SpyFalcon still won't go away?

Firstly, thank you Tim for responding to my account problem (stupid email), and to anyone who reads, pardon me, I think this is the proper way listed in the faq...



Yesterday, I came home and when I brought my computer out of idle, I noticed this odd popup in the tray. After the first dozen popups in 20 seconds, I went looking for some way to get rid of it, since spybot and avg didnt seem to sense it. After following the instructions here (which are pretty much identical to all instructions I could find) I still have the little icon in the tray that keeps popping up. It seems to be slowly eatting system resources, and I can not use any program in full screen mode, since the popup kicks it to desktop. Per the instructions, I deleted the twain/twain32 stuff, as well as the spyfalcon file, however I was unable to locate the dxmpp.ddl file, which seems to be the big problem? and ginuerep.dll


I would really appreciate any responses I can get, and I will attempt to get any of the info. I will post the system info and what not momentarily.

 

Hi and Welcome to majorgeeks

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

In addition run SpyFalcon Removal Procedure

Post teh smitfiles.txt in addition to the other logs.

 

Apologies, the scans took alot longer than I had thought

Edit: I ran the spyfalcon removal procedure as listed, however I never found many of the files listed to delete, and the tray icon ( green handicapped fellow + red circle with a slash) is still there.

 

Delete the following files:
C:\WINDOWS\SYSTEM32\Process.exe
C:\WINDOWS\SYSTEM32\regperf.exe

Follow the directions for the following:
Using GetRunKey
Running WinPfind by OldTimer

Post the runkey.txt and winpfind.txt files.

 

I deleted the process.exe file but did not find C:\WINDOWS\SYSTEM32\regperf.exe

I wasnt sure exactly, so i followed the instructions for the windpfind.txt and copied it from the program screen. I can add the one that was in the file as well, if needed

 

OK, neither one of those, showed what I was looking for.

From Normal Mode:

Download roguescanfix.exe , and save it to your desktop.
Double click roguescanfix.exe to install it.
Open the roguescanfix folder, and doubleclick run.bat. Make Sure you have an active internet connection!
Your desktop and icons will disappear and then reappear again, this is normal.
Wait till the message "Completed script execution" appears, then click OK.
Click "Exit" to close BFU.
Click "OK" to start the SpywareQuake/Spyfalcon uninstaller, after that click "uninstall". Please wait until it is finished.
WARNING: You will be asked to reboot your computer. Wait until the uninstallers did their job before clicking YES.

 

you mean in add/remove programs? I did that once before and it is no longer there...


Edit: sorry i misunderstood and i executed the script... the damned icon is still popping up

 

No, I meant that I didn't see what I expected in the registry.

 

i thought it was meant to run the uninstaller in the add/remove programs, i executed the bfu thing and the freaking icon is still in the tray. This thing is a nightmare, i cant do anything without it popping up and minimizing any window i am using

 

You weren't supposed to executer BFU, you were supposed to exit it; and run the uninstaller when prompted.

Give me a screen shot of your system tray. Spy Falcon shouldn't be this hard to uninstall.

 

after i exited bfu the first time, i was not prompted with anything. I waited for a little while and nothing happened, so i thought it meant i was supposed to execute the file listed.... sorry
Here are the pictures, i took two to show the 2 different flashes of it

 

I did as you asked. The notepad file had reglogs.dll listed i think..

edit: sorry misspelled

 

This is the new smitfile. The spyfalcon icon in the system tray seems to be gone! I rebooted twice to see if anything magically came back, but nothing so far! Thank you so much, but can I ask how you figured it was that reglogs thing?

 

Thanks, chas.

I thought that this might have been a new variant.