SpyFalcon Virus?

Illusion

Lion's Arch Merchant

Join Date: Jan 2006

Where do you live?

Elite Mercenary Legion

10 Feb 2006 at 14:50 - 1
OK so i turned on my computer (my other one) and a new *Virus Remover* Showed up and started spamming me with pop ups (most porn) it said it was a test to see if my computer could stop them (i doubted it from the very moment) so i tried uninstalling it then restarting my computer and it re-installed itself.

so now i have about 90 new viruses and i have been forced to wipe the computer and every thing that was on it any one ever heard of this or incase some one else gets it a way to remove it with out wiping the computer? (no I did not go on porn to get this virus)

koneko

Site Contributor

Join Date: Sep 2005

38??16′ N 140??52′ E

Mo/Me

10 Feb 2006 at 14:56 - 2
http://castlecops.com/article6514.html
http://wiki.castlecops.com/Malware_R...SpyAxe_Removal

You haven't run Windows Update lately, have you? Might have saved you a lot of trouble if you had (Win32/Exploit.WMF was patched a while ago)...

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

10 Feb 2006 at 14:58 - 3
Should be easy enough to remove without having to do a reformat. Boot your computer in safe mode, run all of your scanners and delete anything that comes up as malicious. Then dig through your registry for the program(s). It will have most likely made an entry there, which is why it keeps reinstalling itself.

Boom. Problem solved. If you need any tips on how to do any of the above steps, I'd higly reccomend using the all-powerful might of a few good search enigines. Scanners I highly reccomend are "Spybot Search & Destroy" and "Ad-Aware SE". Good stuff right there, and both free. That combined with a retail Virus scanner (or even AVG Anti-Virus, also free) can protect you fairly well.

I'd reccommend that if you do wipe your hard drive again any time soon (or if you haven't reinstalled the OS yet), that you should partition it so that you can have one section for Windows and only Windows (or whatever OS you run) and the other section(s) for the rest of your general junk. I've got my HDD's partitioned into a grand total of 7 drives... Just in case

EDIT

Yeah... Um, the exploit patch works too I suppose... Thank you, koneko.

Illusion

Lion's Arch Merchant

Join Date: Jan 2006

Where do you live?

Elite Mercenary Legion

10 Feb 2006 at 15:03 - 4
ok i read the remove tutorial and to me it makes it look like it wants me to install it in order to get rid of it you mind telling me what it really means cus that cant be it

phosho

phosho

Wilds Pathfinder

Join Date: Nov 2005

HP

W/Mo

10 Feb 2006 at 15:23 - 5
i would reformat it, its not that hard.

Illusion

Lion's Arch Merchant

Join Date: Jan 2006

Where do you live?

Elite Mercenary Legion

10 Feb 2006 at 15:32 - 6
Quote:
Originally Posted by Avaith Faer
Should be easy enough to remove without having to do a reformat. Boot your computer in safe mode, run all of your scanners and delete anything that comes up as malicious. Then dig through your registry for the program(s). It will have most likely made an entry there, which is why it keeps reinstalling itself.

Boom. Problem solved. If you need any tips on how to do any of the above steps, I'd higly reccomend using the all-powerful might of a few good search enigines. Scanners I highly reccomend are "Spybot Search & Destroy" and "Ad-Aware SE". Good stuff right there, and both free. That combined with a retail Virus scanner (or even AVG Anti-Virus, also free) can protect you fairly well.
wheres the entry on the computer?

Loviatar

Underworld Spelunker

Join Date: Feb 2005

10 Feb 2006 at 15:53 - 7
Illusion

on one hand i feel sorry for you.

ON THE OTHER PEOPLE LIKE YOU WHO DONT UPDATE AND HAVE GOOD ANTI VIRUS PROTECTION ARE THE MAIN REASON WHY THESE THINGS SPREAD SO FAR AND FAST.

MY CONTRIBUTION IS A TOP RATED ANTIVIRUS THAT IS FREE AND UPDATES VERY FREQUENTLY.

HERE IT IS JUST FOR YOU

http://free.grisoft.com/doc/2/lng/us/tpl/v5

EternalTempest

EternalTempest

Furnace Stoker

Join Date: Jun 2005

United States

Dark Side Ofthe Moon [DSM]

E/

10 Feb 2006 at 15:58 - 8
Run Windows Update, and do full anti-virus scan. You can use the link Loviatat give you for free AV and run it (after it's updated).

Do NOT pay for that program to "remove" it. It's false program.

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

10 Feb 2006 at 16:00 - 9
Quote:
Originally Posted by Illusion
wheres the entry on the computer?
Okay, as to that, use Google. I have no clue where this thing would be saving to, as I have never had to deal with it. Those links that koneko posted should tell you where to run to, and if they don't, Google the sucker a few times. That's what I always do. Heck, I'd actually search for it for you but I'm a bit busy on a graphics project that is too far behind schedule for my liking (supposed to be done a day and a half ago) so... My hands are a bit full.

Loviatar posted the link to AVG, it'd be wise for you to use it Good program, I used it myself for a long time before getting a retail scanner and my PC came out clean.

Illusion

Lion's Arch Merchant

Join Date: Jan 2006

Where do you live?

Elite Mercenary Legion

10 Feb 2006 at 18:01 - 10
Quote:
Originally Posted by Loviatar
Illusion

on one hand i feel sorry for you.

ON THE OTHER PEOPLE LIKE YOU WHO DONT UPDATE AND HAVE GOOD ANTI VIRUS PROTECTION ARE THE MAIN REASON WHY THESE THINGS SPREAD SO FAR AND FAST.

MY CONTRIBUTION IS A TOP RATED ANTIVIRUS THAT IS FREE AND UPDATES VERY FREQUENTLY.

HERE IT IS JUST FOR YOU

http://free.grisoft.com/doc/2/lng/us/tpl/v5
yea ok thx but i do run updates and i have AVG which did nothin and i was runnin it the whole time i have had this problem

and like i said and should have said in first post is that avg was runnin and doin nothin

EternalTempest

EternalTempest

Furnace Stoker

Join Date: Jun 2005

United States

Dark Side Ofthe Moon [DSM]

E/

10 Feb 2006 at 18:21 - 11
Install Microsoft Antispyware - http://www.microsoft.com/athome/secu...e/default.mspx

Then Spybot Search and destory - http://www.safer-networking.org/

Then Ad-aware - http://www.lavasoftusa.com/software/adaware/

I was sure AV would fix this but it's a spyware / adware issue.

Run all three and between them it should clean things up.

Loviatar

Underworld Spelunker

Join Date: Feb 2005

10 Feb 2006 at 19:13 - 12
Quote:
Originally Posted by Illusion
yea ok thx but i do run updates and i have AVG which did nothin and i was runnin it the whole time i have had this problem

and like i said and should have said in first post is that avg was runnin and doin nothin
sorry about that

here is something else and the publisher (link provided) has experts on the hijack this forum to analize a hijack this log for you and give step by step solution

http://www.download.com/HijackThis/3...-10227353.html

Illusion

Lion's Arch Merchant

Join Date: Jan 2006

Where do you live?

Elite Mercenary Legion

11 Feb 2006 at 03:11 - 13
Quote:
Originally Posted by Loviatar
sorry about that

here is something else and the publisher (link provided) has experts on the hijack this forum to analize a hijack this log for you and give step by step solution

http://www.download.com/HijackThis/3...-10227353.html
thx alot guys tho iv already wiped the computer but eh it didnt have anything important on the computer really it was the pop ups pissin me off

on a different note im on my friends computer and iv found that GWG is runnin a bit slower than usual and search button once again doesnt work any one else gettin this or maybe just cus im on my friends computer ?

koneko

Site Contributor

Join Date: Sep 2005

38??16′ N 140??52′ E

Mo/Me

11 Feb 2006 at 07:09 - 14
Quote:
Originally Posted by Illusion
thx alot guys tho iv already wiped the computer but eh it didnt have anything important on the computer really it was the pop ups pissin me off
Next time, save yourself a lot of hassle and keep your copy of Windows updated through Windows Update (in addition to running the scanning software others have mentioned).

Josh

Josh

Desert Nomad

Join Date: Oct 2005

England, UK

D/Mo

11 Feb 2006 at 12:52 - 15
Also, keep Automatic Windows Updates enabled.

Cell Undertaker

Cell Undertaker

Krytan Explorer

Join Date: Nov 2005

The Netherlands

The Malevolent Wolfpack

11 Feb 2006 at 12:56 - 16
wow.. i have the same problem thx all... with me its so bad... when i run a game for an hour and close it, i got over 15 popups on my desktop....*sigh* ill try sum of your solvers thx

Also.. what i figured out. Download the google toolbar..
http://toolbar.google.com/
this will stop pop ups

Cell Undertaker

Cell Undertaker

Krytan Explorer

Join Date: Nov 2005

The Netherlands

The Malevolent Wolfpack

11 Feb 2006 at 13:21 - 17
Quote:
Originally Posted by EternalTempest
Install Microsoft Antispyware - http://www.microsoft.com/athome/secu...e/default.mspx

Then Spybot Search and destory - http://www.safer-networking.org/

Then Ad-aware - http://www.lavasoftusa.com/software/adaware/

I was sure AV would fix this but it's a spyware / adware issue.

Run all three and between them it should clean things up.
I use adawara for over a year and i used it again.. i downloaded and runned the other two programs as said but i still get popups and in the lower right corner of my screen it keeps saying:

Your cumputer is infected!

Blabla... I got 2 of those... both say that they found a dangerous infection...

I did all the three scans and i still have the problem....

What to do now?

EternalTempest

EternalTempest

Furnace Stoker

Join Date: Jun 2005

United States

Dark Side Ofthe Moon [DSM]

E/

11 Feb 2006 at 13:22 - 18
Reboot your pc in safe mode, then run each one (from within windows safe mode). This should prevent a lot from loading at start up making it harder to remove.

There are more extreme methods but let me know if that works.

Alias_X

Alias_X

Desert Nomad

Join Date: Apr 2005

12 Feb 2006 at 04:16 - 19
Search the forum.
A while ago I made a Spyware/Adware guide, most of the things that get rid of spyware and adware also get rid of virus's.

Search for it.

Cell Undertaker

Cell Undertaker

Krytan Explorer

Join Date: Nov 2005

The Netherlands

The Malevolent Wolfpack

12 Feb 2006 at 15:22 - 20
Quote:
Originally Posted by EternalTempest
Reboot your pc in safe mode, then run each one (from within windows safe mode). This should prevent a lot from loading at start up making it harder to remove.

There are more extreme methods but let me know if that works.
1 (maybe stupid) question.. How do I run my Computer at safe mode again I got Windows XP and with the old computers it was easy u just pressed f4 when it was starting up but with my 2,93 Gigahertz it startsup so fast i don't hav ethe chance to press f4 :P so how do I run it in safe mode then?

koneko

Site Contributor

Join Date: Sep 2005

38??16′ N 140??52′ E

Mo/Me

12 Feb 2006 at 16:05 - 21
Quote:
Originally Posted by Cell Undertaker
1 (maybe stupid) question.. How do I run my Computer at safe mode again I got Windows XP and with the old computers it was easy u just pressed f4 when it was starting up but with my 2,93 Gigahertz it startsup so fast i don't hav ethe chance to press f4 :P so how do I run it in safe mode then?
Spam the F8 key after the BIOS screen. Menu should appear.

awesome sauce

awesome sauce

Krytan Explorer

Join Date: Dec 2005

12 Feb 2006 at 18:48 - 22
easier way is start>run>"msconfig">boot.ini>check 'safeboot'>restart>repeat to get it back to normal

Cell Undertaker

Cell Undertaker

Krytan Explorer

Join Date: Nov 2005

The Netherlands

The Malevolent Wolfpack

14 Feb 2006 at 11:21 - 23
Quote:
Originally Posted by EternalTempest
Reboot your pc in safe mode, then run each one (from within windows safe mode). This should prevent a lot from loading at start up making it harder to remove.

There are more extreme methods but let me know if that works.
i tried, didnt work