BitDefender Antivirus
Contact Us | My BitDefender

Adware.Spylocked.C

( AdwareDelete, AntiVirus Gold, SpyFalcon, SpyLocked, VirusBlast, VirusHeal, VirusRanger )
Spreading: very low
Damage: very low
Size: aprox. 3Mb
Discovered: 2007 Oct 15

SYMPTOMS:

Popup messages about system infections.

TECHNICAL DESCRIPTION:

SpyFalcon is a rogue anti-spyware program. It can warn about false infection in a windows popup. The program uses ineffective malware detection engine. The software has a lot of twins which uses the same database and have a similar design : AdwareDelete, AntiVirus Gold, MalwareWiped, SpyAxe, SpyFalcon, SpyLocked, Spyware Sheriff, SpywareStrike, TitanShield AntiSpyware, VirusBlast, VirusHeal, VirusRanger


Removal of eventually malware it detects is bound by the purchase of the product. The update procedure of the software doesn’t work.

The SpyFalcon installs
• the following files on disk:

%install-folder%\blacklist.txt
%install-folder%\SFPopupBlocker.dll
%install-folder%\Uninstall.exe
%install-folder%\SpyFalcon.exe
%install-folder%\syg.db

• the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayIcon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayVersionHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\NSIS:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\UninstallStringHKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon
HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon\Language
HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon\refid




It creates an autorun registry value so it runs on every startup “SpyFalcon” in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

The rogue anti-spyware “family” has resembling interfaces and files :





Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Daniel Chipiristeanu, virus researcher
©   2009 BITDEFENDER SiteMap | Legal Terms | Site Feedback | Global Sites | Privacy Policy