Results 1 to 8 of 8

Thread: Spyfalcon removal problems

  1. #1
    Illegal Alien wedge22's Avatar
    Join Date
    Jul 2003
    Location
    Vancouver
    Posts
    1,947
    Thanks
    1
    Thanked
    0 times in 0 posts
    • wedge22's system
      • Motherboard:
      • ASUS H87i PLUS
      • CPU:
      • 4770k
      • Memory:
      • 2x4GB Crucial Ballistix DDR3
      • Storage:
      • OCZ 240GB SSD and Seagate 3TB HDD
      • Graphics card(s):
      • PNY GTX 780 OC
      • PSU:
      • Silverstone SFX 450G
      • Case:
      • Fractal Node 304
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Yamakasi 27" IPS and 1080p 100" Projector
      • Internet:
      • 50MB

    Spyfalcon removal problems

    My friends pc has Spyfalcon on it and he tried to remove it with Windows Defender which seems to have worked but now he gets a notepad message opening everytime he starts up his pc which states,
    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell 32.dll,-21787

    Is this because he is missing this .dll?
    How can he fix it?
    Main Rig: i2600k@4.3Ghz/ASUS P8P67 PRO/MSi GTX580/16GB Mushkin/HAF X/Noctua NH-D14

  2. #2
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    is that space really there?

    if so, i suspect the spyware installed itself as c:\windows\system32\shell.exe - and something is trying to load it on boot (possibly from the registry, or win.ini)

  3. #3
    Illegal Alien wedge22's Avatar
    Join Date
    Jul 2003
    Location
    Vancouver
    Posts
    1,947
    Thanks
    1
    Thanked
    0 times in 0 posts
    • wedge22's system
      • Motherboard:
      • ASUS H87i PLUS
      • CPU:
      • 4770k
      • Memory:
      • 2x4GB Crucial Ballistix DDR3
      • Storage:
      • OCZ 240GB SSD and Seagate 3TB HDD
      • Graphics card(s):
      • PNY GTX 780 OC
      • PSU:
      • Silverstone SFX 450G
      • Case:
      • Fractal Node 304
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Yamakasi 27" IPS and 1080p 100" Projector
      • Internet:
      • 50MB
    Well I have that file in my registry but he does not.
    Which space do you mean?
    Main Rig: i2600k@4.3Ghz/ASUS P8P67 PRO/MSi GTX580/16GB Mushkin/HAF X/Noctua NH-D14

  4. #4
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    Quote Originally Posted by wedge22
    Well I have that file in my registry but he does not.
    Which space do you mean?
    the space between "shell" and "32.dll"

    shell32.dll is a critical windows system file. shell.exe is not

  5. #5
    Illegal Alien wedge22's Avatar
    Join Date
    Jul 2003
    Location
    Vancouver
    Posts
    1,947
    Thanks
    1
    Thanked
    0 times in 0 posts
    • wedge22's system
      • Motherboard:
      • ASUS H87i PLUS
      • CPU:
      • 4770k
      • Memory:
      • 2x4GB Crucial Ballistix DDR3
      • Storage:
      • OCZ 240GB SSD and Seagate 3TB HDD
      • Graphics card(s):
      • PNY GTX 780 OC
      • PSU:
      • Silverstone SFX 450G
      • Case:
      • Fractal Node 304
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Yamakasi 27" IPS and 1080p 100" Projector
      • Internet:
      • 50MB
    No there is no space there, is that good or bad?
    Main Rig: i2600k@4.3Ghz/ASUS P8P67 PRO/MSi GTX580/16GB Mushkin/HAF X/Noctua NH-D14

  6. #6
    Illegal Alien wedge22's Avatar
    Join Date
    Jul 2003
    Location
    Vancouver
    Posts
    1,947
    Thanks
    1
    Thanked
    0 times in 0 posts
    • wedge22's system
      • Motherboard:
      • ASUS H87i PLUS
      • CPU:
      • 4770k
      • Memory:
      • 2x4GB Crucial Ballistix DDR3
      • Storage:
      • OCZ 240GB SSD and Seagate 3TB HDD
      • Graphics card(s):
      • PNY GTX 780 OC
      • PSU:
      • Silverstone SFX 450G
      • Case:
      • Fractal Node 304
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Yamakasi 27" IPS and 1080p 100" Projector
      • Internet:
      • 50MB
    Can you help me out any more mate?
    Main Rig: i2600k@4.3Ghz/ASUS P8P67 PRO/MSi GTX580/16GB Mushkin/HAF X/Noctua NH-D14

  7. #7
    Lovely chap dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,398
    Thanks
    412
    Thanked
    459 times in 334 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 10
      • Monitor(s):
      • See My Sig
      • Internet:
      • 60mbit Sky LLU
    Interesting - one of my colleague's PCs here at work is doing the same thing when i log into it... I'll investigate it!
    Crosshair VIII Hero (WIFI), 3900x, 32GB DDR4, Many SSDs, EVGA FTW3 3090, Ethoo 719


  8. #8
    Lovely chap dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,398
    Thanks
    412
    Thanked
    459 times in 334 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 10
      • Monitor(s):
      • See My Sig
      • Internet:
      • 60mbit Sky LLU
    Ok the solution here was to delete the entry 'desktop.ini' from the start menu
    Start->All Programs->Startup->Desktop.ini

    I've not idea why he had that file in there - in effect it's being launched by the default app (notepad.exe) every time windows starts which is daft.

    Edit: research seems to indicate this is a byproduct of a virus/trojan scanner doing something erroneous during the removal process. I can confirm it's safe to delete the file from startup with no problems as a result.

    Hope that helps.
    Last edited by dangel; 07-06-2006 at 10:26 AM.
    Crosshair VIII Hero (WIFI), 3900x, 32GB DDR4, Many SSDs, EVGA FTW3 3090, Ethoo 719


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Geforce 6600GT AGP problems? Try this...
    By Mutley in forum Graphics Cards
    Replies: 33
    Last Post: 09-02-2008, 10:28 AM
  2. Real problems with XFX GeForce 6600GT AGP
    By Mutley in forum Graphics Cards
    Replies: 17
    Last Post: 06-05-2007, 01:15 AM
  3. My experience with Windows XP Pro x64 Edition
    By Paul Adams in forum Software
    Replies: 7
    Last Post: 20-04-2007, 11:59 PM
  4. Problems with new machine
    By kasavien in forum SCAN.care@HEXUS
    Replies: 5
    Last Post: 31-01-2006, 01:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •