The following instructions have been created to help you to get rid of "SpyDawn" manually.
If this guide was helpful to you, please consider donating towards this site.

Categories:
  • malware


Description:
Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. SpyDawn is in close relation to SpywareQuake.
Important: There are more start menu items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "SpyDawn" and pointing to "<$PROGRAMFILES>\<$REGMATCH0>\Spy*Dawn*.exe*".
  • Entries named "SpyDawn" and pointing to "<$PROGRAMFILES>\<$REGMATCH0>\*.exe".
  • Entries named "SpyDawn" and pointing to "<$PROGRAMFILES>\<$REGMATCH0>\*.exe".



Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products with a key that includes "SpyDawn" in its name or properties.



Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\<$REGMATCH0>\blacklist.txt".
  • The file at "<$PROGRAMFILES>\<$REGMATCH0>\sd.dat".
  • The file at "<$PROGRAMFILES>\<$REGMATCH0>\uninst.exe".
  • The file at "<$PROGRAMFILES>\<$REGMATCH0>\Lang\English.ini".
  • The file at "<$SYSDIR>\geplxss.dll".
  • A file with an unknown location named "sd_setup.exe".
  • A file with an unknown location named "sd_setup.exe".


Make sure you set your file manager to display hidden and system files. If SpyDawn uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\<$REGMATCH0>".
  • The directory at "<$PROGRAMS>\<$REGMATCH0>".
  • The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Lang".
  • The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Logs".
  • The directory at "<$PROGRAMFILES>\<$REGMATCH0>\Quarantine".
  • The directory at "<$PROGRAMFILES>\SpyDawn".
  • The directory at "<$PROGRAMS>\SpyDawn".


Make sure you set your file manager to display hidden and system files. If SpyDawn uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{AED6F6A3-183C-488D-9F90-23DB99F56E7F)" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{C1DF2728-8510-0773-96D8-5D0C1F27821B}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".


If SpyDawn uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.


If you have any further questions, please ask in our forum.

There are more files or system entries belonging to this product that <$SPYBOTSD> can remove, but that cannot be easily described in text. Please use <$SPYBOTSD> to make sure <$PRODUCTNAME> gets completely removed.