Home & Home OfficeBusinessPartnersClubAbout Security Stronghold

SpyFalcon Removal: Remove SpyFalcon Forever

Let our support team solve your problem with SpyFalcon and repair SpyFalcon right now!

Leave the detailed description of your SpyFalcon problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix SpyFalcon problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete SpyFalcon problem removal solution.

Describe your problem here and we'll contact you in several minutes:

We'll reply you in 10 minutes or less
* Name:
* E-mail:
* Problem summary:
* Detailed problem
description:

We'll contact you in 10 minutes or less after you click on this button! Individual solution guaranteed!

Warning:

1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you SpyFalcon removal solution.
2) All fields of this form are obligatory.

Guaranteed Problem Solution
Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team. Let professionals make your problems solved now!
Download solution for SpyFalcon and spyfalcon.exe now!

What is SpyFalcon? Technical details of SpyFalcon problem and SpyFalcon removal tool

Methods for manual SpyFalcon removal

Free download of a program that will solve your problem automatically

Free instant professional support in solving SpyFalcon error from our Security Support Team

Threat's profile

Threat indicator: HIGH
 Name of the threat: SpyFalcon
Command or file name: spyfalcon.exe
Threat type: Adware
Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)

SpyFalcon intrusion method

SpyFalcon copies its file(s) to your hard disk. Its typical file name is spyfalcon.exe. Then it creates new startup key with name SpyFalcon and value spyfalcon.exe. You can also find it in your processes list with name spyfalcon.exe or SpyFalcon.

If you have further questions about SpyFalcon, please fill in the form above and we'll contact you shortly.

» Download program to remove SpyFalcon (SpyFalcon Removal Tool)

Recommended Solution

If you are not sure what to delete, use our award winning program - SpyFalcon Removal Tool.

SpyFalcon Removal Tool will find and fully remove SpyFalcon and all problems associated with SpyFalcon virus.

Fast, easy, and handy, SpyFalcon Removal Tool protects your computer against SpyFalcon that does harm to your computer and breaks your privacy. SpyFalcon Removal Tool scans your hard disks and registry and destroys any manifestation of SpyFalcon. Standard anti-virus software can do nothing against malicious programs like SpyFalcon. Remove SpyFalcon straight away!

» Download SpyFalcon Removal Tool now for free

How to fix SpyFalcon

This problem can be solved manually by deleting all registry keys and files connected with SpyFalcon, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by SpyFalcon.

To get rid of SpyFalcon, you should:

1. Kill the following processes and delete the appropriate files:

• spyfalcon.lnk
• spyfalcon.url
• stop.set
• stopapi4.dll
• syg.db
• thebat.api
• trojan.avb
• unace.api
• unarj.api
• uninstall spyfalcon 2.0.lnk
• unmscab.api
• unrar.api
• unzip.api
• virusdos.avb
• virusrescue v3.0.1 un-installer.lnk
• virusrescue v3.0.1 website.lnk
• virusrescue v3.0.1.lnk
• virusrescue.exe
• virusrescue.tlb
• virusrescue.url
• virusw32.avb
• vrext.dll
• vrlanguage.ini
• vrsvc.exe
• vr_setup_3_0.exe
• weekly.avb

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use SpyFalcon Removal Tool for safe problem solution.

2. Delete the following malicious folders:

• C:\Program Files\spyfalcon\logs\
• C:\Program Files\spyfalcon\quarantine\
• C:\Documents and Settings\User\application data\microsoft\internet explorer\quick launch\
• C:\Documents and Settings\User\start menu\programs\spyfalcon\
• %autostart% \virusrescue\
• C:\Program Files\virusrescue\languages\
• C:\Program Files\virusrescue\

3. Delete the following malicious registry entries and\or values:

• Key: Interface\{001501E7-C970-4CB1-9740-E055BF3DDFD6}
  Value: @

• Key: Interface\{0FBBBC44-296D-4A2F-AF45-BE1EE387F569}
  Value: @

• Key: Interface\{163469FD-6009-48E2-AD8C-47BB2E0D88BE}
  Value: @

• Key: Interface\{1694E5C6-9E1F-4C3B-B79A-828C2FC40003}
  Value: @

• Key: Interface\{200BD3A6-A02B-4BAC-A364-A9D8017E3C4E}
  Value: @

• Key: Interface\{20C59F9F-33CB-4B1B-AFB6-B710DB845709}
  Value: @

• Key: Interface\{23D80835-4A3A-4572-9F5F-3F24A7A28AE5}
  Value: @

• Key: Interface\{255CDDA3-576B-44C9-B944-46EAC18D5D6F}
  Value: @

• Key: Interface\{3261F690-1CA4-4839-928B-F4F898B74EB7}
  Value: @

• Key: Interface\{37B9988B-1997-41F4-A832-DAE42CC3F7C2}
  Value: @

• Key: Interface\{5B861FB8-903C-4996-B1D3-E9A86ED4BBCF}
  Value: @

• Key: Interface\{6876543E-DA55-4F90-9CD2-5ED380D9516C}
  Value: @

• Key: Interface\{701E8C3A-7910-4CCD-A9F8-7B9A5F5B3947}
  Value: @

• Key: Interface\{850300D6-D53B-4720-9372-6D31B85537E1}
  Value: @

• Key: Interface\{8C803228-BD61-4744-8B79-949E3F512DDC}
  Value: @

• Key: Interface\{B7C685F0-1804-4382-A8EF-17D33DF97069}
  Value: @

• Key: software\microsoft\windows\currentversion\run\nav
  Value: @

• Key: CLSID\{CF79DAB6-0AFE-4678-856D-44574D91915C}
  Value: AppID

• Key: CLSID\{CF79DAB6-0AFE-4678-856D-44574D91915C}\AppID

• Key: CLSID\{CF79DAB6-0AFE-4678-856D-44574D91915C}\LocalServer32

• Key: CLSID\{CF79DAB6-0AFE-4678-856D-44574D91915C}\TypeLib

• Key: AppID\{CF79DAB6-0AFE-4678-856D-44574D91915C}

• Key: AppID\{CF79DAB6-0AFE-4678-856D-44574D91915C}\AppID

• Key: TypeLib\{C7DF0578-D732-4BFB-A65B-89C1CCEA01CC}\1.0

• Key: TypeLib\{C7DF0578-D732-4BFB-A65B-89C1CCEA01CC}\1.0\0\win32

• Key: TypeLib\{C7DF0578-D732-4BFB-A65B-89C1CCEA01CC}\1.0\FLAGS

• Key: TypeLib\{C7DF0578-D732-4BFB-A65B-89C1CCEA01CC}\1.0\HELPDIR

• Key: AppID\{53A8703F-53BF-4C44-8DAF-FA254A1E1B8C}

• Key: VRExt.VRShlExt.1

• Key: VRExt.VRShlExt.1\CLSID

• Key: VRExt.VRShlExt

• Key: VRExt.VRShlExt\CLSID

• Key: VRExt.VRShlExt\CurVer

• Key: CLSID\{753D7DED-2454-44A3-959D-DC3700FC6B6E}
  Value: AppID

• Key: CLSID\{753D7DED-2454-44A3-959D-DC3700FC6B6E}\ProgID

• Key: CLSID\{753D7DED-2454-44A3-959D-DC3700FC6B6E}\VersionIndependentProgID

• Key: CLSID\{753D7DED-2454-44A3-959D-DC3700FC6B6E}\InprocServer32
  Value: ThreadingModel

• Key: CLSID\{753D7DED-2454-44A3-959D-DC3700FC6B6E}\TypeLib

• Key: *\shellex\ContextMenuHandlers\VRShlExt

• Key: Folder\shellex\ContextMenuHandlers\VRShlExt

• Key: TypeLib\{2E88F662-2027-421D-9874-F3DBC2207BAB}\1.0

• Key: TypeLib\{2E88F662-2027-421D-9874-F3DBC2207BAB}\1.0\FLAGS

• Key: TypeLib\{2E88F662-2027-421D-9874-F3DBC2207BAB}\1.0\0\win32

• Key: TypeLib\{2E88F662-2027-421D-9874-F3DBC2207BAB}\1.0\HELPDIR

• Key: Interface\{598CA4D5-6870-47F0-B513-E3EFBA809B22}

• Key: Interface\{598CA4D5-6870-47F0-B513-E3EFBA809B22}\ProxyStubClsid

• Key: Interface\{598CA4D5-6870-47F0-B513-E3EFBA809B22}\ProxyStubClsid32

• Key: Interface\{598CA4D5-6870-47F0-B513-E3EFBA809B22}\TypeLib
  Value: Version

• Key: Interface\{598CA4D5-6870-47F0-B513-E3EFBA809B22}\NumMethods

• Key: CLSID\{598CA4D5-6870-47F0-B513-E3EFBA809B22}\InProcServer32
  Value: ThreadingModel

• Key: CLSID\{598CA4D5-6870-47F0-B513-E3EFBA809B22}

• Key: Software\Microsoft\Windows\CurrentVersion\App Paths\virusrescue.exe

• Key: System\ControlSet001\Services\vrsvc
  Value: ImagePath

• Key: System\ControlSet001\Services\vrsvc\Emun

• Key: System\ControlSet001\Services\vrsvc\Security
  Value: Security

• Key: CLSID\{F80DB5A5-A885-7370-4983-841F62A80AF2}\0

• Key: Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}

• Key: Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid

• Key: Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid32

• Key: Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\TypeLib
  Value: Version

• Key: Software\VirusRescue\OnAccess
  Value: Status

• Key: Software\VirusRescue
  Value: aid

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: DisplayName

• Key: SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\InprocServer32
  Value: ThreadingModel

• Key: SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\InprocServer32\1.1.4322
  Value: ImplementedInThisVersion

• Key: SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\InprocServer32\2.0.50727
  Value: ImplementedInThisVersion

• Key: SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\ProgID

• Key: SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\Server

• Key: SOFTWARE\Classes\SpyFalcon.PopupBlockerConnector.1

• Key: SOFTWARE\Classes\SpyFalcon.PopupBlockerConnector.1\CLSID

• Key: SOFTWARE\Classes\SpyFalcon.PopupBlockerConnector

• Key: SOFTWARE\Classes\SpyFalcon.PopupBlockerConnector\CLSID

• Key: SOFTWARE\Classes\SpyFalcon.PopupBlockerConnector\CurVer

• Key: SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}

• Key: SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\ProgID

• Key: SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\VersionIndependentProgID

• Key: SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\Programmable

• Key: SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\LocalServer32

• Key: SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\TypeLib

• Key: Software\VirusRescue
  Value: Path

• Key: Software\VirusRescue
  Value: dir

• Key: Software\VirusRescue
  Value: installid

• Key: Software\VirusRescue
  Value: Language

• Key: Software\VirusRescue
  Value: TipDay

• Key: Software\VirusRescue
  Value: TipIndex

• Key: Software\VirusRescue
  Value: FirstRun

• Key: System\CurrentControlSet\Services\vrsvc
  Value: Type

• Key: System\CurrentControlSet\Services\vrsvc
  Value: Start

• Key: System\CurrentControlSet\Services\vrsvc
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\vrsvc
  Value: ImagePath

• Key: System\CurrentControlSet\Services\vrsvc
  Value: DisplayName

• Key: System\CurrentControlSet\Services\vrsvc\Security
  Value: Security

• Key: System\CurrentControlSet\Services\vrsvc
  Value: ObjectName

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VRSVC\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\vrsvc\Enum

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\vrsvc\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\vrsvc\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\LEGACY_VRSVC\0000\Control
  Value: ActiveService

• Key: AppID\VRExt.DLL
  Value: AppID

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: UninstallString

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: DisplayIcon

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: DisplayVersion

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: NSIS:StartMenuDir

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: URLInfoAbout

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: Publisher

• Key: System\ControlSet001\Services\vrsvc
  Value: DisplayName

• Key: System\ControlSet001\Services\vrsvc
  Value: ErrorControl

• Key: System\ControlSet001\Services\vrsvc
  Value: ObjectName

• Key: System\ControlSet001\Services\vrsvc
  Value: Start

• Key: System\ControlSet001\Services\vrsvc
  Value: Type

• Key: System\ControlSet001\Services\vrsvc\Emun
  Value: Count

• Key: System\ControlSet001\Services\vrsvc\Emun
  Value: NextInstance

• Key: System\ControlSet001\Services\vrsvc\Enum

• Key: System\ControlSet001\Services\vrsvc\Enum
  Value: Count

• Key: System\ControlSet001\Services\vrsvc\Enum
  Value: NextInstance

• Key: Software\VirusRescue
  Value: Path

• Key: Software\VirusRescue
  Value: dir

• Key: Software\VirusRescue
  Value: installid

• Key: Software\VirusRescue
  Value: TipDay

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: UninstallString

• Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue
  Value: DisplayIcon

• Key: Software\VirusRescue
  Value: aid

• Key: Software\VirusRescue
  Value: installid

• Key: Software\VirusRescue
  Value: TipDay

• Key: SOFTWARE\Licenses
  Value: {I484BBA8980BF0CFD}

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
  Value: DisplayName

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
  Value: DisplayVersion

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
  Value: NSIS:StartMenuDir

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
  Value: URLInfoAbout

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
  Value: Publisher

• Key: SOFTWARE\SpyFalcon
  Value: refid

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
  Value: UninstallString

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
  Value: DisplayIcon

Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use SpyFalcon Removal Tool for safe problem solution.

Next threat: IRC.ZCrew.B »

Learn more about SpyFalcon and spyfalcon.exe »

« Back to catalog

Solution: 772
Home | Partners | Shop | Support | Contact Us | Privacy Policy | Sitemap

Copyright © 2003-2009 Security Stronghold. All Rights Reserved.