Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

spy falcon - why did norton not stop it! 1

Status
Not open for further replies.
1DMF

1DMF

Programmer
Jan 18, 2005
8,795
GB
I think i've just been infected with spy falcon, it's hijacking my home page sending me to some webpage saying i'm infected with spy ware.

I keep getting a windows looking security pop up notice and I have new icons on my desktop about security using the windows shield icon.

I have a full , up-to-date version of Norton V10.1 Corporate edition. Why has it not protected me. Where has this spyware come from and how the hell do I remove it.

I've always trusted Symantec/Norton, now i'm not so sure.

Any advice is very much appreciated.

Regards,
1DMF


"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.
 
Sort by date Sort by votes
Download hijack this from the link below.Please do this. Click here:


to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.




Download FixSF.reg to your desktop by right clicking on the following
link and then selecting Save Link As or Save File as, depending on your
browser.



Go to your desktop and double click on the FixSF.reg file that you
downloaded earlier. When it asks if you would like to merge the
information, press the Yes button and then the OK button.

Go to add/remove and uninstall spyfalcon!


Find the entry for SpyFalcon and double-click on it. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.


When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.


Delete the following files and folders (Do not be concerned if this folder does not exist):

C :\Windows\System32\dxmpp.dll
C:\Program Files\SpyFalcon\




* Click here to download smitRem.zip.





* Save the file to your desktop.
* Unzip smitRem.zip to extract the two files it contains.
* Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.



*Download Cleanup from Here






* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET



* Download the trial version of Ewido Security Suite.





* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.



* Click here for info on how to boot to safe mode if you don't already know how.





* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:



* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.



* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop






* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.


* Go to Control Panel > Internet Options. Click on the Programs tab
then click the "Reset Web Settings" button. Click Apply then OK.



* Next go to Control Panel > Display. Click on the "Desktop" tab then click
the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you
should see an entry checked called something like "Security info" or similar.
If it is there, select that entry and click the "Delete" button. Click OK
then Apply and OK.


* Restart back into Windows normally now.



Run an online antivirus check from






* Run ActiveScan online virus scan here



When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!



post another hijack this log, the ewido and active scan logs and
the contents of smitfiles.txt from the smitRem folder


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
what is this and why is a pop up window saying i'm infected with w32.sinnaka.a@mm , but norton removal does not find anything.

and sinnaka.a@mm is nothing to do with spy falcon

How did I get this on my PC, i've not had a virus/infection for ten years, i'm a carefull PC user, with always up-to-date virus/spyware protection.

Why have i got to run Kapersky, Panda & Ewido when Ewido is spyware itself!

I've tried Ewido , it forever claims to find stuff no other software i've used can find, i use Ewido to remove it and hey presto, Ewido claims the same stuff it suposedly cleared is still there and want's you to buy the full version. And I've had multiple users of Ewido report the same thing.

Anyone who suggests Ewido for removal is just trying to infect you even more!

My biggest concern is Symantec not protecting me, it looks like symantec is no longer valid protection for your system.

What would anyone recommend Sophos or McAfee





"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.
 
Upvote 0 Downvote
For now do an online scan such as Trend Micro...

housecall.trendmicro.com

And do this as well to rid the spyware:

Try Webroot spysweeper to make sure you are clean.

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

I would recommend looking at Sophos for an antivirus product if you are not satisfied with Symantec.

Hope that helps,

Erik
 
Upvote 0 Downvote
Hi

Found excellent removal tool for spyfalcon and you don't need to carry out the numerous steps elaborated above using about 4 antivirus software tools. Go to
It worked for me when a client of our company got infected.

Hope it helps!

notisis

P.S. I implore the "gentlemen" posting here grow up a little. Even if you don't have a brilliant weekend all. And buy your g/f wife some flowers - lol
 
Upvote 0 Downvote
Thanks for all your help guys, Notisis2's recommendation worked a treat, was easy to follow and now my PC is behaving as normal - phew!

I'm also in the process of moving over to Sophos, it seems Norton has not been keeping us up-to-date with the latest products & patches, even though we pay a yearly maintenance for this purpose.

We cannot afford to pay for a contract that does not provide the service purchased.

I understand Sophos auto updates not just the virus defenition and pushes it out to the client but also the program itself, ensuring the product is up-to-date with patches and new version releases.

It's a shame Norton has allowed their product and service to lapse like this, I have been a devout Norton/Symantec user for over 10 years, and this is the first time I have been infected, lets hope they catch up with the competition soon!

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.
 
Upvote 0 Downvote
I think you'll find that no one product will cover every eventuality. Sure, an up-to-date copy of Norton, Sophos or many of the others will stop most of 'em, but I end up using sometimes 4 different scanners to catch all...

ROGER - G0AOZ.
 
Upvote 0 Downvote
As I understand things having spoken direct with Sophos & Norton, neither runs correctly if there is any sign of another AV prduct on the computer.

Sophos told me that it won't even run or install until a special removal tool is used to get rid of Norton as the standard "Uninstall" method is not sufficient.





"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.
 
Upvote 0 Downvote
You're correct about Norton - a real pain to completely get rid of it - I invariably end up editing the Registry. And correct again about only having one scanner installed. I have a "clean" HDD with four partitions, each one with different AV software installed.

Re the special removal tool mentioned - will this cope with all versions of Norton? And a link if you have one please...

ROGER - G0AOZ.
 
Upvote 0 Downvote
wow 4 partitions for multi-boot, what a nightmare.

As for the removal tool, this is something Sophos told me I need to speak with Norton about.

However, I was not given funding to switch from Norton to Sophos by the MD, so have not investigated this any further and thus do not have the removal tool.

I was hoping this is something easily obtainable from Symantec website, so it might be worth having a quick search on there.

Sorry i can't help any further, good luck, let us know how you get on.

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.
 
Upvote 0 Downvote
wow 4 partitions for multi-boot, what a nightmare." Nope, dead easy. Installed XP Pro in a 10Gb partition on a 40Gb drive. Made an image and then just copied three times into separate 10Gb partitions. Loaded up MRBOOTER which is my favoured Boot Manager, booted into the first partition and then altered the BOOT.INI files of the other partitions so they all boot ok. Then loaded the different scanners into each partition. The suspect hard drive is then attached to machine on second IDE channel, and away we go!

ROGER - G0AOZ.
 
Upvote 0 Downvote
Sounds pretty neat G0AOZ, I don't have the space on my system for that type of thing, I'm looking to rebuild my system, but can't decide what way to go AMD or INTEL , I'm falling out of love with Intel rather rapidly over the last few years and the new AMD 64 M2 about to come out sounds like it will be impressive.

But that's going off on a tangent, I'll post in another forum and see what others think.

regards,
1DMF

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.
 
Upvote 0 Downvote
ONCE AGAIN!!!

@1DMF - Leave a LINK for the verification on YOUR statement that EWIDO is SPYWARE!!!

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
I work in a computer repair shop in Lincoln, Nebraska and we have seen a sudden up tick in the number of people infected with a new variant of the SpyFalcon spyware infection. While the basic infection is the same, there are a few new files to worry about.



We have a free removal tutorial posted at but suddenly people started reporting that upon restarting their computers they were becoming reinfected. We have since found that two additional files are being installed now that were not before. We updated the fixsf.zip removal tool in the tutorial to include these files.



Good luck and please post back here and let us know if you have any problems getting it removed.



 
Upvote 0 Downvote
I find Ewido to be a very good program, If it is finding the same spyware on each run you are being reinfected "have you turn off system restore ?" or it is a locked *.dll file that if you look at the details of what and where the file is a try to delete it even in save mode you will find it can't be deleted. I just worked on a winfixer2005 spyware infection that the dll was lockup and Ewido keep saying it deleted it but did not. I booted up Bert Pe and deleted it with Bert Pe. There is tools to removed winfixer but I just used Spybot S&D Adaware, Hijackthis and Bert Pe.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
237
2ffat
2ffat
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
211
Henry Pence
Henry Pence
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
487
ChrisHirst
ChrisHirst
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
205
DrB0b
DrB0b
2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
130
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top