A known rogue anti-spyware program called SpyFalcon has latched on to my system and won't, despite several efforts, let go. It has been uninstalled several times; however, to no avail. It keeps replicating and reinstalling itself through what appears to be a flashing icon on the task bar. This flashing icon swtiches from a blue one (which I have been unable to identify to describe it) to a red circle containing a white "X" and periodically a message box will appear that reads "Your computer is infected" and asks (more like demands) that SpyFalcon be used to correct the problem. Any ideas as to where and how to attack this little monster would be very much appreciated.
This question was answered on February 13, 2006. Much of the information contained herein may have changed since posting.
Removing SpyFalcon is a somewhat difficult and complex task Read the following directions carefully before proceding I would reccomend printing them out before attempting the process Programs you will need to download are smitRem.exe and FixSpyFalcon.reg These are free and can be easily found through a Google search.
* Download smitRem.exe to desktop
* Double-click smitRem.exe.
* Click Start
* Confirm box "All files have been extracted" by pressing OK
* Download to desktop FixSpyFalcon.reg
* Reboot into safe mode (Restart the computer, press the F8 button as the machine is rebooting A menu will appear listing several startup options Use the arrow keys to highlight "Safe Mode" and hit enter When Windows loads it should say "Safe Mode" in all 4 corners.
* Double-click downloaded file FixSpyFalcon.reg.
* Choose "yes" when asked "Are you sure you want to add the information to the registry".
* Delete folder C:\Program Files\SpyFalcon
* Delete file C:\Windows\system32\dxmpp.dll
* Locate smitRem folder on desktop and run RunThis.bat file to start clean SpyFalcon infection.
* After smitRem has finished a file named smitfiles.txt should appear in c:\ directory If SpyFalcon was removed successfully, file content should say that.
* Reboot the machine into NORMAL MODE
* Now SpyFalcon should be gone
About the author
Posted by daryl of Katharine Gibbs School - New York on February 13, 2006