Post by £åߥ®Ñth on Jul 20, 2006 13:16:33 GMT -5
Ok guys i was hit with this one. So i did some research and got rid of it.
Your normal spy protection does not work on this thing.
It is called spyfalcon and has a trojan in it called skyfalcon.
It runs in safe mode also.
It creates a couple of icons on you tool bar by the clock and flashes balloon messages also makes web popups making you think your pc is infected and you need to buy some software. If you do buy that software it will remove the falcon. But why buy something from a bastard that makes the same shit that he wrote a program to stop.
If you click the baloon popup it brings you to a page called skyfalcon.com or spyfalcon.com *Links have been modified to not allow you guys to go to the right place and possibly get this crap.
On this page it has advertisment for selling a adware program.
Again like i said, normal adware or spyware tools,Nortons will not remove it. AntiSpyware utilities (Adaware,SpySweeper, Spybot Search and Destroy, Microsoft AntiSpyware, and Windows Defender) can not remove it because Spy Falcon is constantly running - even in Safe Mode.
Steps for removal:
Step1:
Download these 2 items.
www.downloads.subratam.org/smitRem.exe
www.schrockinnovations.com/fixsf.zip
If you get dead links let me know i can post some that will not go dead.
Step2: Double click smitrem.exe "have it on your desktop"
It will make a folder named smitrem
Step3: Extract the FixSF.zip "to your destop"
Step4: After you have those files on the desktop, boot your computer into safe mode. "This can be done by restarting the pc and hitting the correct F key. They are diffrent on each pc so try till you get a screen asking for how you want to boot.
Step5: When you select boot safe mode. You will probably get a box asking yes or no. Read it. You must click yes to continue booting into safe mode.
Step6: Go to the control panel > Then add/remove. Look for the install of SpyFalcon. Uninstall it. "If you dont have this in there dont worry about it go to the next step"
Step7: Double click the reg file named FixSF.reg "Say "Yes" to any security warnings that pop up."
Step8: press the "ctrl" + "alt" + "del" keys at the same time to get the task manager.
Step9: Click on the "Processes" tab.
Step10: Endtask on any file with these names. "If you dont have any of them just go to the next step"
* dfrgsrv.exe
* mscornet.exe
* mssearchnet.exe
* nvctrl.exe
* spyfalcon.exe
* uninst.exe
Step11: Locate the smitrem folder on your desktop and run the file named "runthis.bat" Follow the instructions it gives you.
Step12: Once it has completed, the tool say hit any key to exit and an automatic disk cleanup will be launched. This cleanup can take anywhere from minutes to hours to run, so be patient and do not interrupt it.
Step13: Restart your pc when it is all over and you will be free of the falcon.
Final Thought:
It is sad when there are so many spyware tools available that people make shit like this just to sell their fucking tools.
Your normal spy protection does not work on this thing.
It is called spyfalcon and has a trojan in it called skyfalcon.
It runs in safe mode also.
It creates a couple of icons on you tool bar by the clock and flashes balloon messages also makes web popups making you think your pc is infected and you need to buy some software. If you do buy that software it will remove the falcon. But why buy something from a bastard that makes the same shit that he wrote a program to stop.
If you click the baloon popup it brings you to a page called skyfalcon.com or spyfalcon.com *Links have been modified to not allow you guys to go to the right place and possibly get this crap.
On this page it has advertisment for selling a adware program.
Again like i said, normal adware or spyware tools,Nortons will not remove it. AntiSpyware utilities (Adaware,SpySweeper, Spybot Search and Destroy, Microsoft AntiSpyware, and Windows Defender) can not remove it because Spy Falcon is constantly running - even in Safe Mode.
Steps for removal:
Step1:
Download these 2 items.
www.downloads.subratam.org/smitRem.exe
www.schrockinnovations.com/fixsf.zip
If you get dead links let me know i can post some that will not go dead.
Step2: Double click smitrem.exe "have it on your desktop"
It will make a folder named smitrem
Step3: Extract the FixSF.zip "to your destop"
Step4: After you have those files on the desktop, boot your computer into safe mode. "This can be done by restarting the pc and hitting the correct F key. They are diffrent on each pc so try till you get a screen asking for how you want to boot.
Step5: When you select boot safe mode. You will probably get a box asking yes or no. Read it. You must click yes to continue booting into safe mode.
Step6: Go to the control panel > Then add/remove. Look for the install of SpyFalcon. Uninstall it. "If you dont have this in there dont worry about it go to the next step"
Step7: Double click the reg file named FixSF.reg "Say "Yes" to any security warnings that pop up."
Step8: press the "ctrl" + "alt" + "del" keys at the same time to get the task manager.
Step9: Click on the "Processes" tab.
Step10: Endtask on any file with these names. "If you dont have any of them just go to the next step"
* dfrgsrv.exe
* mscornet.exe
* mssearchnet.exe
* nvctrl.exe
* spyfalcon.exe
* uninst.exe
Step11: Locate the smitrem folder on your desktop and run the file named "runthis.bat" Follow the instructions it gives you.
Step12: Once it has completed, the tool say hit any key to exit and an automatic disk cleanup will be launched. This cleanup can take anywhere from minutes to hours to run, so be patient and do not interrupt it.
Step13: Restart your pc when it is all over and you will be free of the falcon.
Final Thought:
It is sad when there are so many spyware tools available that people make shit like this just to sell their fucking tools.