Spyfalcon - Ouch!

markysparky · 9 May 2006 at 13:31

Unfortunately, the other night my pc was infected by spy falcon. It hijacked my browser put false security warnings on my pc and redirected me to there website. anyhow i did a system restore but this left some files still on the pc which i was unable to remove. Anyway reinstalled windows but used the quick format option to format my hard drive. will the quick format be enough to remove the malware

tedaC · 9 May 2006 at 13:33

Im sure a quick format would remove the malware but its a little over the top ...

there are plenty of sites out there that will help you get rid of the malware (like the one in my sig)

but the short answer is yes

AJUK · 9 May 2006 at 13:33

markysparky said:
Unfortunately, the other night my pc was infected by spy falcon. It hijacked my browser put false security warnings on my pc and redirected me to there website. anyhow i did a system restore but this left some files still on the pc which i was unable to remove. Anyway reinstalled windows but used the quick format option to format my hard drive. will the quick format be enough to remove the malware

Yes. But it would be better if you use a zero overwrite such as ActiveKilldisk or Dariks Nuke and Boot just to be sure.

stoofa · 9 May 2006 at 15:40

SpyFalcon has got to be the best (or worst depending on how you look at it) of the Spyware programs out there at the moment.
I of course hate it, I hate it to death and whoever has anything to do with it's programming should be shot, hung and then beaten with a stick.

However it is the most impressive with regards it's persistence once it gets onto a system.
I've spent literally a day on a couple of machines attempting to remove it and all traces of it.
I've thrown all of the usual Spyware programs at it which inform me they have dealt with the situation until you reboot the system and once again everything is infected.

For future reference I'll dig out the method I eventually found does work to get rid of it.
It's a combination of using the general anti Spyware tools available and some manual registry edditing but it does thankfully get rid of the damn thing at the end.

The_KiD · 9 May 2006 at 16:15

Look for a tool called smitrem and use that.

Putty · 9 May 2006 at 16:27

Hijack This is another handy program, sorted out the various problems I had with spyware.

Caged · 9 May 2006 at 16:37

AJUK said:
Yes. But it would be better if you use a zero overwrite such as ActiveKilldisk or Dariks Nuke and Boot just to be sure.

It makes no difference. Unless there's malware which has built in file recovery software to resurrect pre-format crap.

The_KiD · 9 May 2006 at 17:36

I think Putty meant "hiJackThis" however dont use this program without advice from someone who understands it usage.

SmitRem however should remove your infection completely.

http://noahdfear.geekstogo.com/click counter/click.php?id=1 <--- download smitrem.

HighlandeR · 9 May 2006 at 19:29

I agree its a nasty spyware, so far ive met many different effects of this malware/spyware and similar variants like Spyquake and other Smitfraud on customers pcs....

Ive gone to safe mode/ran smitrem

noahdfear.geekstogo.com

followed instructions and well its not worked totaly, it has removed quite a lot of junk but never fixed it 100% but like they suggest run adware 1.6 + latest defs and ewido + latest updates all under safe mode and then u can have an almost back to normal pc

BUT as already suggested the best cure is the quick format/reloading of XP... if your smart enough u would have backed up already so within 2-3 hours max u will be back to square one accept 100% virus/spyware proof.

Course if your even smarter then smart you would have created 3 Acronis images (Or ghost images) one where u just done a fresh XP install/2nd where u done a mid way ie winXP + full online updates/ 3rd one where u got your software/settings installed that way u can be back to square one within 10 minutes regardless

AJUK · 10 May 2006 at 09:02

Caged said:
It makes no difference. Unless there's malware which has built in file recovery software to resurrect pre-format crap.

It is always a possibility and you do realise that formatting a hard drive doesn't destroy the data on it?

Caged · 10 May 2006 at 09:48

Yes, but the data isn't readable without special software tools. Windows can't see it, it just assumes it's empty. Therefore there's no chance the spyware can re-infect just because it happens to be in a part of the drive that Windows has marked down as empty.