The following instructions have been created to help you to get rid of "SpyDawn" manually.
If this guide was helpful to you, please consider donating towards this site.
Categories:
Description: Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. SpyDawn is in close relation to SpywareQuake.
Important: There are more start menu items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.
Autorun:
Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
- Entries named "SpyDawn" and pointing to "<$PROGRAMFILES>\<$REGMATCH0>\Spy*Dawn*.exe*".
- Entries named "SpyDawn" and pointing to "<$PROGRAMFILES>\<$REGMATCH0>\*.exe".
- Entries named "SpyDawn" and pointing to "<$PROGRAMFILES>\<$REGMATCH0>\*.exe".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
- Products with a key that includes "SpyDawn" in its name or properties.
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
- The file at "<$PROGRAMFILES>\<$REGMATCH0>\blacklist.txt".
- The file at "<$PROGRAMFILES>\<$REGMATCH0>\sd.dat".
- The file at "<$PROGRAMFILES>\<$REGMATCH0>\uninst.exe".
- The file at "<$PROGRAMFILES>\<$REGMATCH0>\Lang\English.ini".
- The file at "<$SYSDIR>\geplxss.dll".
- A file with an unknown location named "sd_setup.exe".
- A file with an unknown location named "sd_setup.exe".
Make sure you set your file manager to display hidden and system files. If SpyDawn uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
- The directory at "<$PROGRAMFILES>\<$REGMATCH0>".
- The directory at "<$PROGRAMS>\<$REGMATCH0>".
- The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Lang".
- The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Logs".
- The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Quarantine".
- The directory at "<$PROGRAMFILES>\SpyDawn".
- The directory at "<$PROGRAMS>\SpyDawn".
Make sure you set your file manager to display hidden and system files. If SpyDawn uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
- Delete the registry key "{AED6F6A3-183C-488D-9F90-23DB99F56E7F)" at "HKEY_CLASSES_ROOT\CLSID\".
- Delete the registry key "{C1DF2728-8510-0773-96D8-5D0C1F27821B}" at "HKEY_CLASSES_ROOT\CLSID\".
- Delete the registry key "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
If SpyDawn uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.
There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.
If you have any further questions, please ask in our forum.
There are more files or system entries belonging to this product that <$SPYBOTSD> can remove, but that cannot be easily described in text. Please use <$SPYBOTSD> to make sure <$PRODUCTNAME> gets completely removed.