Cart
Adware.Spylocked.C( AdwareDelete, AntiVirus Gold, SpyFalcon, SpyLocked, VirusBlast, VirusHeal, VirusRanger )
SYMPTOMS: Popup messages about system infections.TECHNICAL DESCRIPTION: SpyFalcon is a rogue anti-spyware program. It can warn about false infection in a windows popup. The program uses ineffective malware detection engine. The software has a lot of twins which uses the same database and have a similar design : AdwareDelete, AntiVirus Gold, MalwareWiped, SpyAxe, SpyFalcon, SpyLocked, Spyware Sheriff, SpywareStrike, TitanShield AntiSpyware, VirusBlast, VirusHeal, VirusRangerRemoval of eventually malware it detects is bound by the purchase of the product. The update procedure of the software doesn’t work. The SpyFalcon installs • the following files on disk: %install-folder%\blacklist.txt %install-folder%\SFPopupBlocker.dll %install-folder%\Uninstall.exe %install-folder%\SpyFalcon.exe %install-folder%\syg.db • the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayIcon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\DisplayVersionHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\NSIS: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\Publisher HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\URLInfoAbout HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyFalcon\UninstallStringHKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon\Language HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon\refid It creates an autorun registry value so it runs on every startup “SpyFalcon” in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run The rogue anti-spyware “family” has resembling interfaces and files :     Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Daniel Chipiristeanu, virus researcher |
