SpyFalcon

Description:	Spyware
Risk Level:	High
Date of First Occurence:	Wednesday, April 23, 2008
Software Developer:	(unknown)
Brief Info:	SpyFalcon is an adware that issue fake warnings on your computer that it is infected with spyware and will convinced the user to purchased the full version.
Removal:	This threat can be removed using "Spyware Terminator"

RIMUOVI SPYWARE »

Geographical Distribution of Threat "SpyFalcon"

Threat Info

View All

Detected Items

Detected Files: %SYSDIR%\winzzd32.dll MD5: 25A3A19919B91DB55FD307541C952B33 Size:39936 MD5: DBC6A7DBC1001DB6DCF32C8603A153E4 Size:32768 MD5: 814B3C26B0710D6A5DFDF66CBF8FCC2C Size:32256 MD5: 101CA3A57173211714C244615B99C970 Size:24576 MD5: 680E9DA4FEBB70675F553019FD82424C Size:31744 %SYSDIR%\GUXXA.DLL MD5: 7737DDF990CCDA3723B1C1084C4BEAA1 Size:176128 %SYSDIR%\WINZZD32.DLL MD5: 9C557813E003F524D3A1CEF239DF7815 Size:39424 MD5: 1CCF7161FE07085E61FEA6BE5F5CE3B8 Size:25600 MD5: 964D7E84B42755EAADA158942606372D Size:32256 MD5: 0A86080E81C6A4590928F62A5C2A44D2 Size:32768 MD5: 349753CECA34D5DF96818CBE0C1ECE51 Size:31744 MD5: 43EDF02BFC1D593237895CDD57995349 Size:25600 MD5: 2CBA3F4F5CFC05562A2020C3B17A048A Size:32256 %SYSDIR%\WINOPN32.DLL MD5: B309F9FB793B2846D2554CFCC939112E Size:39936 MD5: D522663D16F81B3FCE6716F6AE58673A Size:32768 MD5: D45748E8C72A9C6A76FBAE29799191EE Size:32256 MD5: 7FE5FBF4615AD9866DFCF51D913BFB7D Size:32768 MD5: 6C760C32849ED821B4E749B07E5F36EC Size:33280 MD5: 2AE2940C43FC168424E9F884462B25C4 Size:32768 MD5: 82D27F360D80B3B8DB1CE3C025C9AA15 Size:32256 %SYSDIR%\winopn32.dll MD5: 0BD55A097A063DE78B03AD9D7C99579C Size:32256 MD5: 89824E25D39BB8E69FF5C311C5DC7CE9 Size:33280 MD5: C40E07181FDC4C6460569B3AFB877C96 Size:32768 MD5: B67BF87BA4F7689E88CF2F1A1ED5DAF3 Size:33280 MD5: 8C47C091DDE35BF14C41678674772522 Size:32768 MD5: 93C2FDD4DFECAF359FEBD52999E49F5F Size:33280 MD5: EC59C289CE94F0D407DB30AA6AB7B76C Size:32256 MD5: 9D00D09474166692F310B9DE3B2F5CCB Size:32768 %TEMP%\saC0.exe MD5: 4A4BA5E01FCEFF868F04ACD3606F8D09 Size:2024710 MD5: BAF17A11A84CF5EFC028C4F2B2327969 Size:1699840 %PROGRAMFILES%\SpyFalcon\uninst.exe MD5: C254FE796E6C33053BCF83E588D71043 Size:41436 %PROGRAMFILES%\SpyFalcon\msvcr71.dll MD5: 86F1895AE8C5E8B17D99ECE768A70732 Size:348160 %PROGRAMFILES%\SpyFalcon\msvcp71.dll MD5: 561FA2ABB31DFA8FAB762145F81667C2 Size:499712 %SYSDIR%\STICKREP.DLL MD5: DDAE8152106E4477B235160DA187FF2C Size:176128 MD5: 64A2C85D348AFBA55C30BC287482CB08 Size:176128 %SystemDiskRoot%\System Volume Information\_restore{8770B9C4-75A6-43F3-9552-0630F2796A6B}\RP180\A0683224.exe MD5: EFC3899410403E713BF3C78A27257A9B Size:1744896
Detected Files with variable Filenames:

Detecting items list:

Files by Name %APPDATA%\Microsoft\Internet Explorer\Quick Launch\SpyFalcon ?.*.lnk %DESKTOP%\SpyFalcon.lnk %DESKTOP%\SpyFalcon.lnk %START_PROGRAMS%\SpyFalcon\SpyFalcon ?.? Website.lnk %START_PROGRAMS%\SpyFalcon\SpyFalcon ?.*.lnk %START_PROGRAMS%\SpyFalcon\Uninstall SpyFalcon ?.*.lnk %START_MENU%\SpyFalcon ?.*.lnk %PROGRAMFILES%\SpyFalcon\SpyFalcon.exe %PROGRAMFILES%\SpyFalcon\msvcr71.dll %PROGRAMFILES%\SpyFalcon\msvcp71.dll %PROGRAMFILES%\SpyFalcon\uninst.exe %sysdir%\dxmpp.dll %APPDATA%\microsoft\dxmpp.dll %sysdir%\GINUEREP.DLL %systemdiskroot%\SpyFalcon.exe %TEMP%\saC0.exe %sysdir%\WINZZD32.DLL %sysdir%\STICKREP.DLL %sysdir%\APPMAGR.DLL %sysdir%\WINOPN32.DLL %sysdir%\SBNUDH.DLL %sysdir%\WINBFC32.DLL %sysdir%\REGLOGS.DLL %sysdir%\higjxe.dll %sysdir%\GUXXA.DLL
Files by MD5 MD5: EFC3899410403E713BF3C78A27257A9B Size: 1744896
Files by Directories %PROGRAMFILES%\SpyFalcon %START_PROGRAMS%\SpyFalcon %START_PROGRAMS%\SpyFalcon
Files by CLSID or Name CLSID=330A77C2-C15A-43B5-055C-B4E35EAED279 CLSID=35a88e51-b53d-43e9-b8a7-75d4c31b4676
Registry Keys HKCR\Interface\{001501E7-C970-4CB1-9740-E055BF3DDFD6} HKCR\Interface\{0FBBBC44-296D-4A2F-AF45-BE1EE387F569} HKCR\Interface\{163469FD-6009-48E2-AD8C-47BB2E0D88BE} HKCR\Interface\{1694E5C6-9E1F-4C3B-B79A-828C2FC40003} HKCR\Interface\{200BD3A6-A02B-4BAC-A364-A9D8017E3C4E} HKCR\Interface\{20C59F9F-33CB-4B1B-AFB6-B710DB845709} HKCR\Interface\{23D80835-4A3A-4572-9F5F-3F24A7A28AE5} HKCR\Interface\{255CDDA3-576B-44C9-B944-46EAC18D5D6F} HKCR\Interface\{3261F690-1CA4-4839-928B-F4F898B74EB7} HKCR\Interface\{37B9988B-1997-41F4-A832-DAE42CC3F7C2} HKCR\Interface\{5B861FB8-903C-4996-B1D3-E9A86ED4BBCF} HKCR\Interface\{6876543E-DA55-4F90-9CD2-5ED380D9516C} HKCR\Interface\{701E8C3A-7910-4CCD-A9F8-7B9A5F5B3947} HKCR\Interface\{850300D6-D53B-4720-9372-6D31B85537E1} HKCR\Interface\{8C803228-BD61-4744-8B79-949E3F512DDC} HKCR\Interface\{B7C685F0-1804-4382-A8EF-17D33DF97069} HKCR\SpyFalcon.PopupBlockerConnector HKCR\SpyFalcon.PopupBlockerConnector.1 HKCR\TypeLib\{244B730E-D899-4E38-9428-03D1143242E0} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyFalcon.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon HKLM\SOFTWARE\SpyFalcon
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=SpyFalcon

« Go to Software Database

Cerca nel nostro database dei software

Sfoglia il database dei software

Ultimissime notizie sui Malware

23. settembre 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notizie sui vecchi malware »