My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Adware.Spylocked.C

VERY LOW
VERY LOW
aprox. 3Mb
(AdwareDelete, AntiVirus Gold, SpyFalcon, SpyLocked, VirusBlast, VirusHeal, VirusRanger)

Symptoms

Popup messages about system infections.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

SpyFalcon is a rogue anti-spyware program. It can warn about false infection in a windows popup. The program uses ineffective malware detection engine. The software has a lot of twins which uses the same database and have a similar design : AdwareDelete, AntiVirus Gold, MalwareWiped, SpyAxe, SpyFalcon, SpyLocked, Spyware Sheriff, SpywareStrike, TitanShield AntiSpyware, VirusBlast, VirusHeal, VirusRanger


Removal of eventually malware it detects is bound by the purchase of the product. The update procedure of the software doesn’t work.

The SpyFalcon installs
• the following files on disk:

%install-folder%\blacklist.txt
%install-folder%\SFPopupBlocker.dll
%install-folder%\Uninstall.exe
%install-folder%\SpyFalcon.exe
%install-folder%\syg.db

• the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayIcon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayVersionHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\NSIS:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\UninstallStringHKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon
HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon\Language
HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon\refid




It creates an autorun registry value so it runs on every startup “SpyFalcon” in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

The rogue anti-spyware “family” has resembling interfaces and files :