Re: WINDOWS DEFENDER

From: "aberdeenpirate35" <aberdeenpirate35@xxxxxxxxxxxxxxxxxxxxxxxxx>

| in the last 2 months i've been hit by the spyfalcon virus twice, after
| running norton antivrus software - which did nothing to eradicate the virus,
| i turned to microsofts security advise section, downloaded the "windows
| defender" and ran the scan. it didnt even detect any virus/ spyware on my pc.
| i then tried microsofts free online pc scanning tool for viruses and spyware,
| and still it didnt detect spy falcon. i have to say that microsofts security
| products are just not up to the task!?
| all in all i find both microsoft and norton useless in keeping up to date
| with the latest fixes to well known issues that have been around for quite
| some time.
| anyone else suffered from the spy falcon virus ?
| --
| aberdeenpirate

SyFalcon is NOT a virus !

SpyFalcon is a Rogue anti malware application that is listed on Spyware Warrior.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

What is important to note is that you get such malware either by choosing to install it or
by getting infected with certain dowloader Trojans such as ZLob, FakeAlert and SmitFraud.
The first thing to realize is that if you were hit with the SpyFalcon twice then there is
DEFINITELY something wrong. Eithewr your computing ptractices are so poor and Safe Hex is a
foreign concept or you never compltely remoced the underlying Trojans.



Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version...

C:\Program Files\Java\jre1.5.0_06


http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

Part 1
-----------

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: Bloody hound
    ... the popup indicating the filename and virus from my norton antivirus has ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Worm problem
    ... | I am just learning about this "worms & Virus". ... There are anti virus News Groups specifically for this type of discussion. ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsupdate)
  • Re: virus help
    ... There are anti virus News Groups specifically for this type of discussion. ... Download Adware-Virtumundo Removal Tool -- ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: virus
    ... | pop up warning about I have this virus mentioned. ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (alt.comp.anti-virus)
  • Re: XP is not dectecing my Spybot program
    ... I have update XP and Spybot within the ... | SpyFalcon just loaded a gain. ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.security_admin)
Quantcast