• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 499
  • Last Modified:

SpyFalcon Advertisment


i was erm...... looking at PORNO!:D and stupidly installed some porno thing

my anti-virus didnt pop-up at all, untill AFTER i had installed it in which case it was a lil too late

i immedietely rebooted into safe mode and ran my virus scanner (NOD32), but when i got into safe mode, the virus STILL appeared in my system trya :O

its basically the Windows Accessability icon and it keeps swapping to a red cirlce wid a red line going though it and back every second

i also get a pop-up message coming up everymin or so about how i have a virus or some shit (oviously its the virus causeing this message) and when i click on the message it takes me to SpyFalcon homepage

NOD32 anti-virus scanner(from safe mode) reported 2 files in C:\Windows\system32\ win32.exe and svhost.exe, both were infected + deleted, yet i still had it in taskbar after a reboot?

so i looked on google for SpyFalcon removal tools but none of them work, i DONT have the SpyFalcon folder in /Program Files/ and i dont have it in add / remove programs

from what i can see all i have is the advertisment for it and NOT SpyFalcon itself, but then again what do i know, lol

http://www.aohost.co.uk/spyfalcon.jpg <<< theres a picture of the pop-up message, and as you can see, the disabled person in the task bar(next to VNC)
  • 3
  • 3
  • 3
2 Solutions
Greetings, Nightma12 !

Use SymRemFix to remove SpyFalcon.  Follow the instructions in this website

Best wishes!
Nightma12Author Commented:
those were the exact steps that i got from google myself that did not work

i personally dont think i have SpyFalcon? just some silly program advertising it that wont go from my taskbar :@

dont know though

You ran SymRemFix?  Let see your HijackThis log. Download HijackThis


Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi Nightma112,

Run these tools:
1.  Download roguescanfix_setup.
Doubleclick roguescanfix_setup to install it.

After the installation, you will be prompted if you would like to run roguescanfix now. Click "YES" to start the tool.

Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.
If your firewall gives an alert, allow it instead of blocking it.
In case you still get the message BFU.exe is not present, download BFU.zip from here. http://www.merijn.org/files/bfu.zip
Unzip it and place BFU.exe in the c:\program files\roguescanfix-folder. Then doubleclick Roguescanfix.bat again.

The tool will uninstall some programs and delete related files and registry keys.
When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.
Please make sure the uninstall of the programs are finished before you click Yes to reboot.

2.  Please download SmitfraudFix:
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
Once in Safe Mode, open the SmitfraudFix folder again and double-click
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.

Nightma12Author Commented:

rpggamergirl: will these removes my themes and such? as i ran SysRemFix that war1 posted and it  deleted my themes, resized my taskbar and removed my wallpaper
Regarding your HijackThis log, put a check mark by the following items, and then click "Fix Checked"

O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)                         O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp4586.tmp (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)                 
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

If you did install these items, have HijackThis remove it

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

Use the reg file here to restore your wallpaper
Just fix this entrries:
O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)    
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp4586.tmp (file missing)

The SmitfraudFix will remove the desktop background if run in a non-infected computer.

I suggest you just run the Rougescanfix.
Nightma12Author Commented:
Rougescanfix done the trick :)

Thanks! :D
Glad to hear it's gone.

Thanks for the points! :)

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now