Hijacked by "Spyfalcon"

  ADAM-189137 19:56 19 Feb 2006

I seem to have been attacked by Spyfalcon which re-appears even after I have used add/remove programs to delete it.An AVG antivirus scan shows I have been affaected by this. What can be done for safe removal?

  csqwared 20:01 19 Feb 2006

Have a look here click here might help.

  skidzy 20:03 19 Feb 2006

Try this ...
click here
Should cure your problem

  Kev.Ifty 20:05 19 Feb 2006
  astral traveller 19:59 05 Mar 2006

I used "ewido" anti malware to get rid of most of the infected files but one kept coming back so I ran the "smitrem" program. Everything seemed to be going fine except I can only start Windows in safe mode, when I try to start in ordinary mode it freezes at the Windows logo or sometimes even before that when the plug n play message comes on - black screen white writing etc. - this has happen occasionally before but ow all the time. I've got the Windows XP CD and am considering re installing but I fear I may have problems getting my internet settings back -passwords for ntl account etc. I've just about got everything backed up - the only thing not backed up is my Outlook Express contacts and emails and my internet settings - can I access these and back them up from the Administrator log in?

  skidzy 20:02 05 Mar 2006

Use this also...click on download from usa,france etc... click here
Also try ccleaner from click here
And use the uninstaller as well as the scanning options.

  mikef. 20:20 05 Mar 2006

When removing first of all switch off system restore as it will also be sitting there and re installing itself from there

  skidzy 20:26 05 Mar 2006

As Mikef says make sure you switch off system restore,but i would like to add...Beaware you will lose any recent system restore points,but my guess they will be useless anyway if spyfalcon has installed itself in the system restore points.

  skidzy 20:27 05 Mar 2006

PS...Dont forget to turn System Restore back on,once cleaned up.

  VoG II 20:33 05 Mar 2006

Um, the above is not quite correct. Nasties may be saved in Restore Points but they cannot 'escape' from there unless you restore to an infected restore point. If a malware removal program detects a nasty in a restore point it won't be able to delete it. Hence the often repeated advice that if your anti virus program reports a virus in the ....\_restore folder then you would need to turn off SR to remove it.

However, the advice from my favourite Slyware Huntress is that it is always best NOT to turn off SR because if you do, and something goes wrong during the malware removal process, you do not have a working system to go back to.

  skidzy 20:44 05 Mar 2006

Agreed Vog,Maybe im wrong here...but does turning off system restore and turning back on stop the hibernation and reinstallation of the variant in question.

Reason i say this,a couple of years ago i was infected with the LOP Trogan/Malware....My only escape was to to turn off system restore and reboot and turn system restore back on.

Admittingly,i have more knowledge now and with the help of this forum and more accessible information i can deal with the problem without using system restore.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?