Yes, you have a Smitfraud infection.
Try running Ewido. It works ONLY with WinXP/2K:
http://www.ewido.net/en/download/
Please follow the instructions provided. You may want to print out these instructions and use them as a reference.
Install Ewido Anti-Malware
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.
*Click on Ewido>Scanner
Then select "Settings"
Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
Select "OK" and you will return to scanning options.
*Click on Complete System Scan and the scan will begin.
This scan can take quite a while to run, so please be patient .
While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose Clean. Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
Now close Ewido Anti Malware..
Reboot normally.
*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
If that does not resolve your problem (or if you do not have XP) go here and follow the step-by-step instructions:
http://www.bleepingcomputer.com/forums/topic43659.html
Message Edited by Bugbatter on 02-13-2006 07:11 PM
hey i have a problem with spyfalcon, i removed the spyfalcon spyware through spyware doctor but the popup bar still keeps bothering me, its still in my taskbar near the clock and every so often it tries to install spyfalcon again, can anybody help me wit this problem? appreciate it!
hi will it work on windows 2000 pro? i got hit with the Spy falcon 2.0 viurses this week been try to remove it with out killing any mager systems but have had no look hear that you know away to remove it i have norton 2006 running an it has not killed it so any ideas plz i will try the way you have hear when get home tonight thanks ged
I can give you only general instructions here without seeing a HijackThis log, but if you follow the directions at Bleeping Computer's link in my post above, it should work on Win2K.
I work in a computer repair shop in Lincoln, Nebraska and we have seen a sudden up tick in the number of people infected with a new variant of the SpyFalcon spyware infection. While the basic infection is the same, there are a few new files to worry about.
We have a free removal tutorial posted at http://www.schrockinnovations.com/removespyfalcon.php, but suddenly people started reporting that upon restarting their computers they were becoming reinfected. We have since found that two additional files are being installed now that were not before. We updated the fixsf.zip removal tool in the tutorial to include these files.
Good luck and please post back here and let us know if you have any problems getting it removed.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 13th, 2006 23:00
Try running Ewido. It works ONLY with WinXP/2K:
http://www.ewido.net/en/download/
Please follow the instructions provided. You may want to print out these instructions and use them as a reference.
Install Ewido Anti-Malware
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.
*Click on Ewido>Scanner
Then select "Settings"
Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
Select "OK" and you will return to scanning options.
*Click on Complete System Scan and the scan will begin.
This scan can take quite a while to run, so please be patient .
While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose Clean. Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
Now close Ewido Anti Malware..
Reboot normally.
*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
If that does not resolve your problem (or if you do not have XP) go here and follow the step-by-step instructions:
http://www.bleepingcomputer.com/forums/topic43659.html
Message Edited by Bugbatter on 02-13-2006 07:11 PM
hc4
59 Posts
0
February 16th, 2006 10:00
remyx187
2 Posts
0
March 7th, 2006 22:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 7th, 2006 23:00
http://www.bleepingcomputer.com/forums/topic43659.html
Included is an excellent step-by-step guide with screenshots.
Firefox11
2 Posts
0
March 9th, 2006 12:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 9th, 2006 16:00
If you want someone to walk you through the fix, post a HijackThis log here:
http://forums.us.dell.com/supportforums/board?board.id=si_hijack
FordJenn
1 Message
0
May 8th, 2006 16:00
I work in a computer repair shop in Lincoln, Nebraska and we have seen a sudden up tick in the number of people infected with a new variant of the SpyFalcon spyware infection. While the basic infection is the same, there are a few new files to worry about.
We have a free removal tutorial posted at http://www.schrockinnovations.com/removespyfalcon.php, but suddenly people started reporting that upon restarting their computers they were becoming reinfected. We have since found that two additional files are being installed now that were not before. We updated the fixsf.zip removal tool in the tutorial to include these files.
Good luck and please post back here and let us know if you have any problems getting it removed.
http://www.schrockinnovations.com
http://www.thorschrock.com