Categories: Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".
This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk How to detect SpyFalcon:
Files:
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk
Folders:
[%PROGRAMS%]\spyfalcon
[%PROGRAM_FILES%]\SpyFalcon
[%PROGRAM_FILES%]\spyfalcon
Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}
HKEY_CLASSES_ROOT\interface\{001501e7-c970-4cb1-9740-e055bf3ddfd6}
HKEY_CLASSES_ROOT\interface\{0fbbbc44-296d-4a2f-af45-be1ee387f569}
HKEY_CLASSES_ROOT\interface\{163469fd-6009-48e2-ad8c-47bb2e0d88be}
HKEY_CLASSES_ROOT\interface\{1694e5c6-9e1f-4c3b-b79a-828c2fc40003}
HKEY_CLASSES_ROOT\interface\{200bd3a6-a02b-4bac-a364-a9d8017e3c4e}
HKEY_CLASSES_ROOT\interface\{20c59f9f-33cb-4b1b-afb6-b710db845709}
HKEY_CLASSES_ROOT\interface\{23d80835-4a3a-4572-9f5f-3f24a7a28ae5}
HKEY_CLASSES_ROOT\interface\{255cdda3-576b-44c9-b944-46eac18d5d6f}
HKEY_CLASSES_ROOT\interface\{3261f690-1ca4-4839-928b-f4f898b74eb7}
HKEY_CLASSES_ROOT\interface\{37b9988b-1997-41f4-a832-dae42cc3f7c2}
HKEY_CLASSES_ROOT\interface\{5b861fb8-903c-4996-b1d3-e9a86ed4bbcf}
HKEY_CLASSES_ROOT\interface\{6876543e-da55-4f90-9cd2-5ed380d9516c}
HKEY_CLASSES_ROOT\interface\{701e8c3a-7910-4ccd-a9f8-7b9a5f5b3947}
HKEY_CLASSES_ROOT\interface\{850300d6-d53b-4720-9372-6d31b85537e1}
HKEY_CLASSES_ROOT\interface\{8c803228-bd61-4744-8b79-949e3f512ddc}
HKEY_CLASSES_ROOT\interface\{b7c685f0-1804-4382-a8ef-17d33df97069}
HKEY_CLASSES_ROOT\typelib\{244b730e-d899-4e38-9428-03d1143242e0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyfalcon
HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon
HKEY_CLASSES_ROOT\clsid\{330a77c2-c15a-43b5-055c-b4e35eaed279}
HKEY_CURRENT_USER\software\classes\clsid\{c9fa1dc9-1fb3-c2a8-2f1a-dc1a33e7af9d}
HKEY_LOCAL_MACHINE\software\spyfalcon
Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spyfalcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Removing SpyFalcon:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Remove Bancos.GQA Trojan
Win32.Nulnuler Trojan Symptoms
Remove BagleDl.AH Trojan
YahooAssistant Toolbar Symptoms
Fun.Screenz Adware Information
No comments:
Post a Comment