SpyDawn Descriptions:
SpyDawn is counterfeit anti-spyware software. SpyDawn usually installed itself onto your PC without your permission, through Trojan and virus. SpyDawn will display fake security alerts or notifications to trick user to buy the Paid Version of SpyDawn.
(You could get SpyDawn by opening an infected message in myspace, or installing infected or fake video codec from myspace or other websites) (A variant of SpyDawn is called SpyLocked found on March 19, 2007)
Try Recommended SpyHunter* Spyware Detection Utility.
Stop SpyDawn Processes:
(Learn how to stop a process)
spydawn.exe
Unregister SpyDawn DLL Files:
(Learn how to unregister a dll file)
msvcp71.dll
higehsg.dll
xkrdk.dll
geplxss.dll
tvomnc.dll
Remove SpyDawn Registry Values:
(Learn how to delete a registry value)
HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \App Paths\SpyDawn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \Uninstall\SpyDawn
HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA
Find and Delete these SpyDawn Files:
spydawn.exe
sd_setup.exe
msvcp71.dll
higehsg.dll
xkrdk.dll
geplxss.dll
tvomnc.dll
SpyDawn 3.1.lnk
SpyDawn.lnk
SpyDawn 3.1 Website.lnk
Uninstall SpyDawn 3.1.lnk
Get the SpyHunter* Spyware Detection Utility.
My Dad’s computer was infected but I cleared it.
Here’s how I did it. First, I went to this site and printed out all the stuff I had to remove. Then I searched the registry stuff using regedit, and the files (.dll .exe) using the search feature on the start menu. I could not find any of the registry stuff and the only file I found was geplxss.dll I could not delete it from the search as it said “file is in use” So what I did was I restarted the computer using safe mode (before the windows screen comes up press F8) Then I select boot using safe mode. When I logged in using safe mode, find the file in the Windows system32 directory. It will not allow you to delete it as its currenty in use. SO CHANGE THE NAME! I renamed it geplxss.bobby and then restarted the computer normally and the blinking icon is gone. Next find the renamed file and delete it. I had just that file, but if you have more than that do it for each one. 1) search for it and get the directory 2) at safe mode, go to the directory and rename 3) boot normally 4) find the renamed file(s) and delete
Good luck and this virus does suck ass.
If it doesn’t allow you to delete, then just rename the file in safe mode then boot normally and delete the renamed file.
I think I’ve done something really bad. I removed spydawn by going to the uninstall area and clicked uninstall to everything that was installed on that certain day spydawn infected my computer. Now there’s a pop up that says Windows Explorer has stopped working. This computer is BRAND NEW. I didn’t have a chance to ever download anything. How can I get Windows Explorer to work again?? Please help!
Hey Guys I effectively removed Spydawn and everything associated with it, I just followed a few steps that someone else below me had posted and it worked like a charm, I just wanted to put the steps up here again for all of you who were infected with this piece of shit virus. (Time varies but took me about 2.5 hours as well)
“I just completely removed Spy Dawn from my computer in about 2.5 hours & here is how I did it (no promises, but it worked for me):
1)Click on the link that says “Dowload SpyDawn Automatic Removal Tool†(at the top of this page) and download the program.
2) Reboot your computer in “Safe Mode†(if you don’t know how to do this, go to )
4) After you have rebooted in “Safe Modeâ€, Run the program “SpyHunter†that was installed when you clicked on the Automatic Removal Tool Link (Don’t RUN SPY DAWN, WHATEVER YOU DO!!!!)
5) start the spyhunter software and then click the button that says ‘start scan’ on the left of the screen, it will list the “Item Nameâ€, “Object Nameâ€, “Location†& “Type†(these are the column titles at the top of the page).
6) When the Spyhunter Program is finished running, ALL of the instances of SpyDawn & SpywareQuake will be listed in that table. Once you see that its done, will say so at the bottom, Sort by “Locationâ€.
7) For anything that starts off with “HKEY_…†that means it is located in your registry. Go into Start, and click, “Run†and type in RegEdit. This will take you to your Registry Editor. Simply follow the paths listed in the “Location†section of the table, and delete ONLY these locations in the registry (it is quite a tedious process, but then you save the $30 by NOT having to buy the program… I had about 56 items in all).
8)Also to remember to delete any and all other files that pop up on the spyhunter program, most of these will be located on your C drive.
9) Once you have deleted ALL of the items that appeared in the SpyHunter Table, click “Start Scan†again to make sure that those items are no longer there. If there are items still there, repeat step #6-#8.
9) Once you have finally deleted them all (and this is confirmed by Re-running Spy Hunter and NOTHING is showing up) restart your computer and defragment and it should work fine (mine is!)”
So is my computer!
Good luck if you have any questions like if you can’t delete a file or something post a bulletin and I will get back to you the next time I check the website!
I removed the geplxss.dll a different way and probably a faster way. Once you have deleted every single other file that came up on the SpyHunter Program except for geplxss.dll because it says its in use. I restarted my computer in regular mode (not in safe mode), then just looked up the file in the C:\Windows\System32 file and deleted it. Since you deleted all those other files before, this file should no longer be in use and will delete just by right clicking and pressing delete, remember to delete it out of your trash bin too, but then your set!
I just turned on my computer and that little bastard is finally gone after a week of using spyhunter, spy doctor and ad-aware. I’m lucky I can log on to the internet correctly so I just got lucky in getting rid of spydawn
( I hope for good ). If I got rid of it, anyone can. Good luck to everyone. I spent $60.00 on two different companies’ software but it was worth it to me. Maybe it was just dumb luck, but that little icon is gone. I wish you all success in getting rid of it too. I also hope someone finds the creator of this GD thing and gives them 2 in the hat. God bless.
okay, so I have just sat here and read through this entire thing and to me this spyware is hell on earth. Brand new computer and spydawn infected IN LESS THAN A MONTH of having it, all because of trying to see a vid on myspace. great. so yea. I actually am going to go ahead and spend 2 1/2 hours manually fixing it instead of the thirty bucks trying to dl yet another spyware/spyware ad “remover”. So wish me luck and all that jazz but my computer is on the heavy side of fritzing out. visuals are f***ed…128 trojan hijackers hit my comp. and over 270 infected files from it.
Alright, I am a little more educated now but I still have some problems. I downloaded SpyHunter and started the scan 143 problems popped up. I purchased the whole thing because I am completely computer illiterate and it will not download completely. An error pops up that says Cannot instal file “C:\Program Files\Enigma Software Group\SpyHunter\Boot Remover.exe” could someone please translate. I went back to where I purchased it and sent in a problem ticket and my response was to download SpyHunter a different way. I followed the directions but ended up with the same error message. Please keep in mind that there is a popup that keeps coming and saying that Windows Explorer has stopped working, all I do is drag it to the corner and everything works fine. Please help.
I DID IT!!!!!!!!!!!!!!!!!!!!!!!!! I’m so happy!! You have no idea how proud I am of myself. I purchased but never could completely download Spy Hunter and I have no idea how to do the things that were discribed above but after 7 and a half hours of looking around I finally did it! I had a popup that was saying Windows Explorer had stopped working – I didn’t even know what that was – and everytime it poped up the computer would freeze and when I closed it it close everything else. I eventually figured out how to run Regedit through the task bar (accidently) and went from there. A lot of the files wouldn’t let me delete them but after I would go through the list (from Spy Hunter) and then go back and they would delete. I even learned how to show ‘hidden files’ thanks to this thread (which I printed the WHOLE thing out). In total there were 145 files that needed deleted. Whew, am I glad that’s over with. Thanks to all your help I will be able to brag tomorrow at work… which is in less than 3 hours.
SPYDAWN, ALL GONE!!! I got spydawn in to my computer yesterday and got it out again by using the programes “Norman/VIRUSfighter” and “Ad-aware SE”
Don´t panic!
When you get a Virus, don´t panic getting a lot of anti-virus programs in to your computer at the same time to fight the stupid virus, cause if you do it will be like a country in war gathering a lot of soldiers together from different countries, to fight the enemy and then thay will start fighting eachother instead. SO… use ONE virusfighter at the time and only one, otherwise you´ll have NO use of it at all.
Interesting. My story is a week ago I couldn’t log onto the internet (Firefox or IE) and the installation wizard kept popping up. Then the wizard states the need for a CD-Rom to be installed, a box with microsoft.Net Framework comes on the screen and won’t cancel. Of course I have the spydawn icon on the bottom. When left clicking or right clicking, the spydawn server can’t be located. Essentially, nothing is running on the PC except games, at a very slow speed. I had one of my daughters try to go into administrative tools and back date the boot up. She told me over the phone that the only date shown was the date the PC became infected. I recently tried to go into administrative tools and the PC won’t respond. I don’t know what in H we have on the PC. Unfortunately there are 4 people using the PC and certain children won’t admit where they went on the net. We use McAfee virus scan, installed 2 months ago after installing a new hard drive.
Puleeze People!!! I have read this whole page, tried a few suggestions & cant get rid of this freakin spydawn! Anyone who is willing to walk me thru the easiest way to kill it, please post…….if buying the spyhunter for $30 is the easiest & for sure way to end this nightmare, let me know. Thanks!
Kelley, we would recommend you to try the manual removal instructions first. It’s fairly easy and it works for a lot of people if you know how to get around the computer. If the removal instruction doesn’t work for you, buying the software is always the last guaranteed option. Good luck!
I’ve been trying to get rid of this godd*mn spydawn for the past two days. I tried the manual removal instructions but it’s just too complicated, then I paid 30 bucks for the software. WOW! Not only did it remove spydawn, I was also able to get a custom fix from tech support because I have other spyware in my machine. Two thumbs up!!
Save yourself a lot of time & frustration & spend the $30. It removed SpyDawn & alot of other things that I didn’t even know was on my computer. It is well worth the money!
If you are running Windows Vista and get an error pops up that says Cannot instal file “C:\Program Files\Enigma Software Group\SpyHunter\Boot Remover.exeâ€. You just need to run the program as an Adminstrator, and everything should work fine.
5.5 hrs later and after reading this entire list of suggestions, etc., I purchased Spy Hunter. I downloaded the “free scan” and spent 1.5 hrs scanning my files and when I went to purchase the full version, it required a reboot which lost the scan. Arggh. 1.4 hrs later I came up with some stuff but basically nothing to do with spydawn. I read some more, then Updated Spy Hunter (Arghh) and on advice here, booted in Safe Mode. Another 1.5 hrs to rescan but this time it came up with over 80 associated files and reg entries. So be sure to Update before wasting your time and probably good to do in Safe Mode to keep spydawn inactive during the process. This cleaned up my registry but one file kept recurring so I renamed it in regedit: hkey_local\Softwre\Microsoft\Windows\Run\Rare – I renamed Rare to Spy.
Also, another Spy Hunter name popped up in a directory ProgramFiles\VideoAccess. Bingo – these are the bad boys that are creating the pop up message. Use Windows Explorer to go to this directory and change names or delete. I think you can delete that entire folder. I first changed all the names in those files to a .bad extension. For example, pmsnrr.exe became pmsnrr.bad. But then deleted all of them. BTW, Hunter did not identify pmmnt.exe but he’s a bad guy too. I also noted that all these files came in at the same time – the time all hell broke out this morning. So using Start>Search, I searched for all files using “when was it modified” and restricted to today’s date. In the resulting list, I double clicked the date heading and found a slew of files all around the same time as noted above. I basically deleted all these files. Voila, I rebooted and am now virus free. Hope this helps someone else.
I have been able to remove all but one file of SpyDawn, getplxss.dll. I have been unable to unregister the DLL file and I cannot delete it. I enter the Windows Task Manager and I do not see in the processes tab and I cannot stop it there. It is basically the sole file that keeps that annoying pop up appearing on my system tray every 5 minutes or so.
I really do not want to pay for SpyHunter, and SpyBot does not pick up the file.
What other methods can I use to remove this file?
I also did a huge search for SearchAssistant and anything related (esp. “srchasst”). A lot of those SpyDawn DLLs were linked to this srchasst program. I had to restart in SafeMode (I went CommandPrompt only) and manually “del”‘d a bunch of the “srchasst” files and directories (they were everywhere). This was a total manual process, so I don’t recommend it. But it might help to realize that SpyDawn and SearchAssistant are connected…at least that is how it looked on my computer.
FYI – I found some Registry entries for SpyDawn that had renamed “dll”s to “kll”…thought that was interesting. Thanks for all the help!!!
you know what they use the rename button on the program to fake that its called activeX ver.whatever they go on any old site to fake the webmaster to think that its a safe program to put on the computers web site while the sites loaded with videos its getting destroyed from the inside out by fake programs and trojan
I used ALL of the suggested methods and am still unable to get rid of it. Norton was also unable to find it. I was however able to use toolbar properties to always hide the pop up warnings and remove the warning headaches from my toolbar, as well as the removal of all the links under my search bar.
But it remains in my add/remove program lineup in my control panel as System Alert Pop-Up program(which is also not to be found using my search feature).
is there any other program that can get rid of this stuff other than spyhunter?
list some please thank you
and is the trojan zlob considered spyware?
I have looked for everything posted and found nothing but all I hae is that dam flashing warning. I have scanned my system with XlofsoftSE antispyware and regclean and I have nothing, so, here’s a quick way to get rid of seeing that dam warning. open internet explorer, right click on the bottom taskbar, anyplace but on that dam warning, click on properties, the task bar and start up menu shows up, in the taskbar tab, go to the bottom and click on “customize” in the customizes notification you will see that freaking flashing icon, click on it and you will be prompted to either “always show” “hide when inactive” OR always hide” That’s the one you wanty, click that, click OK, next window click apply and *POOF* icon is gone! It may be in the background but what I don’t see I don’t care about, plus all my programs are saying I’m clean and free os virus’s
Sam about the software from bleepingcomputer how the hell did it delete or clean my computer I dont see a process or nothing im gonna scan myself now!hopefully i wont still have them god dam viruses or spyware/adware
I have a question will mcafee virus scan get rid of all this stuff like the trojan zlob cause when i used it like 3 times it didnt detect a single trojan only one tho guess he’s kinda slow
but this one wasnt a zlob why see im not good with this stuff and i have no credit card number now cause there mailing me a new one i need free scan and removal of spyware and adware if anyone nows were there is some good virus fighting downloads that dont go crazy that would be nice
I’m having a problem with SpyDawn attacking my media library,but I really hav’nt a clue where to go from here.I’m working on a Windows XP Media Center,but everything I tried has failed of made the problem worse.
I found that this tahxqcj.dll is also a spydawn/spyadwareLocked related file in the system 32 folder. Changed it to a .bad (in safe mode), rebooted and norton recognized it immediately as a Zlob trojan and deleted it without any further problems. No more flashing security pop-up.
Note: this variant had NONE of the original files at the top of the forum aside from the msvcp71.dll file. Only these two dlls listed
this is rediculous… here we all are tryin to get rid of this @#$% program…is there no way to stop the people or companies sending it out..? why should we have to work this hard? they should be in jail… remember the man-hunt when the first viruses were sent out? federal authorities should take these guys down and have them write a FREE program to take care of this… i am tired of messin with it!!! anyone know what authorities, if any, we can contact to do somethin about this???
Spydawn attacks your ethernet port and will also attack the wireless on a laptop as well as the ethernet port so you can’t get to the net to fix it. I used a USB Ethernet jack made by DLink so I could bypass the factory built in net ports and wireless. Once the Net started to work again I just updated SpywareBlaster, SpyBot and AdAwareSE and then ran scans and secure shredder etc. Immunize etc. sys internals etc. and a complete smart scan in AdAwareSE and that fixed the whole thing in 20 minutes. Pah ! SpyDawn ! What a load of rubbish ! Use the USB ethernet adapater and that thing will be gone. WinXP was the Op Sys HP Laptop P4.
yeah…my computer has had a problem with it’s audio configuration for the last few days & no sound comes from the computer at all
i have vista & a few days ago it just stopped!
& a pop-up screen came up that said:
Cannot Start: 6811507 Invalid Configuration
i don’t know what this means!!
i’ve been reading about Spydawn on this site, but i haven’t seen anything as of late that says “spydawn”, but a while back we did have a trojan virus
& i do have a myspace account, & recently, i’ve received multiple messages with pornographic videos, but like i said, i see no trace of Spydawn
any thoughts?
I’d prefer reading in my native language, because my knowledge of your languange is no so well. But it was interesting! Look for some my links: