SpyDawn Removal Instructions
March 10th, 2007 by Sam
SpyDawn Descriptions:
SpyDawn is counterfeit anti-spyware software. SpyDawn usually installed itself onto your PC without your permission, through Trojan and virus. SpyDawn will display fake security alerts or notifications to trick user to buy the Paid Version of SpyDawn.
(You could get SpyDawn by opening an infected message in myspace, or installing infected or fake video codec from myspace or other websites) (A variant of SpyDawn is called SpyLocked found on March 19, 2007)
Try Recommended SpyHunter* Spyware Detection Utility.
Stop SpyDawn Processes:
(Learn how to stop a process)
spydawn.exe
Unregister SpyDawn DLL Files:
(Learn how to unregister a dll file)
msvcp71.dll
higehsg.dll
xkrdk.dll
geplxss.dll
tvomnc.dll
Remove SpyDawn Registry Values:
(Learn how to delete a registry value)
HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \App Paths\SpyDawn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \Uninstall\SpyDawn
HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA
Find and Delete these SpyDawn Files:
spydawn.exe
sd_setup.exe
msvcp71.dll
higehsg.dll
xkrdk.dll
geplxss.dll
tvomnc.dll
SpyDawn 3.1.lnk
SpyDawn.lnk
SpyDawn 3.1 Website.lnk
Uninstall SpyDawn 3.1.lnk
Digg
del.icio.us
Google
Yahoo
Reddit
Furl
Sam Says
SpyDawn is self re-installable. You better remove SpyDawn with an anti-spyware program that remove all the component of SpyDawn.
Feb 17th, 2007 at 4:02 am
Sam Says
If you are trying to manually remove SpyDawn the following files also need to be removed.
C:\Windows\System32\higehsg.dll
C:\Windows\System32\xkrdk.dll
upadated 03-14-2007
these two files also need to be deleted
geplxss.dll
tvomnc.dll
There are many versions of Spydawn with different system alert popup. So for some people even deleting all the above files, you might still get the system alert popup. It is because SpyDawn might have installed a different file that is not listed above. And even the recomended removal tool might not detected.
If you have the full version of Spyhunter, you can go to help -> Technical support system, open a support ticket, generate support log and send the support log information. When they receive your support log they can find out which is the new file you have on your PC that is creating the system alert popup. Then they can create a custom fix for you to remove all the SpyDawn files that you have in your computer.
Feb 17th, 2007 at 1:42 pm
thomas Says
I used add/remove installed programs it is still sending counterfeit messages and the need to download antispyware programs. I have Norton Internet Anti Virus, should’t that detect and delete the problem? And if not is there free software that will do the trick? Thanks
Feb 17th, 2007 at 3:06 pm
Brian Says
Obviously, the SpyDawn removal tool is the easiest solution. However, if you think you are good at editting the registry keys and system files. I believe you can try to follow the instructions and remove it manually, but make sure that you back up the data first in case something goes wrong.
Feb 17th, 2007 at 9:06 pm
Sam Says
For Thomas“I used add/remove installed programs it is still sending counterfeit messages” — As i mention before SpyDawn is self re-installable. you will need to remove all the components.
“Norton Internet Anti Virus, should’t that detect and delete the problem?” — I believe as of right now Norton has not updated the definion to remove SpyDawn.
“is there free software that will do the trick?” — There is a program called SmitfraudFix that might remove SpyDawn. and you get it here the site is in french and I am not sure it will work for windows vista. siri.urz.free.fr/Fix/SmitfraudFix.php
Feb 18th, 2007 at 10:40 am
maria.c Says
Thank you so much! You saved my day. My PC has been infected with Spydawn and my kids couldn’t use it for their HW. This really works and $30 is well worth it. Thanks again and keep up the good work!
Feb 19th, 2007 at 10:37 pm
RedHatHackz Says
Hey…umm…the free scanner isn’t ‘free’. And also, it won’t remove all of it. there are still leftover files and bits and pieces that can be activated. Use the windows explore to look for the files.
Feb 20th, 2007 at 12:26 am
leslie Says
I tried to remove Spydawn with the free scanner linked above, called Spyhunter. I had to pay $30 just to get the full version with removal capability. It didn’t work.
I still have a blinking icon in my lower right toolbar (blinks - blue question mark/red cross-out circle.
I could not find these files in order to remove them:
C:\Windows\System32\higehsg.dll
C:\Windows\System32\xkrdk.dll
Any advice? If I haven’t yet paid for the Spydawn spoof program, is my computer still at risk?
Feb 20th, 2007 at 11:33 am
Sam Says
For RedHatHackz and leslie:
As I mention above SpyDawn is self re-installable and it has some smart engines to rename files on your computer. Most probably you have a Trojan on your computer, and the Trojan can keep reinstalling SpyDawn onto your computer. If you have the full version of Spyhunter, you can go to help -> Technical support system, open a support ticket, generate support log and send the support log information. When they receive your support log they can figure out which Trojan you have on your PC. If it is a new Trojan that you have on your computer they can create a custom fix for you to remove the new Trojan that you have on your computer. That is what I did when my computer got infected with SpywareQuake last year, and they found out that I have Vcodec.Tronjan on my computer.
Feb 20th, 2007 at 11:01 pm
Lance0059 Says
I have now in the unfortunate position of being infected whith this ‘bastard’ of a virus. I have no idea how it got on my system, but am most annoyed.
Whoever the creater is and their purpose they have surely created a programme that is once again making me reassess why i even bother whith the net.
Feb 21st, 2007 at 6:07 pm
Laurent Says
I’ve had this SpyDawn problem as well for about a week now. Does anyone know if it “actively” does anything bad in the computer System aside from the annoying pop-up?
I mean, does it destroy or damage files, or just waits for someone to download and pay for it?
Feb 21st, 2007 at 7:50 pm
Chris Says
I found the files
C:\Windows\System32\higehsg.dll
C:\Windows\System32\xkrdk.dll
but my computer won’t let me delete them because they’re being used. any suggestions?
Feb 22nd, 2007 at 2:46 am
Brian Says
Chris Says
I found the files
C:\Windows\System32\higehsg.dll
C:\Windows\System32\xkrdk.dll
but my computer won’t let me delete them because they’re being used. any suggestions?
Chris, have you tried the Spydawn scanner? Here’s something you can try: Booting your computer into safe mode (command line only), then delete those files from the command line. However, it’s highly recommanded to back up the files first since this might damage your system.
Feb 23rd, 2007 at 5:35 pm
Brian Says
Lance0059 Says
I have now in the unfortunate position of being infected whith this ‘bastard’ of a virus. I have no idea how it got on my system, but am most annoyed.
Whoever the creater is and their purpose they have surely created a programme that is once again making me reassess why i even bother whith the net.
Lance0059, sorry to learn about that. Yes, it sucks that the Internet is a risky place, but unfortunately, it has become an indispensable part of our life. I am pretty sure that you can get some useful answers here if you need any assistance removing Spydawn.
Feb 23rd, 2007 at 5:48 pm
Brian Says
Laurent Says
I’ve had this SpyDawn problem as well for about a week now. Does anyone know if it “actively” does anything bad in the computer System aside from the annoying pop-up?
I mean, does it destroy or damage files, or just waits for someone to download and pay for it?
Spyware can collect personal information or change the configuration of your computer. It can also cause your computer slow down or crash. Spydawn, however, is a spyware that tries to trick you to buy a paid version of Spydawn. You can get the free manual removal instruction at the beginning of this page or try the Spydawn Automatic Removal Tool. Good luck.
Feb 23rd, 2007 at 6:06 pm
leslie Says
Sam - I followed your advice about getting a support ticket from Spyhunter and it seems to have done the trick. Thank you.
I’m still a bit miffed about the $30 - I know it was worth it, but it only makes me wonder if the people who charge for cleanup are the same people who create the spyware, etc in the first place.
Feb 24th, 2007 at 1:49 am
Sam Says
Leslie - I am glad to learn that it worked for you. Spyhunter is just like the Norton Anti-virus for Anti-spyware. The best thing that i like about spyhunter is the custom fix that they have, which can detect the different spyware, adware and malware that I have in my computer, that might be different from others.
SpyDawn is the fake anti-spyware program that wants to trick people to buy their program. SpyDawn is the same creator of many fake anti-spyware programs such as SpyAxe, SmitFraud, SpySheriff, SpywareStrike and many more.
Feb 24th, 2007 at 10:54 am
Koziki Says
Is it safe to delete ALL msvcp71.dll? and possibly any other .dll files? I dont have my xp disc anymore so I really want to avoid having to re format.
Feb 24th, 2007 at 6:12 pm
Benjamin Says
I just completely removed Spy Dawn from my computer in about 2.5 hours & here is how I did it (no promises, but it worked for me):
Once you have deleted ALL of the items that appeared in the SpyHunter Table, click “Start Scan” again to make sure that those items are no longer there. If there are items still there, repeat step #6 and #7.
1) Download click on the link that says “Dowload SpyDawn Automatic Removal Tool” (at the top of this page).
2) Go to the “Add Remove Programs” and click on “SpyDawn” (that ‘bastard’ of a virus), and remove the program
3) Reboot your computer in “Safe Mode” (if you don’t know how to do this, go to http://support.microsoft.com/kb/315222)
4) After you have rebooted in “Safe Mode”, Run the program “SpyHunter” that was installed when you clicked on the Automatic Removal Tool Link (Don’t RUN SPY DAWN, WHATEVER YOU DO!!!!)
5) When you run the Spyware program, it will list the “Item Name”, “Object Name”, “Location” & “Type” (these are the column titles at the top of the page).
6) When it the Spyware Program is finished running, ALL of the instances of SpyDawn & SpywareQuake will be listed in that table. Sort by “Location”.
7) For anything that starts off with “HKEY_…” that means it is located in your registry. Go into Start, and click, “Run” and type in RegEdit. This will take you to your Registry Editor. Simply follow the paths listed in the “Location” section of the table, and delete ONLY these locations in the registry (it is quite a tedious process, but then you save the $30 by NOT having to buy the program… I had about 56 items in all).
9) Once you have finally deleted them all (and this is confirmed by Re-running Spy Hunter and NOTHING is showing up) restart your computer and defragment and it should work fine (mine is!)
Feb 25th, 2007 at 1:06 am
chrissss p Says
Pah! SpyDawn! What a load of rubbish
Feb 26th, 2007 at 3:49 pm
Sam Says
Koziki - msvcp71.dll is one of the Microsoft C Runtime Library. I will definitely not delete the msvcp71.dll or any other dll’s from C:\WINDOWS\SYSTEM32 folder. Unless you are 100% sure that the dll will not screw up Windows. But you can delete msvcp71.dll and all the above files from spydawn folder. (Depending on what software you have installed on your computer, you might have many msvcp71.dll on your computer. Deleting the wrong msvcp71.dll can make some of your software not to work).
Feb 26th, 2007 at 7:01 pm
Mike Says
Used the removal tool and then deleted all the identified registry entries and files manually.
The dll file higehsg.dll wouldn’t delete (in use) but on restarting after making sure everything I could delete was deleted, the problem was gone and I was able to manually delete this dll file as it was no longer in use. Problem solved - thanks for all the comments and help - most useful.
Feb 27th, 2007 at 8:33 pm
Andrew Says
This is absolute BS.
Are there any FREE spyware programs that allow me to delete this? All I have is the flashing system tray icon and everything I’ve tried has failed me.
Mar 1st, 2007 at 4:09 pm
Brian Says
Andrew Says
This is absolute BS.
Are there any FREE spyware programs that allow me to delete this? All I have is the flashing system tray icon and everything I’ve tried has failed me.
Andrew, did you try the steps above? The instructions are very simple and easy to understand. You can post another message if you need further assistance.
Mar 1st, 2007 at 11:20 pm
Ana Says
Is it true the only way to get spydawn is by going on pornography sites?
Mar 2nd, 2007 at 10:39 pm
Sam Says
Ana - One way to get SpyDawn is from pornography sites. But there are many ways to get SpyDawn such as downloading free screensaver or free software that are bundle with spyware, trojans and virus. Then the trojans and virus install all kind of malwares onto your computer which includes SpyDawn.
I am NOT saying that all free software come bundle with spyware, trojans and virus. Just be careful when you download free software, I usually download free software from download.com, but still it is not guarantee that all the software in download.com is not bundle with spyware, trojans and virus.
Mar 3rd, 2007 at 11:50 am
cx Says
than’x for good guide!
Mar 3rd, 2007 at 1:40 pm
John Says
My situation is a strange one. I got the spy dawn icon in the bottom right of my screen. I tired everything to get rid of it but nothing has worked. removing the program in the change/remove programs section did nothing. I ran my existing anti-virus/spyware programs yet they didnt do anything. I came to this sight seeking for help and I tried every method mentioned in the posts. I tried Benjamin’s method of scanning my computer with spy hunter then deleting all the files found, there were a total of 67 files! Yet after deleting them spy dawn is still there. I ran spy Hunter a second time and got zero files detected. Sam said that if you are trying to manually remove SpyDawn the following files also need to be removed.
C:\Windows\System32\higehsg.dll
C:\Windows\System32\xkrdk.dll
But it turns out I dont even have a system32 folder in C:\Windows! I am in need of serious help!!
Mar 3rd, 2007 at 8:11 pm
Brian Says
John,
Without System32 folder, your computer wouldn’t be able to run properly. It’s likely that C:\Windows\System32 is hidden in your computer. You can enable it by Double-Click on “My Computer”, then choose “Tools”->”Folder Options”->”View”, and then check “Show all hidden files and Folders”. After this, you would be able to see all hidden files and folders.
Hope this helps. Good luck!
Mar 3rd, 2007 at 9:42 pm
Tim Says
If I purchase the removal tool, will anyone be able to get my credit card number from the spydawn thats on my computer?
Mar 3rd, 2007 at 10:19 pm
Brian Says
Tim, it will not be able to get your credit card information unless other spyware such as keyloggers installed on your machine. The free scanner should be able to tell you if there’s a keylogger installed. If it finds nothing, your computer should be safe.
Mar 3rd, 2007 at 11:00 pm
tony kaye Says
how do you remove the spydawn icon at the bottom right corner of the taskbar?
Mar 3rd, 2007 at 11:02 pm
Brian Says
Tony, did you follow the instructions at the beginning of the page? Many people have successfully removed Spydawn by following the instructions. Please feel free to post questions if you run into a problem. I am sure that someone here would be able to help you out. Good luck!
Mar 4th, 2007 at 12:03 am
tony kaye Says
Brian, thanks for responding. Will the manual deletion of these 2 dll files done during safe mode get rid of this icon at the right hand corner, or will i have to fill out a support log?
Mar 4th, 2007 at 12:20 am
Karen Says
tony, I believe Brian suggested you to follow the complete instruction but not just deleting those 2 dll files.
I just copied and pasted the instructions again:
Stop SpyDawn Processes:
(Learn how to stop a process)
spydawn.exe
Unregister SpyDawn DLL Files:
(Learn how to unregister a dll file)
msvcp71.dll
higehsg.dll
xkrdk.dll
Remove SpyDawn Registry Values:
(Learn how to delete a registry value)
HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \App Paths\SpyDawn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \Uninstall\SpyDawn
HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA
Find and Delete these SpyDawn Files:
spydawn.exe
sd_setup.exe
msvcp71.dll
higehsg.dll
xkrdk.dll
SpyDawn 3.1.lnk
SpyDawn.lnk
SpyDawn 3.1 Website.lnk
Uninstall SpyDawn 3.1.lnk
And also, I think you can download and try the removal tool.
Mar 4th, 2007 at 12:28 am
tony kaye Says
i downloaded the removal tool, scanned and removed spydawn, but that spydawn icon is still blinking at the bottom right hand corner.
im trying to manually enter in the files listed here but nothing is coming up after clicking on “find next”.
how did you get rid of that icon?
———————
Tony, make sure that you are in the right drive or directories when you try to find a file. Otherwse, nothing would come up.
Mar 4th, 2007 at 1:28 am
tony kaye Says
I clicked on start, clicked run, typed in “cmd” and entered in: regsvr32 / u filename.dll
but after clicking enter a box pops up saying:
Loadlibrary (”filename.dll”) failed - The specified module could not be found.
Any ideas?
Mar 4th, 2007 at 1:41 am
Martins Says
where can I get removal tool??? I don’t want to pay 30$ for it! :@
Is there any way to destroy that fucking spydawn for free?
Mar 4th, 2007 at 4:23 am
Andrew Wager Says
I have the pop-up in the bottom right corner and i do not have any of the programmes that were suggested above. Does anyone know where i can get any of these programmes for free.
Also does this “spydawn” do anything other than send me pop-ups and ask me to buy the product. Will it take personal details or delete files for example.
Than you in advance,
Andrew
Mar 4th, 2007 at 11:05 am
Brian Says
Andrew, you can try the free removal instructions. Click “Learn how-to” if you don’t know how to do certain procedures. It’s fairly simple if you follow them step-by-step.
Mar 4th, 2007 at 11:07 am
Titus Says
I tried following the instructions above but my computer wasn’t able to unregister msvcp71.dll. I tried using Trent anti-spyware but this didn’t work as well. I then used system restore and i am no longer getting the annoying pop-ups or for that matter any sign that this spydawn is doing anything on my computer. Can somebody tell me whether I have permanently gotten rid of spydawn or is it lurking somewhere and still gathering information on my system?
Mar 4th, 2007 at 11:58 am
Titus Says
does anybody know whether windows system restore gets rid of the spydawn crap completely because i can no longer see anything or any signs of it after restoring my computer to an earlier date?
Mar 4th, 2007 at 11:59 am
Brian Says
Titus, seems that you are safe for now. But nobody is sure if Spydawn would reinstall itself in this case. Did you try to find and remove the infected files as indicated above? I guess you are good if you don’t find anything.
Mar 4th, 2007 at 12:05 pm
jerry Says
so i had this spydawn “alert” message for 2 days. and today it just disappeared. it was on in the morning and then when i rebooted my computer it disappeared. i mean th spyware might still be in my computer but the “alert” message does not pop up anymore.
i installed an ‘invisible browsing’ program today as well. i dont know if that has anything to do with it or if its just coincidence
Mar 4th, 2007 at 12:07 pm
Tim Says
Any help anyone? Pleeaaasssse?
Mar 4th, 2007 at 12:16 pm
Brian Says
Tim, if you have the full version of Spyhunter, you can go to Help -> Technical support system, open a support ticket, generate support log and send the support log information. When they receive your support log they can assist you to resolve the issue. Good luck.
Mar 4th, 2007 at 12:50 pm
jerry Says
Also,
does anyone know if this is a legit company? If they are then perhaps we should report them to the better business bureau or something.
Mar 4th, 2007 at 12:51 pm
Brian Says
Jerry, the spyware can reinstall itself if it’s not completely wiped out. And also, the people who created Spydawn are outside of USA so BBB can’t do anything to them.
Mar 4th, 2007 at 12:52 pm
Rick Says
I recieved the spydawn virus opening a message on myspace. I fell asleep at the wheel, and allowed an unknown activeX program to start via this email . . . stupid. The virus is unbelievably resilient. I downnloaded the free removal tool smitfraudfix, used it in safe mode, and it found and eliminated serveral files. I then followed the manual instructions exactly, and found and deleted several more remnants. I thought I was done, and went to the add/remove programs under control panel, and found the damn program “system alert popup” and tried to delete it. Son-of-a-b$tch reinstalled itself. So I repeated the whole process, downloaded and ran Windows Defender (free), downloaded and ran Spybot Search and Destroy (free), and downloaded and ran Ad-aware SE (free) and in each case was able to remove more remnants. Ad-aware SE found another trojan that Smitfraudfix missed. So I went to add/remove programs and that son-of-a-b$tch “system alert popup” is still there. But I haven’t messed with it . . . I just know it going to jack me. I downloaded and ran the Spyhunter Scan tool (free) and it is showing about 20 more instances of these trojans on my computer in differnt loacations, plus some other stuff that apparently is not a good thing to have in your registry. I don’t want to pay them $30, but I also don’t want to spend another day getting a spyware education (I have a graduate degree now) so I will probably eat the $30 and make it go away. I figure I got one of those activeX viral bursts I hear about . . I’m just glad it didn’t have some keyblogger attachments sending my passwords to Nigeria. A good resource for spyware is on http://en.wikipedia.org/wiki/Spyware . . . more than I ever wanted to know about it.
Mar 5th, 2007 at 12:19 am
Rick Says
Update . . . Downloaded the Spyhunter repair module to clean up the mess identified by the Spyhunter free scan module. $30 clams, cha-ching. I eliminated 17 instances of the dang Spydawn in the registry and its spawning trojan in some other place, and a few other things to boot. Then Spyhunter notified me that an update to its definitions was available (included in the original #30 subscription) so I downloaded it and reran the scan. Chug, chug, chug . . . about 40 minutes later, I had another 47 Spydawn registry entries to eliminate which I did. Can you believe this thing? If the damn Spydawn people would have called me I would have gladly mailed them a sawbuck just to dry them up. Anyhow, the real test . . . I went to the add/remove programs and to my delight, the SOB “sytem alert popup” was gone. Done, one whole day and $30 bucks for my doctoral degree in internet security. Lesson learned!
Mar 5th, 2007 at 2:51 am
Paradox Says
I locate the system alert pop up in the add/remove programs section but it won’t go when I try to remove. I have also noticed that it increases in size when on the net but the goes back down to 160mb when I stop. Is that bad?
When I intially found it I just deleted the program from the program files, only to discovery the blinking icon is was still there.
I read all the stuff above.
tried registry key thing, it found it, but can’t delete.
tried the command prompt thing but it said sever could not be found.
The only file I found from the above list was msvcp71.dll in the system32 file but ever time I try to delete it is say the file is either protected or in use.
I tried to end process in the task manager but I can’t find it. There is no spydawn.exe could it be under a different name?
And if it is protected can I unprotect it as to delete it?
Mar 5th, 2007 at 8:01 am
Tao Says
I’ve deleted all the spyDawn programs files and dlls i can find and its still coming up with the fake security alerts? any suggestions?
Mar 5th, 2007 at 10:13 am
Pkitz Says
Hi, I went away for the weekend and came back to spydawn, .zlob, and virusburst on my home computer. I used adaware to delete .zlob. Seemed to work okay but now I have lost ability to restore my computer (able to restore but restore points have been removed and am only able to view current month) from MSCONFIG and lost most of my Services…. ie: network connections.. Can anyone tell me how to restore services to the services tab within msconfig? I only had
dconserver process launcher
remote procedure call locator
remote procedure call
system restore service
Now when looking I have a new service called cryptographic services.
Can anyone give me any advice? I am running Windows Me on this computer.
Thanks, in advance, for your help. Paula
Mar 5th, 2007 at 3:27 pm
Pkitz Says
can I move services from my laptop to my home computer? If so, How?
Mar 5th, 2007 at 3:31 pm
Pkitz Says
ok, I lied I am using window xp build 2600.xpsp_sp2.gdr
Mar 5th, 2007 at 3:34 pm
Brian Says
Pkitz, one thing you can try is to reinstall Windows XP SP2.
Mar 5th, 2007 at 3:56 pm
p kitzberger Says
To Paradox:
I renamed the msvcp71.dll to msvcp72.dsa an extension my computer does not recognize. restarted my computer and then deleted it.
Mar 5th, 2007 at 7:55 pm
Ron Says
Rick…..so if you had to do it all over again, you’d just pay the $30 Spyhunter cost and be done with it?
Mar 5th, 2007 at 9:16 pm
Brian hadasackfullofthis Says
I followed Benjamins instructions below, also ran xsoft spy removal which found a load more files/cookies etc. restored my computer to the month before this little barsteward started pestering me and believe it or not I’m not getting anymore messages or pain in the rs pop ups. Hooray :-)))))
I just completely removed Spy Dawn from my computer in about 2.5 hours & here is how I did it (no promises, but it worked for me):
Once you have deleted ALL of the items that appeared in the SpyHunter Table, click “Start Scan” again to make sure that those items are no longer there. If there are items still there, repeat step #6 and #7.
1) Download click on the link that says “Dowload SpyDawn Automatic Removal Tool” (at the top of this page).
2) Go to the “Add Remove Programs” and click on “SpyDawn” (that ‘bastard’ of a virus), and remove the program
3) Reboot your computer in “Safe Mode” (if you don’t know how to do this, go to http://support.microsoft.com/kb/315222)
4) After you have rebooted in “Safe Mode”, Run the program “SpyHunter” that was installed when you clicked on the Automatic Removal Tool Link (Don’t RUN SPY DAWN, WHATEVER YOU DO!!!!)
5) When you run the Spyware program, it will list the “Item Name”, “Object Name”, “Location” & “Type” (these are the column titles at the top of the page).
6) When it the Spyware Program is finished running, ALL of the instances of SpyDawn & SpywareQuake will be listed in that table. Sort by “Location”.
7) For anything that starts off with “HKEY_…” that means it is located in your registry. Go into Start, and click, “Run” and type in RegEdit. This will take you to your Registry Editor. Simply follow the paths listed in the “Location” section of the table, and delete ONLY these locations in the registry (it is quite a tedious process, but then you save the $30 by NOT having to buy the program… I had about 56 items in all).
9) Once you have finally deleted them all (and this is confirmed by Re-running Spy Hunter and NOTHING is showing up) restart your computer and defragment and it should work fine (mine is!)
Mar 6th, 2007 at 3:08 am
Smith Says
Make sure you DON’T delete the wrong dll or regkey. I accidentally removed the wrong dll file and my PC couldn’t boot up no matter what I tried. BLUE SCREEN TO DEATH
I ended up reinstall Windows from scratch. I should’ve just paid for the d*mn $30 instead of wasting hours of my valuable time! 
Mar 6th, 2007 at 12:11 pm
bob Says
if you just reinstall windows will it kill this damn thing off.
Mar 6th, 2007 at 1:02 pm
Brian Says
Re-installing Windows would erase everything on your hard drive which includes Spydawn.
Mar 6th, 2007 at 1:07 pm
joe Says
How did you get infected with Spydawn?
Mar 6th, 2007 at 3:22 pm
Charmaigne Says
BEWARE!!! What’s said on the top of the page is very true and is the exact description.
That’s exactly what happened to my mom, and she didnt consult me on the Spydawn anymore because IT LOOKED LEGIT. it had the pop up that said that you were infected and if you click on it - it’ll send you to the website HTTP:// SPYDAWN . COM/?AFF=321. if this happens DO NOT respond. They will ask you to buy it for 60$ (!@#$%) and my mom did. THIS IS A CLASSIC SCAM made buy those theives. So don’t let yourself be had.
Thank you for this thread and information - twas a huge help! and the SpyHunter got to track down the files and adwares that my mom’s Norton and Lavasoft was not able to.
THANK YOU THANK YOU THANK YOU FOR THE INFORMATION AND HELP GUYS!
YOU, ALSO SAVE LIVES ;O)*wink! hahah
Mar 6th, 2007 at 6:10 pm
JHC Says
Listen, carefully please.
I need major help with my laptop; I am on someone else’s now. My laptop has SpyDawn. I cannot activate any programs at all on the desktop, and cannot access My Computer, Control Panel, Internet, etc. I really really need to know what I can do, and fast.
Please give a simple and very easy to follow guide.
Thanks for your help.
Mar 6th, 2007 at 7:49 pm
JHC Says
If I need to restart my entire windows stystem, I’d do that, as I have all my data on my other computer and I won’t worry about it. BUT if I restart my windows, will it throw away my Norton Antivirus account on that laptop? IF it doesn’t, can anyone plesae tell me how to restart the Windows?
Thanks again
Mar 6th, 2007 at 8:04 pm
Brian Says
JHC,
You have a few options here:
1) Boot into safe-mode (since your computer doesn’t response in normal-mode) and follow the manual Spydawn removal instructions. You definitely want to use this method if you are good with the computer.
2) If the manual removal instructions sound too complicated, you can download and use the automatic Spydawn removal tool, but of course, it costs 30 bucks. Some people used this straight-forward method for safety and peace of mind.
3) Last and the least favorable option, you can reload your Windows from scratch. All your programs (include Norton) need to be installed again. Don’t forget to back up all your data, favorites (bookmarks)..etc. This method would take the longest time but something you can try if you are running out of options.
Hope this helps. Good luck!
Mar 6th, 2007 at 8:23 pm
JHC Says
Thanks Brian for the response - Although I do have some queries.
1. If I go to safe mode, it still doesn’t response, and I cannot access My Computer and everything inside, the Internet, and other vital stuff. The only thing that works, is ironically, Spider Solitaire
2. I cannot download the removal tool as I cannot access the internet on my computer.
3. I’d only do this if it was the ONLY option left, and that I don’t have to pay extra for my Norton Anti-virus
Also, does anyone know if Norton will update or something to protect against this bastard of a virus?
Mar 6th, 2007 at 8:53 pm
Brian Says
JHC,
I believe there’s something running in the background that prevents you from doing anything. You might need to stop the processes which cause the problems so you can proceed the troubleshooting.
Here’s a link on how to stop a process: http://www.xp-vista.com/other/how-to-stop-or-kill-a-process-in-windows-xp-or-vista
Mar 6th, 2007 at 9:36 pm
JHC Says
Alright, thanks, and which processes do I stop specifically?
Mar 6th, 2007 at 9:56 pm
Brian Says
JHC,
Well, it’s really hard to say since we don’t sit in front of your laptop. Obviously, stop “Spydawn.exe” if you see that. Otherwise, you can try to stop everything that looks suspicious to you (except the system services, of course).
Part of troubleshooting is “test-and-trial”. The painful part is to do it one by one until it works. I am sure you know what I meant. Good luck…
Mar 6th, 2007 at 10:08 pm
JHC Says
Hmmmnn, your words are true…
Thanks for all your time and effort.
Currently, I don’t have Spydawn.exe on the task manager.
Sigh… I am such a technical noob. Hmmmn, what would you consider suspicious? I have no idea what to do…
I’m also a mini-neurotic :), and I’d rather not take the chance of deleting something unless you are positively sure.
Thanks again…
Mar 6th, 2007 at 10:14 pm
Charmaigne Says
guys,
you know what… i’ve done everything that benjamin even said - and i’ve rebooted, scanned so many times, even did the dreaded reg edit as well - and that icon is still there!?!?! blinking!!!!! i’ve double checked with the anti virus softwares, and it took out the other trojans, cookies, etc - and i dont see anymore files or paths with spy dawn — but that icon is still blinking there!!!
am i still missing something??? i’ve followed all of your steps above, and got the paths from spyhunter.
but - the icon is stil blinking at the bottom.
help?
im exhausted already. been here since lunch.
thank you..
Mar 6th, 2007 at 10:23 pm
Brian Says
Charmaigne, if you have a full version of Spyhunter, you can generate a log and send it to their tech support. I just copy & pasted the following from their website.
“Due to the constantly evolving nature of spyware, when you use SpyHunter you may come across application issues that cannot be immediately resolved. To limit any frustration and further protect you against spyware infection, our developers have created the Support Log System.
Our exclusive Support Log System takes snapshots of all the points of execution on your operating system, allowing us to precisely identify each and any problem. With a click of a button, you can send us your Support Log, and within hours you’ll receive a repair file specially tailored to your PC.
Once you follow the instructions and run the custom fix file, your system is purged of most spyware parasites, including those not already in our database of parasites!
If your Support Log reveals a parasite not yet included in our database, it will be automatically included in our next definitions update. With this, our Support Log System not only offers you full benefits of individual attention to your system, but expands and strengthens SpyHunter’s detection system, putting SpyHunter another step above other spyware removers.
We encorage you to try it, it really works!”
Mar 6th, 2007 at 10:58 pm
Jess Says
Charmaigne, I followed the instructions and it worked like a champ. Did you miss anything??
Mar 6th, 2007 at 11:25 pm
JHC Says
Alright, I’ve chosen to do the worst of the worst…
Totally restart my computer and erase all data, unless I have to PAY again for the NORTON ANTIVIRUS to reinstall it. Can anyone help me by telling me if I have to pay for another account? If not, then tell me how to restart my computer…
Mar 6th, 2007 at 11:28 pm
JHC Says
For the love of God, can someone please reply - It’s an emergency that I use my laptop - I got buisiness meetings to go to and I NEED my laptop in 2 days.
Please reaply ASAP
Mar 6th, 2007 at 11:36 pm
Brian Says
JHC,
Since you asked this kind of question, I have to say that I would not recommend you to reinstall Windows unless you have a IT friend to assist you. Installing Windows from scratch involves a lot of steps. You have to know what you are doing otherwise you might not be able to get your system back and running.
We are talking about getting all the correct device drivers, backing up the data, saving your favorites, having all your softwares (cd’s) ready, configuring the network…etc.
If you know what I am talking about.. you wouldn’t have asked the previous question. That being said, reinstalling Windows is not recommendable unless you really know what you are doing.
Mar 6th, 2007 at 11:53 pm
Tony Says
I have just been through the rigmorole of manually deleting spydawn files suggested by Spyhunter. The icon at the the bottom is still blinking and Spyhunter cannot find any more rogue files. Any suggestions would be gratefully received on how to get rid of this icon nuisance. Thanks.
Mar 7th, 2007 at 9:44 am
Brian Says
Tony, this question has been answered in the previous post (to Charmaigne): http://www.xp-vista.com/spyware-removal/spydawn-removal-instructions#comment-136
Mar 7th, 2007 at 9:52 am
Tony Says
Brian,
I do not have the full version of spyhunter. Is it really necessary to buy it!?
Thanks
Mar 7th, 2007 at 11:16 am
Brian Says
Tony,
No, it’s not necessary. That’s probably the last option if the other methods didn’t work out for you. But I doubt that Spyhunter Tech support would assist you without a full version of software. Hey, it does’t hurt to try… If you are good with the computer, manual removal is the way to go.
Mar 7th, 2007 at 11:30 am
Andrew Wager Says
Hi its me again
I’d just like to say that spydawn has just disappeared from my computer. All i’ve been doing is ignoring the pop-up (clicking on the X button) and occasionally setting ad-aware to do a full system scan. After i had got ad-aware to delete all harmful files (on the first scan after i got the virus) none of the virus’s came up again after a full system scan. After about a week i discovered that the pop-ups had stopped. Whether this means that the virus is gone i do not know. I’m just happy it has stopped annoying me
Hope you all have success fighting the virus
Mar 7th, 2007 at 1:59 pm
jstk Says
Andrew, glad to hear that. According to some previous posts, Spydawn could reinstall itself if it’s not wiped out completely. Hope you don’t get it again.
Mar 7th, 2007 at 2:37 pm
JHC Says
Hey…
It’s me again…
Can anyone tell me if rebooting your computer to a time BEFORE I got Spydawn will throw away Spydawn?
If not, what is the best thing to do if you cannot access the Internet, My Computer, and all that?
Also, is there a key bind to access the system restore to reboot to a time?
Thanks again.
Mar 7th, 2007 at 2:47 pm
Brian Says
JHC, you stated that your system wasn’t responding in GUI. It sounds like you have more than just a Spydawn problem.
Mar 7th, 2007 at 3:02 pm
James Says
I tried to follow these instructions but…
- The process is not running
- The .dll files are not there
- The program is not installed on my system, so the registry and program files are not there.
I found one reference to SpyDawn in my registry - it was not any of those listed. I deleted it.
I can find no evidence of it anywhere.
But I still have an annoying-as-hell little blinking question mark/circle-with-strike that continually pops up a “System Alert!” speech bubble that redirects me to the SpyDawn page.
This whole thing started when my brother accidentally clicked the wrong button on Spybot, because you can never see what the goddamn buttons say. My two other spyware programs missed this and can’t find it now.
I am pissed off, not at anything in particular, but just infuriated.
HELP!
Mar 7th, 2007 at 3:22 pm
Brian Says
James, did the scanner find anything? Spybot is a good scanner but they don’t have the latest definition for Spydawn. Spyhunter, however, does include the latest definition on spyware such as Spydawn. I would suggest you to try the Spyhunter scanner and see if it can find anything… then you can decide what to do next.
Mar 7th, 2007 at 3:37 pm
James Says
If I have to buy another program, I think I might cry. Let’s see…
Mar 7th, 2007 at 4:00 pm
kid wit a prob Says
i got it..but none of the files are on my comp…i got tricked into downloading something to play a vid in media player and it dl it all… i got rid of what i downloaded finally(took time since it wouldnt let me) and now i have the blinking icon that leads to the spydawn page…i dont have any of the registry files or proccesses…cant pay for the spyhunter(”kid”) but the blinking is annoying and dont want my mom to click on it…was wondering if it just directs you to the page or if it does actual harm(untill it goes away)…had a trojan but defender and me finally got it on defenders 5th scan…plz throw me some suggestions
Mar 7th, 2007 at 5:27 pm
kevin Says
i accidently downloaded spydawn through a phony media player thing…it came with a trojan also but i got rid of it with the help of windows defender…i know have the blinking icon leading to the page but no files or registries or anything on my comp…i know yall say use thay spybot but i cant buy it(im a kid with no credit card or anything) are there any suggestions or will it just go away.
Mar 7th, 2007 at 6:27 pm
Jason Says
OK so my first question is why the hell hasn’t any of the antispam companies come up with a frick’n fix for god’s sake?! Seriously, Microsoft’s only solution is to go purchase another software solution that rivals a major component of their OneCare system?
Next question…why the hell hasn’t any law inforcement shut down spydown.com? If the damn thing is part of this trojan and a scam for people who submit payment to that site, isn’t this grounds for some arrests?
I just got this damn thing on my computer after trying to view Paris Hilton’s sex tapes (just being honest). I’ve tried everything short of purchasing 3rd party software to remove this damn popup…ugg.
MICROSOFT….GET TO WORK AND PROVIDE A FIX THROUGH YOUR ONECARE SOFTWARE!!!!!!!!!
Mar 7th, 2007 at 9:34 pm
JHC Says
In response to your comment Brian, what do you think could be wrong? I understand my laptop is not right in front of you, but I’m thinking you can a hazard a guess .
Also, can anyone tell me what country SpyDawn’s creators came from, or what region? I have many connections and ‘friends’ and they can find out where they are and either hand em out to the cops or give them the anger of everyone infected with this spyware.
Mar 8th, 2007 at 1:09 am
TiberiusDRAIG Says
System Restore anyone? Did anyone but me even try it?
Well, Vista’s system restore nobbed on spydawn and i see no reason why XPs wouldn’t. It took the grand total of about 5 minutes to run a system restore and guess what - when I rebooted there was no spydawn, just a shortcut in the start menu which led to nothingness.
Teaches me to turn off UAC and Windows Defender though eh?
Mar 8th, 2007 at 2:44 pm
Tony Stacey Says
OK, after spending the day on this, with the help of all the info above, I have narrowed that annoying pop-up down to the file C:\windows\system32\geplxss.dll. Remove that file by first re-naming it, then re-booting and then deleting, should cure the problem.
Mar 8th, 2007 at 4:55 pm
kevin Says
go tony..it worked like a charm…thanks millions
Mar 8th, 2007 at 6:41 pm
Brian Says
2 new dll have been added to the Spydawn Removal Instructions.
Mar 9th, 2007 at 12:33 pm
Bryan Says
Folks, 3 days along but I believe it is “sweet success”!
No more “System Alert!” & that ruddy pulsating blue/red circle on the taskbar is no more..
I also used to get a web page that automatically wanted to open under- http :// spydawn. com/?aff=321
each time I clicked on that pulsating blue/red circle!
I can only speak for WindowsXP.
I’m no computer wiz, but here is my 1/2 cents worth.
This was done manually & no SpyDawn removal software was used.
Starters.
I Google(d) the word “SpyDawn” & opened & read several of the sites and printed out the pages which list all the (apparent)offending…exe, …dll,…files,…Registry strings, etc. [Quite amazing that no two seem to list the same SpyDawn stuff.]
1) I disabled the Windows XP “System Restore” function.
2) Conducted some of the “deleting” while in “Safe Mode” as well as “Normal mode”.
3) Worked my way systematically thru all the mentioned/identified files, processes & Registry values that the different web pages list. Re-ran several times and also used different variables just to see what it pulled up.
CAUTION. Obviously don’t delete unless EXACTLY as appearing on the website specifically list!
I also believe that in some of the “Registry” files there was a directly associated sub-file which read “Apartment” — I killed those too!
NOTE: IMPORTANT.
I also found that there was a file that read “Video Access ActiveX Object” which I found by
a) Click/open “My Computer”
b) Click/open “Local Disk C:”
c) Look for and click/open “Program Files” and scroll thru and I found “Video Access Active….” I deleted absolutely everything that was associated with this particular file (I checked “properties” before hitting “delete” just to make sure that all were associated with this file). I knew the date I fell victim so anything with the “created date” I recognized & I knew it was this bad boy!
Care: Some of my files would not initially “delete” & some mutated… but I stuck at it until EVERYTHING was eliminated!
Ultimately re-booted & I’m (apparently) completely free of “System Alert!” yellow triangles and NO blue/red pulsating circle.
REMEMBER: Go back in and re-activate “System Restore”, etc.
Mar 9th, 2007 at 5:29 pm
Brian Says
Bryan, that’s indeed very “sweet”!
Great job!
Mar 9th, 2007 at 7:27 pm
will Says
used spy hunter $30 then also had to use tony stacey’s method of renaming and deleting C:\windows\system32\geplxss.dll. Remove that file by first re-naming it, then re-booting and then deleting, should cure the problem.
no more pop ups hope it is gone
Mar 10th, 2007 at 9:15 am
Igor Says
My Dad’s computer was infected but I cleared it.
Here’s how I did it. First, I went to this site and printed out all the stuff I had to remove. Then I searched the registry stuff using regedit, and the files (.dll .exe) using the search feature on the start menu. I could not find any of the registry stuff and the only file I found was geplxss.dll I could not delete it from the search as it said “file is in use” So what I did was I restarted the computer using safe mode (before the windows screen comes up press F8) Then I select boot using safe mode. When I logged in using safe mode, find the file in the Windows system32 directory. It will not allow you to delete it as its currenty in use. SO CHANGE THE NAME! I renamed it geplxss.bobby and then restarted the computer normally and the blinking icon is gone. Next find the renamed file and delete it. I had just that file, but if you have more than that do it for each one. 1) search for it and get the directory 2) at safe mode, go to the directory and rename 3) boot normally 4) find the renamed file(s) and delete
Good luck and this virus does suck ass.
Mar 10th, 2007 at 5:29 pm
John Says
If it doesn’t allow you to delete, then just rename the file in safe mode then boot normally and delete the renamed file.
Mar 10th, 2007 at 5:35 pm
Frances Says
I think I’ve done something really bad. I removed spydawn by going to the uninstall area and clicked uninstall to everything that was installed on that certain day spydawn infected my computer. Now there’s a pop up that says Windows Explorer has stopped working. This computer is BRAND NEW. I didn’t have a chance to ever download anything. How can I get Windows Explorer to work again?? Please help!
Mar 10th, 2007 at 7:26 pm
Brent Says
Hey Guys I effectively removed Spydawn and everything associated with it, I just followed a few steps that someone else below me had posted and it worked like a charm, I just wanted to put the steps up here again for all of you who were infected with this piece of shit virus. (Time varies but took me about 2.5 hours as well)
“I just completely removed Spy Dawn from my computer in about 2.5 hours & here is how I did it (no promises, but it worked for me):
1)Click on the link that says “Dowload SpyDawn Automatic Removal Tool” (at the top of this page) and download the program.
2) Reboot your computer in “Safe Mode” (if you don’t know how to do this, go to )
4) After you have rebooted in “Safe Mode”, Run the program “SpyHunter” that was installed when you clicked on the Automatic Removal Tool Link (Don’t RUN SPY DAWN, WHATEVER YOU DO!!!!)
5) start the spyhunter software and then click the button that says ’start scan’ on the left of the screen, it will list the “Item Name”, “Object Name”, “Location” & “Type” (these are the column titles at the top of the page).
6) When the Spyhunter Program is finished running, ALL of the instances of SpyDawn & SpywareQuake will be listed in that table. Once you see that its done, will say so at the bottom, Sort by “Location”.
7) For anything that starts off with “HKEY_…” that means it is located in your registry. Go into Start, and click, “Run” and type in RegEdit. This will take you to your Registry Editor. Simply follow the paths listed in the “Location” section of the table, and delete ONLY these locations in the registry (it is quite a tedious process, but then you save the $30 by NOT having to buy the program… I had about 56 items in all).
8)Also to remember to delete any and all other files that pop up on the spyhunter program, most of these will be located on your C drive.
9) Once you have deleted ALL of the items that appeared in the SpyHunter Table, click “Start Scan” again to make sure that those items are no longer there. If there are items still there, repeat step #6-#8.
9) Once you have finally deleted them all (and this is confirmed by Re-running Spy Hunter and NOTHING is showing up) restart your computer and defragment and it should work fine (mine is!)”
So is my computer!
Good luck if you have any questions like if you can’t delete a file or something post a bulletin and I will get back to you the next time I check the website!
Mar 10th, 2007 at 10:10 pm
Brent Says
I removed the geplxss.dll a different way and probably a faster way. Once you have deleted every single other file that came up on the SpyHunter Program except for geplxss.dll because it says its in use. I restarted my computer in regular mode (not in safe mode), then just looked up the file in the C:\Windows\System32 file and deleted it. Since you deleted all those other files before, this file should no longer be in use and will delete just by right clicking and pressing delete, remember to delete it out of your trash bin too, but then your set!
Mar 10th, 2007 at 10:14 pm
Tim Says
I just turned on my computer and that little bastard is finally gone after a week of using spyhunter, spy doctor and ad-aware. I’m lucky I can log on to the internet correctly so I just got lucky in getting rid of spydawn
( I hope for good ). If I got rid of it, anyone can. Good luck to everyone. I spent $60.00 on two different companies’ software but it was worth it to me. Maybe it was just dumb luck, but that little icon is gone. I wish you all success in getting rid of it too. I also hope someone finds the creator of this GD thing and gives them 2 in the hat. God bless.
Mar 11th, 2007 at 1:34 am
Seth Says
okay, so I have just sat here and read through this entire thing and to me this spyware is hell on earth. Brand new computer and spydawn infected IN LESS THAN A MONTH of having it, all because of trying to see a vid on myspace. great. so yea. I actually am going to go ahead and spend 2 1/2 hours manually fixing it instead of the thirty bucks trying to dl yet another spyware/spyware ad “remover”. So wish me luck and all that jazz but my computer is on the heavy side of fritzing out. visuals are f***ed…128 trojan hijackers hit my comp. and over 270 infected files from it.
Mar 11th, 2007 at 3:07 pm
Frances Says
Alright, I am a little more educated now but I still have some problems. I downloaded SpyHunter and started the scan 143 problems popped up. I purchased the whole thing because I am completely computer illiterate and it will not download completely. An error pops up that says Cannot instal file “C:\Program Files\Enigma Software Group\SpyHunter\Boot Remover.exe” could someone please translate. I went back to where I purchased it and sent in a problem ticket and my response was to download SpyHunter a different way. I followed the directions but ended up with the same error message. Please keep in mind that there is a popup that keeps coming and saying that Windows Explorer has stopped working, all I do is drag it to the corner and everything works fine. Please help.
Mar 11th, 2007 at 9:46 pm
Frances Says
I DID IT!!!!!!!!!!!!!!!!!!!!!!!!! I’m so happy!! You have no idea how proud I am of myself. I purchased but never could completely download Spy Hunter and I have no idea how to do the things that were discribed above but after 7 and a half hours of looking around I finally did it! I had a popup that was saying Windows Explorer had stopped working - I didn’t even know what that was - and everytime it poped up the computer would freeze and when I closed it it close everything else. I eventually figured out how to run Regedit through the task bar (accidently) and went from there. A lot of the files wouldn’t let me delete them but after I would go through the list (from Spy Hunter) and then go back and they would delete. I even learned how to show ‘hidden files’ thanks to this thread (which I printed the WHOLE thing out). In total there were 145 files that needed deleted. Whew, am I glad that’s over with. Thanks to all your help I will be able to brag tomorrow at work… which is in less than 3 hours.
Mar 12th, 2007 at 2:33 am
Patrich in Copenhagen, Denmark Says
SPYDAWN, ALL GONE!!! I got spydawn in to my computer yesterday and got it out again by using the programes “Norman/VIRUSfighter” and “Ad-aware SE”
Mar 13th, 2007 at 1:04 am
Patrich in Copenhagen, Denmark Says
Don´t panic!
When you get a Virus, don´t panic getting a lot of anti-virus programs in to your computer at the same time to fight the stupid virus, cause if you do it will be like a country in war gathering a lot of soldiers together from different countries, to fight the enemy and then thay will start fighting eachother instead. SO… use ONE virusfighter at the time and only one, otherwise you´ll have NO use of it at all.
Mar 13th, 2007 at 1:12 am
Dave Says
Interesting. My story is a week ago I couldn’t log onto the internet (Firefox or IE) and the installation wizard kept popping up. Then the wizard states the need for a CD-Rom to be installed, a box with microsoft.Net Framework comes on the screen and won’t cancel. Of course I have the spydawn icon on the bottom. When left clicking or right clicking, the spydawn server can’t be located. Essentially, nothing is running on the PC except games, at a very slow speed. I had one of my daughters try to go into administrative tools and back date the boot up. She told me over the phone that the only date shown was the date the PC became infected. I recently tried to go into administrative tools and the PC won’t respond. I don’t know what in H we have on the PC. Unfortunately there are 4 people using the PC and certain children won’t admit where they went on the net. We use McAfee virus scan, installed 2 months ago after installing a new hard drive.
Mar 13th, 2007 at 8:12 pm
Kelley Says
Puleeze People!!! I have read this whole page, tried a few suggestions & cant get rid of this freakin spydawn! Anyone who is willing to walk me thru the easiest way to kill it, please post…….if buying the spyhunter for $30 is the easiest & for sure way to end this nightmare, let me know. Thanks!
Mar 13th, 2007 at 11:32 pm
Brian Says
Kelley, we would recommend you to try the manual removal instructions first. It’s fairly easy and it works for a lot of people if you know how to get around the computer. If the removal instruction doesn’t work for you, buying the software is always the last guaranteed option. Good luck!
Mar 14th, 2007 at 9:51 am
nelson Says
I’ve been trying to get rid of this godd*mn spydawn for the past two days. I tried the manual removal instructions but it’s just too complicated, then I paid 30 bucks for the software. WOW! Not only did it remove spydawn, I was also able to get a custom fix from tech support because I have other spyware in my machine. Two thumbs up!!
Mar 14th, 2007 at 12:02 pm
Kelley Says
Save yourself a lot of time & frustration & spend the $30. It removed SpyDawn & alot of other things that I didn’t even know was on my computer. It is well worth the money!
Mar 15th, 2007 at 12:42 pm
Tim Says
If you are running Windows Vista and get an error pops up that says Cannot instal file “C:\Program Files\Enigma Software Group\SpyHunter\Boot Remover.exe”. You just need to run the program as an Adminstrator, and everything should work fine.
Mar 17th, 2007 at 4:33 pm
Jay S Says
5.5 hrs later and after reading this entire list of suggestions, etc., I purchased Spy Hunter. I downloaded the “free scan” and spent 1.5 hrs scanning my files and when I went to purchase the full version, it required a reboot which lost the scan. Arggh. 1.4 hrs later I came up with some stuff but basically nothing to do with spydawn. I read some more, then Updated Spy Hunter (Arghh) and on advice here, booted in Safe Mode. Another 1.5 hrs to rescan but this time it came up with over 80 associated files and reg entries. So be sure to Update before wasting your time and probably good to do in Safe Mode to keep spydawn inactive during the process. This cleaned up my registry but one file kept recurring so I renamed it in regedit: hkey_local\Softwre\Microsoft\Windows\Run\Rare - I renamed Rare to Spy.
Also, another Spy Hunter name popped up in a directory ProgramFiles\VideoAccess. Bingo - these are the bad boys that are creating the pop up message. Use Windows Explorer to go to this directory and change names or delete. I think you can delete that entire folder. I first changed all the names in those files to a .bad extension. For example, pmsnrr.exe became pmsnrr.bad. But then deleted all of them. BTW, Hunter did not identify pmmnt.exe but he’s a bad guy too. I also noted that all these files came in at the same time - the time all hell broke out this morning. So using Start>Search, I searched for all files using “when was it modified” and restricted to today’s date. In the resulting list, I double clicked the date heading and found a slew of files all around the same time as noted above. I basically deleted all these files. Voila, I rebooted and am now virus free. Hope this helps someone else.
Mar 17th, 2007 at 5:47 pm
Bob Says
I have been able to remove all but one file of SpyDawn, getplxss.dll. I have been unable to unregister the DLL file and I cannot delete it. I enter the Windows Task Manager and I do not see in the processes tab and I cannot stop it there. It is basically the sole file that keeps that annoying pop up appearing on my system tray every 5 minutes or so.
I really do not want to pay for SpyHunter, and SpyBot does not pick up the file.
What other methods can I use to remove this file?
Mar 18th, 2007 at 2:01 am
John Says
I also did a huge search for SearchAssistant and anything related (esp. “srchasst”). A lot of those SpyDawn DLLs were linked to this srchasst program. I had to restart in SafeMode (I went CommandPrompt only) and manually “del”‘d a bunch of the “srchasst” files and directories (they were everywhere). This was a total manual process, so I don’t recommend it. But it might help to realize that SpyDawn and SearchAssistant are connected…at least that is how it looked on my computer.
FYI - I found some Registry entries for SpyDawn that had renamed “dll”s to “kll”…thought that was interesting. Thanks for all the help!!!
Mar 18th, 2007 at 3:26 pm
unknown Says
you know what they use the rename button on the program to fake that its called activeX ver.whatever they go on any old site to fake the webmaster to think that its a safe program to put on the computers web site while the sites loaded with videos its getting destroyed from the inside out by fake programs and trojan
Mar 18th, 2007 at 6:10 pm
benign canine Says
I used ALL of the suggested methods and am still unable to get rid of it. Norton was also unable to find it. I was however able to use toolbar properties to always hide the pop up warnings and remove the warning headaches from my toolbar, as well as the removal of all the links under my search bar.
But it remains in my add/remove program lineup in my control panel as System Alert Pop-Up program(which is also not to be found using my search feature).
Mar 19th, 2007 at 12:57 am
unknown Says
is there any other program that can get rid of this stuff other than spyhunter?
list some please thank you
Mar 19th, 2007 at 10:01 pm
unknown Says
and is the trojan zlob considered spyware?
Mar 20th, 2007 at 4:26 pm
Andy Says
I have looked for everything posted and found nothing but all I hae is that dam flashing warning. I have scanned my system with XlofsoftSE antispyware and regclean and I have nothing, so, here’s a quick way to get rid of seeing that dam warning. open internet explorer, right click on the bottom taskbar, anyplace but on that dam warning, click on properties, the task bar and start up menu shows up, in the taskbar tab, go to the bottom and click on “customize” in the customizes notification you will see that freaking flashing icon, click on it and you will be prompted to either “always show” “hide when inactive” OR always hide” That’s the one you wanty, click that, click OK, next window click apply and *POOF* icon is gone! It may be in the background but what I don’t see I don’t care about, plus all my programs are saying I’m clean and free os virus’s
Mar 20th, 2007 at 4:41 pm
unknown Says
Sam about the software from bleepingcomputer how the hell did it delete or clean my computer I dont see a process or nothing im gonna scan myself now!hopefully i wont still have them god dam viruses or spyware/adware
Mar 23rd, 2007 at 2:54 pm
unknown Says
I have a question will mcafee virus scan get rid of all this stuff like the trojan zlob cause when i used it like 3 times it didnt detect a single trojan only one tho guess he’s kinda slow
Mar 23rd, 2007 at 3:02 pm
unknown Says
but this one wasnt a zlob why see im not good with this stuff and i have no credit card number now cause there mailing me a new one i need free scan and removal of spyware and adware if anyone nows were there is some good virus fighting downloads that dont go crazy that would be nice
Mar 23rd, 2007 at 3:05 pm
Paul Says
I’m having a problem with SpyDawn attacking my media library,but I really hav’nt a clue where to go from here.I’m working on a Windows XP Media Center,but everything I tried has failed of made the problem worse.
Mar 31st, 2007 at 11:23 am
Eric Says
I found that this tahxqcj.dll is also a spydawn/spyadwareLocked related file in the system 32 folder. Changed it to a .bad (in safe mode), rebooted and norton recognized it immediately as a Zlob trojan and deleted it without any further problems. No more flashing security pop-up.
Note