|
Posted by David H. Lipman on March 11, 2006, 12:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Panda_man :
| Hello !
| I have read your site several times ...and I still remember the address ->
| elephantboycomputers.com
| The tool in Method 1 -> I would never use it.
| Even before downloaded ,Panda is detectiong it as a PUP/Hack Tool/
| I have submitted it to Panda Labs and the answer was NO FALSE POSITIVE =
| REALLY PUP(potentially unwanted software).
| Fortunately , the instructions ( in pandaman.my.contact.bg ) help .
| As I say in the web-site , if the fast instructions fails , the detailed
| helps and I have used Panda Titanium 2006 many times to remove SpyFalcon.
| (IMO -SpyFalcon is easy to remove nowadays) .However ,we have already
| discussed that so please let us not discuss it again .
| Again , thanks for reminding me to quote after the Original Post ,
| well...I'll try it.
| Thanks again.
| Panda_man
| --
| Prevention is always better than cure !
| Panda TruPrevent - the most intelligent technology to combat unknown malware
Well here is the 411 on this...
Such software is installed via a vulnerability exploitation or through an already
installed downloader Trojan. In this case it could have been one of the numerous
WMF Exploits or Sun Java. There are there the ZLob family of Trojans.
The problem is you aren't just targgeting the SpyFalcon. It is just the end
result of of an already exploited PC. One the PC is found to be vulnerable there
are numerous modifications to the OS and Registry. The tools that I suggest
specifically target a range of known files, Registry settings, HTML files,
Desktop alterations, Policy settings, etc.
The problem with V software is that it may find a Trojan or some Trojanized files
but they tend to fail in dealing with teh big picture of alterations and
modifications as well as the "sister" infectors that may be associated.
I don't mention,l although maybe I should, about plugging the WMF Exploit
vulnerability. I hope that Windows Update has already done so. However, as seen
in numerous HJT Logs, the Sun Java Vulnerability is addressed. Curing the
infection is only part of the issue, plugging the vulnerability hole is just as
important or there is a liklelyhood of re-infection.
You'll notice that I don't suggest my tool, Secure2K's or noahdfear's tool. Each
has its strengths and weaknesses dealing with the threat as a function of time.
Hopefully the use of multiple tools will mitigate the infection based upon the
fact that each is updated differently and for different aspects. The one thing
that sets my tool apart is not only is it hard coded for the known threats bu it
usdes the Mcafee command line scanner and its Heuristic and signature based
detection to catch what is not hard coded are is not targeted. I can also say
the my version of the SmitFraud Trojan tool is much more broad based and covers
many other threats. This includes the non-rootkit Apropos, Alexa, Delf family,
Surf Side Kick and many others.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by David H. Lipman on March 11, 2006, 12:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| my computer has recently become infected with spyware named spyfalcon, I
| have run my antispyware, adware and virus programmes which have located and
| deleted the affected files only for it to immediately reinstall. I have also
| used windows defender to no avail. my spyware is microsoft antispyware and
| ad-aware and antivirus AVG. Does anyone have any suggestions?
Two part reply..
Perform Part 1 then perform Part 2.
If the first two parts don't work, perform the alternate utility.
It is suggested that you execute each tool in Normal Mode then in Safe Mode.
If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being
exploited.
It is possible that is how you got infected with malware.
Therefore, it is highly suggested that if there are any prior versions of Sun
Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.
http://www.java.com/en/download/manual.jsp
Part 1
-----------
Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
http://www.bleepingcomputer.com/forums/topic43659.html
Part 2
-----------
Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe
Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your FireWall to enable WGET.EXE to download the needed McAfee related
files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it
will be displayed in your browser (Opera, FireFox or Internet Explorer).
However, if you are using WinXP, Win2K or Win2003 your system will be left in a
state where you will have to manually shutdown/reboot the PC. On Win9x/ME
platforms the report will not be shown in your bowser but your PC will
automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.
It would be best to scan in both Safe Mode and in Normal Mode and save a copy of
the HTML report for each session.
ALTERNATE:
Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
http://secured2k.home.comcast.net/tools/AntiPuper.exe
http://forums.mcafeehelp.com/viewtopic.php?t=65072
Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | The Difference Between Adware, Spyware and Anti-virus.(spyware blockers) | April 4, 2008, 5:53 am |
| http://www.spyware-solutions.info a website about spyware solutions | November 11, 2006, 8:07 pm |
| Spyware I think | November 16, 2005, 5:50 pm |
| Do I still have spyware? | June 28, 2006, 8:32 pm |
| Re: spyware | August 15, 2007, 4:39 am |
| spyware | June 7, 2008, 8:20 am |
| Spyware/malware | July 20, 2005, 6:09 am |
| spyware infected | July 24, 2005, 9:23 pm |
| spyware recovery | July 26, 2005, 12:58 am |
| spyware problem | December 10, 2005, 11:39 pm |
|
XML site map