Yoda virus Falcon Spyware
- Thread starter BPKBAC
- Start date
Download The cleaner from http://www.moosoft.com/products/cleaner/download/ and see if it detects and cleans it.
You can also try this link http://www.spyware-removal-guideline.com/spyfalcon-removal
You can also try this link http://www.spyware-removal-guideline.com/spyfalcon-removal
phreakwars
Active Member
From: http://www.short-media.com/forum/showthread.php?t=42678
The Fix - Win 2000/XP
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Download smitRem.exe and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Download FixSF.reg by right clicking here and selecting "save file as"
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
During the installation, you will see "Additional Options." When you do, uncheck "Install background guard" and "Install scan via context menu".
Once installed, open ewido
It will prompt you to update, click the OK button and it will go to the main screen
On the left side of the main screen click update
Click Start and let it update.
DO NOT run a scan yet.
Go to where you saved the FixSF.reg file that you downloaded earlier. Double-click the file and when it asks if you would like to merge the information, press the Yes button and then the OK button.
Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, go into Add/Remove Programs in Control Panel and look for SpyFalcon. If you find it, select the uninstall option. Do not restart the computer if you are told to.
Find and Delete the following Files and Folders. (Do not worry if the SpyFalcon Folder is not found)
C:\Windows\System32\dxmpp.dll << this file
C:\Program Files\SpyFalcon << this folder
If you can not find the dxmpp.dll file, then enable Hidden Files and Folders by doing the following and searching again:
* Double-click My Computer.
* Click the Tools menu, and then click Folder Options.
* Click the View tab.
* Clear "Hide file extensions for known file types."
* Under the "Hidden files and folders", select "Show hidden files and folders."
* Clear "Hide protected operating system files."
* Click Apply, and then click OK.
Close all programs and windows. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please keep that safe!
Run Ewido: (Do not use the computer while Ewido is scanning)
Click on scanner
Click Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop
Close Ewido
Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
Reboot back into Normal Mode
The Fix - Win 2000/XP
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Download smitRem.exe and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Download FixSF.reg by right clicking here and selecting "save file as"
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
During the installation, you will see "Additional Options." When you do, uncheck "Install background guard" and "Install scan via context menu".
Once installed, open ewido
It will prompt you to update, click the OK button and it will go to the main screen
On the left side of the main screen click update
Click Start and let it update.
DO NOT run a scan yet.
Go to where you saved the FixSF.reg file that you downloaded earlier. Double-click the file and when it asks if you would like to merge the information, press the Yes button and then the OK button.
Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, go into Add/Remove Programs in Control Panel and look for SpyFalcon. If you find it, select the uninstall option. Do not restart the computer if you are told to.
Find and Delete the following Files and Folders. (Do not worry if the SpyFalcon Folder is not found)
C:\Windows\System32\dxmpp.dll << this file
C:\Program Files\SpyFalcon << this folder
If you can not find the dxmpp.dll file, then enable Hidden Files and Folders by doing the following and searching again:
* Double-click My Computer.
* Click the Tools menu, and then click Folder Options.
* Click the View tab.
* Clear "Hide file extensions for known file types."
* Under the "Hidden files and folders", select "Show hidden files and folders."
* Clear "Hide protected operating system files."
* Click Apply, and then click OK.
Close all programs and windows. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please keep that safe!
Run Ewido: (Do not use the computer while Ewido is scanning)
Click on scanner
Click Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop
Close Ewido
Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
Reboot back into Normal Mode