SpyFalcon is a rogue antivirus that that existed between 2006-2009 which promised to remove spyware and could be downloaded from (domain already non-existent). It is part of the win32/renos family.



SpyFalcon can be distributed by trojans and through malicious advertisements using certain exploits.


SpyFalcon performs a "complete system scan" for viruses and sent a message that the computer was infected with spyware, the virus showed ads every minute saying "Your computer is infected!" It opened Pop-Ups, dialogs and homepage online offers. 

SpyFalcon may then offer to download its application in order to remove the threat. If the user followed the instructions, SpyFalcon will be installed and may redirect the user's Internet Explorer home page and search results to other unsolicited websites. SpyFalcon may also download and install additional malware inside the user's computer system without their knowledge or consent. 

To obtain the most recent definitions, the user starts Symantec program and run LiveUpdate.

While SpyFalcon is installed it activates the following programs, %ProgramFiles%\SpyFalcon C:\Documents and Settings\Administrator\Start Menu\Programs\SpyFalcon

Community content is available under CC-BY-SA unless otherwise noted.