mookaloid
|
 posted on 9/2/06 at 09:24 PM |
|
|
SpyFalcon HELP
Help please!!!!!!
I don't know where the hell it came from but I have a problem with something called spyfalcon.
It has downloaded itself and installed on my pc I also seem to have something called downloader.zolob which I guess has something to do with it
This message keeps popping up all the time and if I click on the ballon it takes me to this spyfalcon thingy.
Help please - I can't work out if it's doing any harm - but I can't seem to get rid of it
Mark
 
Rescued attachment Virus alert.JPG
|
|
|
|
|
flak monkey
|
| posted on 9/2/06 at 09:36 PM |
|
|
You will be able to get rid of it by running an Anti Virus (something like AntiVir) scan. Along with Spybot seek and destroy, hijack this (not for the
fait hearted) and AdAware. All of those are free downloads.
Make sure you turn off system restore before running any of them. And if possible boot in safe mode to stop the spyware loading on start up as well
(makes for a more successful removal). If you dont know how to do either of those just ask  .
David
[Edited on 9/2/06 by flak monkey]
Sera
http://www.motosera.com
|
|
|
mookaloid
|
| posted on 9/2/06 at 09:46 PM |
|
|
Thanks mate I have Kaspersky installed, and have run scans using Spybot search and destroy, Adaware, Microsofts new antispyware and all those in safe
mode,
The bloody balloon keeps popping up even in safe mode and I cant' identify a process in task manager which stops it even in safe mode
AAARRRRRGGGGHHHHHH!!!!!!!!!!!!!!!
Not tried Hijack this yet....... will get it now.
ANy other ideas are welcome
Cheers
MArk
|
|
|
Howlor
|
| posted on 9/2/06 at 09:59 PM |
|
|
Try having a look in your system32 folder under windows and see if there are any suspicious applications created when the problem started. If so it
may be your problem. Sometimes it's a case of opeing up the regedit and doing a search for say spyfalcon to start with.
Also check under the program files directory for any new programs created around the time this started.
Spybot is certainly worth a try.
|
|
|
flak monkey
|
| posted on 9/2/06 at 10:04 PM |
|
|
Hi-Jack this will find the registry entries for it and you can then delete them.
There is also a program by the same people that made HiJack this called Startup List which finds all of the reg entries which load on start up and
give you their application paths. try running that as well to see if theres anything yo dont recognise in there.
It shouldnt start up in safe mode. If it does it might be a real pain to get rid of.
There are no mentions of it on google either unfortunately.
Often these things generate randomly named files which are an arse to find. If you know the time at which you got infected you can use windows search
to find the files modified around that time and delete them (careful what you delete though).
Also do make sure windows restore is turned off, otherwise it will just keep reinstalling itself everytime you restart.
David
Sera
http://www.motosera.com
|
|
|
mookaloid
|
| posted on 9/2/06 at 11:44 PM |
|
|
This is a description of what I have
http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal
B*****ds
|
|
|
mookaloid
|
| posted on 10/2/06 at 12:13 AM |
|
|
Sorted
Happy bunny now
|
|
|
