SpyFalcon.com == MALWARE / SPYWARE / ADWARE

I simply booted from an alternate (clean) partition and cleanned all the infected partitions's:

• %CACHE%\CONTENT.IE5\* (all users)
  
• %TEMP%\* (all users)
• %WINDIR%\TEMP\*
• %WINDIR%\SYSTEM32\hp*.tmp
  
• %WINDIR%\SYSTEM32\ATMCLK.EXE
• %WINDIR%\SYSTEM32\DCOMCFG.EXE

...then booted from the "infected" partition and removed the REGISTRY entries from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run:

• "kernel32.dll"="C:\\WINDOWS\\System32\\atmclk.exe"
• "dcomcfg.exe"="dcomcfg.exe"

and... let's hope that's that.

I still have to find out what the heck put it in that PC, but the user couldn't provide me with enough clues to help me, so... let's wait and see.


Interesting links:

• Rogue/Suspect Anti-Spyware Products & Web Sites
• How To Remove Spyfalcon - BleepingComputer.com
• Spyware SpyFalcon Information
• Remove SpyFalcon (Removal Instructions)
• Remove SpyFalcon, Removal Guide to Safely Uninstall SpyFalcon
• Beware of Vcodec
  
• Digg...
  
• Google...