VERY BAD - SpyFalcon 2.0
-
- Enthusiast
- Posts: 665
- Joined: Fri Sep 12, 2003 10:40 pm
- Location: Tallahassee, Florida
VERY BAD - SpyFalcon 2.0
this might be the MOST malicious spyware i have seen. i got a new Maxtor 300 Gig SATA 16 Meg cache drive, did a fresh dual boot of XP and Win64, and somehow this got onto my computer and wreaked HAVOC.
it took spybot, spyware doctor and Mcafee 2006 to get it off, plus booting into safe mode and using .REG files posted on spyware forums.
it creates an icon in the system tray and tells you that your computer is infected, and if you try to click it, it prompts you to pay for registering SpyFalcon to remove spyware on your computer.
it is listed as one of the most dangerous adwares out there. it downloads a ton of trojans that some people think are hooked to dialers, and might charge you for the connection. one of the dialers "license" agreements (i saw this posted on a forum) prohibits you from removing or altering the EXE without express consent of the author. which means by removing it or using a removal tool to delete or patch it, you are breaking the agreement and can be charged.
would anyone perhaps, hmmm, like to help write a removal tool that, umm, maybe links up to the DAT files it uses, and writes hundreds of megabytes of nonsense to them so the nonsense is transmitted back to the source and crashes their servers?
i did this once with another spyware and it got suspended my Comcast account for a bit. i am tired of this crap and really want to fight back hard. this time i am going to use an old crappy machine with an AMD 2800 processor, set it up at me grad school LAN, and give it a try. most they (the IT guys) can do it make me unhook it, and not deprive me of internet at home.
anyone else who is sick of this let me know, and maybe we can find a way to put a hurting on these people. if you cant tell already, i am so ripped i cant sleep.
it took spybot, spyware doctor and Mcafee 2006 to get it off, plus booting into safe mode and using .REG files posted on spyware forums.
it creates an icon in the system tray and tells you that your computer is infected, and if you try to click it, it prompts you to pay for registering SpyFalcon to remove spyware on your computer.
it is listed as one of the most dangerous adwares out there. it downloads a ton of trojans that some people think are hooked to dialers, and might charge you for the connection. one of the dialers "license" agreements (i saw this posted on a forum) prohibits you from removing or altering the EXE without express consent of the author. which means by removing it or using a removal tool to delete or patch it, you are breaking the agreement and can be charged.
would anyone perhaps, hmmm, like to help write a removal tool that, umm, maybe links up to the DAT files it uses, and writes hundreds of megabytes of nonsense to them so the nonsense is transmitted back to the source and crashes their servers?
i did this once with another spyware and it got suspended my Comcast account for a bit. i am tired of this crap and really want to fight back hard. this time i am going to use an old crappy machine with an AMD 2800 processor, set it up at me grad school LAN, and give it a try. most they (the IT guys) can do it make me unhook it, and not deprive me of internet at home.
anyone else who is sick of this let me know, and maybe we can find a way to put a hurting on these people. if you cant tell already, i am so ripped i cant sleep.
Code: Select all
!.WHILE status != dwPassedOut
! Invoke AllocateDrink, dwBeerAmount
!MOV Mug, Beer
!Invoke Drink, Mug, dwBeerAmount
!.endw
Re: VERY BAD - SpyFalcon 2.0
> it took spybot, spyware doctor and Mcafee 2006 to get it off, plus
> booting into safe mode and using .REG files posted on spyware forums
Surely a quick System Restore to the install date would have removed it?
And you said "fresh" install, so I take it you weren't browsing with Firefox?
> booting into safe mode and using .REG files posted on spyware forums
Surely a quick System Restore to the install date would have removed it?
And you said "fresh" install, so I take it you weren't browsing with Firefox?
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
@Num3: I know that, but he said he did a recent fresh install of Windows, so
there'd be a restore point for that, which is the point that I was asking that he
restore to ("to the install date").
there'd be a restore point for that, which is the point that I was asking that he
restore to ("to the install date").
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
-
- PureBasic Expert
- Posts: 2810
- Joined: Fri Apr 25, 2003 4:51 pm
- Location: Portugal, Lisbon
- Contact:
Upsss you're right!flaith wrote:and :
g) delete all the files in the 'temp' folder
h) delete all the files in the 'temporary internet files' folder
I don't use IE, so don't need to use this
In fact i use AntiVir Guard also, which doesn't allow Mallware / Trojans / Dialups / Jokes to install! (has to be turned on in Advance Settings)
http://www.free-av.com/
Try it it's free and uses little memory!
- Joakim Christiansen
- Addict
- Posts: 2452
- Joined: Wed Dec 22, 2004 4:12 pm
- Location: Norway
- Contact:
Not very easy when the program starts again rigth after you ended it, or when it adds a new key right after you deleted the key.Num3 wrote:Ok, here's what i do with those trojan bastards:
a) look for the process name
b) find the launch path and program name
c) Find the regkey that launches the program name
After this info
d) kill the process
e) delete the file
f) delete the program
> i use AntiVir Guard
Yep, I ditched Avast for AntiVir and was amazed by how fast my PC became!
Avast was literally sucking the life out of my PC, to the point where I thought
my hardware was faulty or something!
Yep, I ditched Avast for AntiVir and was amazed by how fast my PC became!
Avast was literally sucking the life out of my PC, to the point where I thought
my hardware was faulty or something!
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
-
- Enthusiast
- Posts: 731
- Joined: Wed Apr 21, 2004 7:12 pm
I had a problem with some spyware like this before. I found the offending .exe's (one would restore the other if you deleted it) then booted up in safe mode. I deleted both .exes and replaced them with blank ones and set them to be read only. I also got rid of the keys. It wiped out the problem and I haven't had a problem since .
~I see one problem with your reasoning: the fact is thats not a chicken~
- Joakim Christiansen
- Addict
- Posts: 2452
- Joined: Wed Dec 22, 2004 4:12 pm
- Location: Norway
- Contact:
I also use thatPB wrote:> i use AntiVir Guard
Yep, I ditched Avast for AntiVir and was amazed by how fast my PC became!
Avast was literally sucking the life out of my PC, to the point where I thought
my hardware was faulty or something!
www.free-av.com
-
- Addict
- Posts: 1126
- Joined: Wed Oct 15, 2003 12:40 am
- Location: Sweden
- Contact:
-
- Enthusiast
- Posts: 665
- Joined: Fri Sep 12, 2003 10:40 pm
- Location: Tallahassee, Florida
http://spyfalcon.com/
have fun with it. and let me know when you finally manage to get it off. i hope you have McaFee, thats the only thing that got it for me.
have fun with it. and let me know when you finally manage to get it off. i hope you have McaFee, thats the only thing that got it for me.
Code: Select all
!.WHILE status != dwPassedOut
! Invoke AllocateDrink, dwBeerAmount
!MOV Mug, Beer
!Invoke Drink, Mug, dwBeerAmount
!.endw
Here is some info you might find usefull
http://securityresponse.symantec.com/av ... alcon.html
regards
http://securityresponse.symantec.com/av ... alcon.html
regards