Remove spyfalcon?

[Postman delivers]

When I run Microsoft anti-spyware it found one infection, now it finds
4 registry entries and indicated it deletes them. Restarting the
machine spyfalcon places false panels/dialog boxes similar to Microsoft
antispyware notes, covering them... The colors are wrong, but
impossible to read MS antispyware notes now.

Also the restore is blocked, I have run ad-aware Free version & spybot
search and destroy in normal & safe mode they both found 8 problems in
the beginning, now they find in excess of 70 infections.

I posted a message in alt.comp.anti-virus, was given instructions
similar to the forums of ad-aware, and these fixes using “noahdfear's
SmitFraud and SpyAxe removal tool -- SmitRem.exe
†do not clear the problem either...

Spyfalcon is listed in the 03-06 ad-aware definition files, but it does
not keep the problems fixed...

I do not find anything listed in the add and remove, but i can find a
folder labeled spyfalcon and delete it in safe mode, but it always
returns...

Now all favorite in I.E. are opening different pages, every time
clicked. Home page is good when opening I.E., but doing a search is
useless every page is misdirected.

Has anyone found a method to eliminate this rogue antispyware
infection, that seems to be getting far worse...

JR the postman

 

[David H. Lipman]

From: "Postman delivers" <[email protected]>

| When I run Microsoft anti-spyware it found one infection, now it finds
| 4 registry entries and indicated it deletes them. Restarting the
| machine spyfalcon places false panels/dialog boxes similar to Microsoft
| antispyware notes, covering them... The colors are wrong, but
| impossible to read MS antispyware notes now.
|
| Also the restore is blocked, I have run ad-aware Free version & spybot
| search and destroy in normal & safe mode they both found 8 problems in
| the beginning, now they find in excess of 70 infections.
|
| I posted a message in alt.comp.anti-virus, was given instructions
| similar to the forums of ad-aware, and these fixes using “noahdfear's
| SmitFraud and SpyAxe removal tool -- SmitRem.exe
| ” do not clear the problem either...
|
| Spyfalcon is listed in the 03-06 ad-aware definition files, but it does
| not keep the problems fixed...
|
| I do not find anything listed in the add and remove, but i can find a
| folder labeled spyfalcon and delete it in safe mode, but it always
| returns...
|
| Now all favorite in I.E. are opening different pages, every time
| clicked. Home page is good when opening I.E., but doing a search is
| useless every page is misdirected.
|
| Has anyone found a method to eliminate this rogue antispyware
| infection, that seems to be getting far worse...
|
| JR the postman
|

As I suggested in; a.c.a-v ...

Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://forums.spywareinfo.com/index.php?showforum=18

After you make your post to one of the above, I would appreciate it if you could provide me,
via email, the URL of your thread.

 

[Postman delivers]

David H. Lipman explained :

As I suggested in; a.c.a-v ...

Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://forums.spywareinfo.com/index.php?showforum=18

After you make your post to one of the above, I would appreciate it if you
could provide me, via email, the URL of your thread.

David,

I posted here so someone might note that this program has blocked the
restore function on XP, and that it also defeats Microsoft
Antispyware...

I did not see a MS antispyware newsgroup, nor one for restore...

JR the postman

 

[David H. Lipman]

From: "Postman delivers" <[email protected]>

|
| David,
|
| I posted here so someone might note that this program has blocked the
| restore function on XP, and that it also defeats Microsoft
| Antispyware...
|
| I did not see a MS antispyware newsgroup, nor one for restore...
|
| JR the postman
|

I realize that JR but I wanted to let the readers know of a course of action to be taken.

As for covering malware in the Microsoft hierarchy, there is the News Group;
microsoft.public.security.virus

As for specific questions or problems concerning the MS Anti Spyware Beta1 application which
was replaced by Windows Defender Beta2

The News Server is; news://privatenews.microsoft.com

That News Server needs authentication using the following credentials...

User Name: privatenews\spyware
Password: spyware

To access these newsgroups using HTTP, the following is the URL...

http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware&sLCID=us

No credentials are needed using HTTP.

 

[Postman delivers]

David H. Lipman submitted this idea :

I realize that JR but I wanted to let the readers know of a course of action
to be taken.

As for covering malware in the Microsoft hierarchy, there is the News Group;
microsoft.public.security.virus

As for specific questions or problems concerning the MS Anti Spyware Beta1
application which was replaced by Windows Defender Beta2

The News Server is; news://privatenews.microsoft.com

That News Server needs authentication using the following credentials...

User Name: privatenews\spyware
Password: spyware

To access these newsgroups using HTTP, the following is the URL...

http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware&sLCID=us

No credentials are needed using HTTP.

David,

I seldom surf the www as you should know... Again I thank you for the
information. I am clambering to get on the computer again, to get this
overlooked monster taken care of, unfortunately I must wait. I did
manage to get tickets for the Saturday races, but Sunday event is
beyond my means -

Did you see the posting re: "system32 - genuirep.dll" for the tray
nag?

I wonder what is replacing or covering the Microsoft antispyware
notices... Java?

That has been researched well, but the colors are wrong, the code
writer at least wants everyone to know they are there... but the
Average individual is going to believe the false notices...

JR the postman

 

[David H. Lipman]

From: "Postman delivers" <[email protected]>


|
| David,
|
| I seldom surf the www as you should know... Again I thank you for the
| information. I am clambering to get on the computer again, to get this
| overlooked monster taken care of, unfortunately I must wait. I did
| manage to get tickets for the Saturday races, but Sunday event is
| beyond my means -
|
| Did you see the posting re: "system32 - genuirep.dll" for the tray
| nag?
|
| I wonder what is replacing or covering the Microsoft antispyware
| notices... Java?
|
| That has been researched well, but the colors are wrong, the code
| writer at least wants everyone to know they are there... but the
| Average individual is going to believe the false notices...
|
| JR the postman
|

Hi JR:

No I did not see the post subject "system32 - genuirep.dll". However I am fully aware of
that DLL as my tool and noahdfear's tool were updated, as alluded to in my a.c.a-v reply,
and I know that McAfee AV specifically flags that DLL as "spywarestrike.dldr".