I have this damn adware on my computer called "spyfalcon" that keeps downloading the spyfalcon "security" software and throwing popups, changing my homepage, deniing access to IE and all sorts of other crap. I already got rid of the media player codec that it came in on. I ran Norton and it says the offending file is "ginuerep.dll" Problem is it wont let me delete it because its running. I also tryed deleting it by doing a search and tracking down the file myself. no luck.

So can anyone tell me how to get rid of the damn thing?

thanks

ewido

xblock

give those a try

also, you can download "process explorer"  procexp.exe from sysinternals.com

www.sysinternals.com/ntw2k/freeware/procexp.shtml

It's like Windows Task Manager on steroids, in that you can kill *any* process.   Use the "Find Handle" to locate which executable currently has the .dll open.  Kill that process tree,  then with Windows explorer go find the .dll on your hard drive and delete it.  

I've used this on other spyware/crap that was holding files open.

Also, useful to educate yourself on what is getting launched at boot time.   Be Very Careful so you don't screw something up.

Click Start, Run, type in "regedit",  and do a search for  "runonce"      You are really looking for the key "Run" which will be right above "RunOnce"  but the word "run",  all by itself shows up a bazillion times in the system registry.  Speeds up the search.

Look in the Run, RunServices, RunOnce, RunServicesOnce for suspicious entries.

What I do, instead of just deleting an entry is disable it by modifying the command line.

Example,  spybot launches using "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

I can disable it by modifying the string to read "_C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"  

viola!   regedit can't launch it, but it is very easily reversible if I disable something I need and I want to put it back.

Also,  look in the "Startup" folder in "Programs" for what's getting launched there.

I also run two different spyware hunters, Spybot and Ad-Aware.  They have different search engines and give slightly different results.

boot to safe mode and delete it

try this: www.softwarepatch.com/software/moveonboot.html

I got rid of it finally.... thanks for all the help.

Ewido found a lot of adware that Spybot wasn't finding.

process explorer helped narrow down all the offending files... but that damn thing looks dangerous

And with a little help from google and a boot into safe mode Its gone what a PITA.

On another note My norton just expired... what free virus protection are you all using?

On another note My norton just expired... what free virus protection are you all using?

AVG  from grisoft.com.   Completely Free for personal use.  I've used it for about 4 years.

It's got scheduling for web updates and system scans.  

Quoted: On another note My norton just expired... what free virus protection are you all using? AVG  from grisoft.com.   Completely Free for personal use.  I've used it for about 4 years. It's got scheduling for web updates and system scans.

+1 on AVG. I "obtained" the Pro version and installed it on all of the pc's in the house. Has worked great since.

-d