screen with a bazillion pop-ups saying that you have virus's and if you buy SpyFalcon those virus's will be fixed. It attaches itself to your browser as well...it is one of the most ruthless pieces of Spyware that I have ever seen.

I have gone through every internet chat forum there is and found out how to get rid of it but it's not working for me for some reason. The problem I'm having is that I am unable to find the stated files that I need to delete. I followed the instructions to a T, but it appears that Spyfalcon may have changed their file names that make up the virus.

This is a nasty one...BEWARE!!! I'm just wondering if any of you have come across this one yet. I believe it's rather new...a few weeks old.

I want to add that at this point I am considering formatting and starting over. It's that bad.


I'd love to round the fuckers who do this shit up and hit them each upside the head with a fucking Louisville Slugger.

Originally posted by Roy Munson
I want to add that at this point I am considering formatting and starting over. It's that bad.


I'd love to round the fuckers who do this shit up and hit them each upside the head with a fucking Louisville Slugger.

I think these are the bastards that Microsoft is going after for their fraudulent advertising.

Worst thing about spyware is that it often plants files in about 50 different places on your hard drive, and unless you find and destroy the source files first, they re-generate themselves again.

Best place to start is to go to Control Panel -> Administrative Tools -> Services and disable any "service" that doesn't have a description of what it does (unless you know for a fact that the service is part of a legitimate program. All of Microsoft's services have descritptions as do many major software vendors)

If you aren't sure about a service, google it. Someone's asked the question before and the answer will be there.

You of course should also google the name of this program if you haven't already, and siomewhere out in cyberspace should be a list of the corrupt files you would need to delete in order to kill this thing.

If the time you have to spend killing this thing is worth more than the data you would lose by a reformat, I'd go ahead and wipe the thing, because that is the only way you will be 100% sure that it's gone. You could always back up saome data, but not your Windows or system directories, as they're almost certainly filled with the corrupt files.

I've been to told that some of these bugs take advantage of the "System Restore" function. My brother had a difficult time when he couldn't even ACCESS his system restore due to spyware...

He reformatted, but some spyware actually use system restore to regenerate after file deletion, so you may need to turn it off...

Originally posted by Satan
I think these are the bastards that Microsoft is going after for their fraudulent advertising.

Worst thing about spyware is that it often plants files in about 50 different places on your hard drive, and unless you find and destroy the source files first, they re-generate themselves again.

Best place to start is to go to Control Panel -> Administrative Tools -> Services and disable any "service" that doesn't have a description of what it does (unless you know for a fact that the service is part of a legitimate program. All of Microsoft's services have descritptions as do many major software vendors)

If you aren't sure about a service, google it. Someone's asked the question before and the answer will be there.

You of course should also google the name of this program if you haven't already, and siomewhere out in cyberspace should be a list of the corrupt files you would need to delete in order to kill this thing.

If the time you have to spend killing this thing is worth more than the data you would lose by a reformat, I'd go ahead and wipe the thing, because that is the only way you will be 100% sure that it's gone. You could always back up saome data, but not your Windows or system directories, as they're almost certainly filled with the corrupt files.

I already Google'd and Goggle'd but I will look again.

Thanks, Satan! You are the best!


:)

Originally posted by Nickdfresh
I've been to told that some of these bugs take advantage of the "System Restore" function. My brother had a difficult time when he couldn't even ACCESS his system restore due to spyware...

He reformatted, but some spyware actually use system restore to regenerate after file deletion, so you may need to turn it off...


You mean turn off the system restore?

YUP!!

Get this if you don't have it.

http://www.rotharmy.com/forums/showthread.php?s=&postid=882432#post882432

It may help, or not...

Originally posted by Nickdfresh
YUP!!

Get this if you don't have it.

http://www.rotharmy.com/forums/showthread.php?s=&postid=882432#post882432

It may help, or not...


Ok. Gotcha.

So, when I am reloading my Windows I will need to shut off the system restore during the boot process? Sorry, I'm a greenhorn with this shit.

Originally posted by Roy Munson
Ok. Gotcha.

So, when I am reloading my Windows I will need to shut off the system restore during the boot process? Sorry, I'm a greenhorn with this shit.

Well, you can try to get rid of the malware files AFTER:

A.) turning system restore off

B.) and going into "SAFE MODE" (to cutoff any communication between the spyware and the web).:D

That's how it regenerates itself or prevents you from deleting...

You can shut the System Restore function down from within Windows by going to Control Panel ->System->System Restore.

This is assuming the spyware doesn't prevent you from executing this function.

And like Nick says, booting into Safe Mode is probably the best thing to do when deleting files.

Then hire a lawyer and sue the developers...


Info on removing Spy Falcon:

http://www.bleepingcomputer.com/forums/topic43659.html


A word to the wise:

Get the following programs for Spyware:


AdAware:

http://www.lavasoft.nu/software/adaware/


Spybot Search & Destroy:

http://www.safer-networking.org/en/download/index.html


The above two programs are widely recognized as the very best in adware/spyware detection and removal.

There are other programs that are like SpyFalcon.

Spyware Doctor used to give false positives. I know because I installed it, and it told me I had adware/spyware on my machine....and after doing some research (uninstalled the program after deleting the supposed spyware...installed the software again, and all the supposed "spyware/adware" programs had magically reappeared) I deleted that piece of shit.

However supposedly they cleaned up their act, and have been winning some awards as of late.


Here is a page dedicated to fighting "rogue" adware/spyware programs which has a HUGE current list of rogue apps. Many of them have been sued, or have been santioned by the FTC for false & deceptive practices:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

just get a mac

no spyware , viruses , trojans or any other crap

at all

Originally posted by flappo
just get a mac

no spyware , viruses , trojans or any other crap

at all

Or my personal favorite UNIX derivative, BSD.

I even do their advertising......http://rise.pl/images/category/freebsd/freebsd_logo.jpg

http://www.freebsd.org/

I dont know if it will help you Roy, but I find this site is really good at offering tech support, they have helped me out a few times, you may want to start a thread in the support forum and give it a shot....
http://www.daniweb.com/techtalkforums/index.php?

Originally posted by Hardrock69
Then hire a lawyer and sue the developers...


Info on removing Spy Falcon:

http://www.bleepingcomputer.com/forums/topic43659.html


A word to the wise:

Get the following programs for Spyware:


AdAware:

http://www.lavasoft.nu/software/adaware/


Spybot Search & Destroy:

http://www.safer-networking.org/en/download/index.html


The above two programs are widely recognized as the very best in adware/spyware detection and removal.

There are other programs that are like SpyFalcon.

Spyware Doctor used to give false positives. I know because I installed it, and it told me I had adware/spyware on my machine....and after doing some research (uninstalled the program after deleting the supposed spyware...installed the software again, and all the supposed "spyware/adware" programs had magically reappeared) I deleted that piece of shit.

However supposedly they cleaned up their act, and have been winning some awards as of late.


Here is a page dedicated to fighting "rogue" adware/spyware programs which has a HUGE current list of rogue apps. Many of them have been sued, or have been santioned by the FTC for false & deceptive practices:

http://www.spywarewarrior.com/rogue_anti-spyware.htm


Thanks for the info. I already have AdAware and Spybot but they do NOTHING with this SpyFalcon. The problem I am having is that I only found one of the files that are supposed to be deleted. I did it in safe mode. The other problem is that when in safe mode I cannot see or use the two little programs you need to fix/get rid of SpyFalcon..."FixIt" and "semtrim."

I also know about SpyDoctor...it's a load of shit. No better than this SpyFalcon virus.

I tried the things that FORD and Nick said to do when I was home for lunch but I couldn't really find anything funny looking. I can't find the source of this bug anywhere because it has apparently used a surname that would be extremely unassuming.

I dunno what to do at this point.

I would love to sue these fuckers but is it worth the time and money?

Originally posted by flappo
just get a mac

no spyware , viruses , trojans or any other crap

at all


Flaps, long time no talk. How's it going? Still up to no good? LOL


I have entertained the idea of getting a Mac several times. I might just have to get serious about it.

Originally posted by Satan
Or my personal favorite UNIX derivative, BSD.

I even do their advertising......http://rise.pl/images/category/freebsd/freebsd_logo.jpg

http://www.freebsd.org/


So, this is what you use?

Originally posted by flappo
just get a mac

no spyware , viruses , trojans or any other crap

at all

That's because nobody's interested in Macs. At least not developers worth a shit.

Originally posted by Roy Munson
So, this is what you use?

Actually, I've tried just about every type of Linux and BSD operating system around.

The Mac OS that Flappo likes so much is actually a BSD based system.

So when it comes right down to it, you only really have two choices. Windows, or some offspring of UNIX. And the UNIX is infinitely more secure.

I still use Windows sometimes, mostly because some multimedia functions aren't "quite there" on Linux/Unix yet. But for surfing the net/e-mail/and office type of applications, there's no reason not to go with Linux or BSD. Or Mac if you have the money.

Here is something else to try.

START>>>>RUN

Type in MSCONFIG

Click on the Startup Tab.

See that list of files?

How many of them have checked boxes?

Do a Google search on MSCONFIG as in "what programs can I safely disable".

You should be able to disable a bunch of stuff there...all it is is a list of programs that automatically start when Windows boots up.

The safe thing to do with the startup list (certainly if you have not spent much time looking at it, and you do not know what actually belongs there or not), is write down everything that has a checkmark next to it, then uncheck one item, then reboot.


If I am not mistaken, you can uncheck damn near everything without harming Windows. There may be some stuff that you MUST have on at all times, like a firewall program, or anti-virus program, but you might find there is a lot of rubbish running in the background you did not know about.

Certainly if you uncheck a majority of stuff, when you reboot you may find your machine runs a lot faster.

If the problem goes away after you uncheck something and reboot, then you may have figured out what the program is, and possibly where it is located.


Another thing to do is to hit CTRL/ALT/DELETE so your Windows Task manager comes up.

You should see a list of processes currently running.

In the past when I have had this sort of problem with spyware, adware or viruses, the Task Manager would show stuff running that I did not recognize.

Sometimes adware or a virus will automatically rename itself everytime Windows boots up as to avoid detection.

I have found programs with no real name...just a bunch of gibberish like jyfiouyg,exe or some such crap.

And once I figured out that it did not belong on my PC, I could find out the location of the file, and then reboot into Safe Mode and delete it.

One way to help (obviously) is RESEARCH.

KEEP ON GOOGLING if you cannot figure out what to do.

And of course if you have to reformat your drive and reinstall everything, make sure you backup everything you need first like Address Book, Email, etc.

Hope this has helped.

Originally posted by Hardrock69
Here is something else to try.

START>>>>RUN

Type in MSCONFIG

Click on the Startup Tab.

See that list of files?

How many of them have checked boxes?

Do a Google search on MSCONFIG as in "what programs can I safely disable".

You should be able to disable a bunch of stuff there...all it is is a list of programs that automatically start when Windows boots up.

The safe thing to do with the startup list (certainly if you have not spent much time looking at it, and you do not know what actualy belongs there or not), is write down everything that has a checkmark next to it, then uncheck one item, then reboot.


If I am not mistaken, you can uncheck damn near everything without harming Windows. There may be some stuff that you MUST have on at all times, like a firewall program, or anti-virus program, but you might find there is a lot of rubbish running in the background you did not know about.

Certainly if you uncheck a majority of stuff, when you reboot you may find your machine runs a lot faster.

If the problem goes away after you uncheck something and reboot, then you may have figured out what the program is, and possibly where it is located.


Another thing to do is to hit CTRL/ALT/DELETE so your Windows Task manager comes up.

You should see a list of processes currently running.

In the past when I have had this sort of problem with spyware, adware or viruses, the Task Manager would show stuff running that I did not recognize.

Sometimes adware or a virus will automatically rename itself everytime Windows boots up as to avoid detection.

I have found programs with no real name...just a bunch of gibberish like jyfiouyg,exe or some such crap.

And once I figured out that it did not belong on my PC, I could find out the location of the file, and then reboot into Safe Mode and delete it.

One way to help (obviously is RESEARCH.

KEEP ON GOOGLING if you cannot figure out what to do.

And of course if you have to reformat your drive and reinstall everything, make sure you backup everything you need first like Address Book, Email, etc.

Hope this has helped.



Yes! Thanks!

Get this: http://www.microsoft.com/athome/security/spyware/software/default.mspx

It does work, and believe me, I like MS about as much as FLAPPO does...

Roy,

Go to this forum...http://forums.techguy.org/

Register and give them your problem in the Security subforum. They helped me clear out a nasty little virus I got through my IE once. Great guys. They know their shit.

Also, get rid of IE if you use it.

Originally posted by Warham
Roy,

Go to this forum...http://forums.techguy.org/

Register and give them your problem in the Security subforum. They helped me clear out a nasty little virus I got through my IE once. Great guys. They know their shit.

Also, get rid of IE if you use it.

Absolutely. Get Firefox. It's the best browser ever. And not just because it has "Fire" in the name.

Thanks a million guys. You guys are the best!! I'm trying to do things one at a time. I've been hanging out at www.afterdawn.com and using their forums. They are going to try to help me out too. I've been trying the things you guys have suggested and nothing seems to get me any answers. from what I've read, this SpyFalcon is a real bastard...very hard to detect and fix.

Anyway, I've downloaded a little piece of software called HiJackThis which gives you a log of possible problems. I posted it at afterdamn and am waiting for some answers.

I haven't formatted yet!

getting close, though...

Originally posted by Satan
Absolutely. Get Firefox. It's the best browser ever. And not just because it has "Fire" in the name.


I will be doing this NO DOUBT!!!

Trojan Hunter is good.

Originally posted by BigBadBrian
That's because nobody's interested in Macs. At least not developers worth a shit.

dummy

only microsoft , adobe , and at least a hundred others

stick to political crap , you fucking retard

Originally posted by Satan
Absolutely. Get Firefox. It's the best browser ever. And not just because it has "Fire" in the name.


Though you love that fact I am sure...
:D

Shit like this makes me want to cancel my online service.
I am so over protected now that it makes it a chore just to play games, lol.
You have to shut all that shit down to load them, lol.

By the way, how do you replace IE with this firefox browser if you're running XP?
Do you have to uninstall IE? or can you even do that?

I'd like a more stable browser myself...

Originally posted by Cathedral
Shit like this makes me want to cancel my online service.
I am so over protected now that it makes it a chore just to play games, lol.
You have to shut all that shit down to load them, lol.

By the way, how do you replace IE with this firefox browser if you're running XP?
Do you have to uninstall IE? or can you even do that?

I'd like a more stable browser myself...

IE will technically remain integrated into XP, since there's no real way to seperate it. But once you install Firefox, it will ask you if you want it to be the default browser. If you say "yes" it will update your file associations, and you'll be prompted to import your bookmarks & cookies over from MSIE during installation.

After that, just delete that stupid blue "e" from your desktop and forget you have it. I've been using Firefox since Beta 0.5 both with Windows and Linux and I never went back to any other browser.

Cool, thanks for the info, Ford!

No problem. The subject matter in this thread, I could do in my sleep.

If I ever slept.....

You need to see a doctor about that, i am.
Lack of sleep is bad for the heart, man.

The body has this internal clock thing going on where it likes to rest at night. when i was working temp on third shift at P&G awhile back i slept during the day but never seemed to rest up properly.

Then my doctor told me that statistically, 3rd shifters had higher risks of coronary disease because they never get the proper rest the body needs.
I guess the proof could be in my uncle who spent 30 years on 3rd shift and died of an aneurism in his heart at age 59, and he was the baby of the family and a health nut to boot.

Seriously, insomnia can be a killer.
I recommend seeing your doctor if you haven't already, bro...

Originally posted by Cathedral
You need to see a doctor about that, i am.
Lack of sleep is bad for the heart, man.

The body has this internal clock thing going on where it likes to rest at night. when i was working temp on third shift at P&G awhile back i slept during the day but never seemed to rest up properly.

Then my doctor told me that statistically, 3rd shifters had higher risks of coronary disease because they never get the proper rest the body needs.
I guess the proof could be in my uncle who spent 30 years on 3rd shift and died of an aneurism in his heart at age 59, and he was the baby of the family and a health nut to boot.

Seriously, insomnia can be a killer.
I recommend seeing your doctor if you haven't already, bro...


I saw FORD's post about not sleeping and it hit me hard. I hate not getting enough sleep and I can tell lately that I am just stressed out to the hilt.

:mad:

I'd like to mention that this SpyFalcon thing has completely crippled my IE at home. I'm going to format tonight or tomorrow morning and reload everything.

Thanks again for the help, guys. I appreciate it.

I'll be running Mozilla from now on, too.

I have been running with Firefox for over a year.

FUCK MICROSOFT!

I run their OS because it is the most common one, and the software have will not always run on Linux or Mac.

So MS are a necessary evil.

But Firefox kicks Internet Explorers ass.

I will never use IE again.

Oh and yes, all you haveta do is download Firefox and install.

Easy as sin.

Well, maybe not THAT easy, but ya know what I mean...
:cool: