NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove SpyLocked. Description and removal instructions

 
Title: SpyLocked
 Also known as: Spy Locked
Type: Trojans
Severity scale:SpyLocked severity is 60  (60 / 100)
 
SpyLocked is a trojan that displays an icon in the system tray. This icon shows a message, which says that the compromised computer is infected with dangerous spyware parasites and asks the user to download and install a removal program, which actually is SpyLocked, the same named corrupt illegally distributed spyware remover. Once the user clicks on that message, the trojan opens a web site distributing SpyLocked. It may also try to download the application. The trojan is able to change the Internet Explorer default home page and redirect the web browser to malicious web sites. SpyLocked automatically runs on every Windows startup.

Usually, the parasite gets installed by fake video codecs.

FORUM:
Discuss SpyLocked in
spyware removal forum

Related files: spylocked.exe, fyxkaah.dll, onwtj.dll, sd.ini, spylocked 3.6.exe, dxovx.dll, ilmpjy.dll, rcohty.dll, xuoce.dll, kgkdbsk.dll, egzcqg.dll, antzozc.dll, dtjby.dll, uimcu.dll, indwvm.dll, viuaoq.dll, eeuydc.dll

SpyLocked properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic SpyLocked removal:

remover for SpyLocked

SpyLocked manual removal:

Kill processes:
spylocked.exe, spylocked 3.6.exe, spylocked 3.7.exe, spylocked 3.9.exe, spylocked 4.0.exe, spylocked 4.1.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyLocked
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyLocked 3.6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyLocked 3.7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyLocked 3.9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyLocked 4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyLocked 4.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spylocked.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spylocked 3.6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spylocked 3.7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spylocked 3.9.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spylocked 4.0.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spylocked 4.1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0C5A0FFF-9164-493B-93E0-17446374E0A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{25B7D2FD-4F71-46D1-801A-7DE323E4EC82}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{4233AC08-A2C4-4742-A0B4-83719613D62C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{44E670F2-D57B-4815-A576-955D17DBBF2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{6AD686B9-AB56-4EBC-A804-9F70B55B4577}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{716002DB-288C-4BF0-80CD-A467E78D8B55}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{735E980D-45D2-4777-AF82-9923D3C8D3AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B23DC537-3E13-44C7-BF67-D8405EB377F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B292EC9F-A074-4115-8342-1F459702D8D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{CECA6F2B-247B-4ECE-9B7A-D0135C8036FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{D7058BAA-49A4-40B7-95C2-EEC95CDF51F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{DA3B49F6-8C54-4429-A275-21A86DCCA413}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E1D3B05D-4DD9-468D-982E-C342F05436E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{EDE8BED5-92CF-4482-8F51-A01CD9B3EA37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{FA4FBF53-C766-4622-8011-A87A805EEBF0}
HKEY_CLASSES_ROOT\TypeLib\{50450F27-B90B-422B-A4C9-5EC5A5B78001}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0C5A0FFF-9164-493B-93E0-17446374E0A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25B7D2FD-4F71-46D1-801A-7DE323E4EC82}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44E670F2-D57B-4815-A576-955D17DBBF2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AD686B9-AB56-4EBC-A804-9F70B55B4577}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{735E980D-45D2-4777-AF82-9923D3C8D3AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B292EC9F-A074-4115-8342-1F459702D8D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CECA6F2B-247B-4ECE-9B7A-D0135C8036FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7058BAA-49A4-40B7-95C2-EEC95CDF51F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA3B49F6-8C54-4429-A275-21A86DCCA413}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D3B05D-4DD9-468D-982E-C342F05436E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDE8BED5-92CF-4482-8F51-A01CD9B3EA37}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA4FBF53-C766-4622-8011-A87A805EEBF0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{062BC936-7CE4-421C-944E-BD388EC91C86}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22F1A770-B823-48D4-8693-B953902A06EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A7A14FD-7FEC-48CF-A06F-210344DE6E75}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41E4ADCD-CCC2-4DA0-97C3-83051A4C35F1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54D2D4FC-914C-432C-B638-599F48D77A08}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F342C0C-EF49-49E2-B3F1-FE28F193B974}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F61B413-1DFE-4C4C-8CD4-B97BE0B17504}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{764CE36A-C778-42A8-B3B2-4B09A4B10469}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87EA76C9-411E-44D0-8270-EA2DF3941133}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94792C8E-6FE0-462C-9D20-AD560608DDA1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{99EAEF8C-652D-407C-8319-781A2BB30FF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A392D107-AFBF-4E1B-8092-DB508BC890A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD2AA1CD-22FF-4562-A616-1C64A42985BB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2D197C9-8570-4AC8-A121-92F9A8CCD857}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CBCCB1D8-AB10-4B4C-9982-A8DEA99F3111}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F198A883-6BCF-4B94-A890-D8ED007FBCF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2DA226F0-FE43-4F80-A94A-1848039DE0DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{50450F27-B90B-422B-A4C9-5EC5A5B78001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}
HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked
HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 3.6
HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 3.7
HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 3.9
HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 4.0
HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 4.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 4.1
HELP:
how to remove registry entries

Unregister DLLs:
antzozc.dll, dtjby.dll, dxovx.dll, eeuydc.dll, egzcqg.dll, fyxkaah.dll, ilmpjy.dll, indwvm.dll, kgkdbsk.dll, onwtj.dll, pkjcoxq.dll, rcohty.dll, uimcu.dll, viuaoq.dll, xuoce.dll
HELP:
how to unregister malicious DLLs

Delete files:
spylocked.exe, antzozc.dll, dtjby.dll, dxovx.dll, eeuydc.dll, egzcqg.dll, fyxkaah.dll, ilmpjy.dll, indwvm.dll, kgkdbsk.dll, onwtj.dll, pkjcoxq.dll, uimcu.dll, viuaoq.dll, xuoce.dll, sd.ini
HELP:
how to remove harmful files

Delete directories:
C:\Program Files\SpyLocked
C:\Program Files\SpyLocked 3.6
C:\Program Files\SpyLocked 3.7
C:\Program Files\SpyLocked 3.9
C:\Program Files\SpyLocked 4.0
C:\Program Files\SpyLocked 4.1
Misc:
Exact file location:

spylocked.exe, sd.ini - C:\Program Files\SpyLocked
spylocked 3.6.exe, sd.ini - C:\Program Files\SpyLocked 3.6
spylocked 3.7.exe, sd.ini - C:\Program Files\SpyLocked 3.7
spylocked 3.9.exe, sd.ini - C:\Program Files\SpyLocked 3.9
spylocked 4.0.exe, sd.ini - C:\Program Files\SpyLocked 4.0
spylocked 4.1.exe, sd.ini - C:\Program Files\SpyLocked 4.1
antzozc.dll, dtjby.dll, dxovx.dll, eeuydc.dll, egzcqg.dll, fyxkaah.dll, ilmpjy.dll, indwvm.dll, kgkdbsk.dll, onwtj.dll, pkjcoxq.dll, rcohty.dll, uimcu.dll, viuaoq.dll, xuoce.dll - C:\WINDOWS\System, C:\WINDOWS\System32 or C:\WINNT\System32


Domain Name: SPYLOCKED.COM (85.255.120.50)
Registrant:
Privacyprotect.org
Domain Admin (contact@privacyprotect.org)
PO Box 83-000
Johnsonville
Wellington
null,6440
NZ
Tel. +45.36946676

AVOID THIS DOMAIN AND THIS IP! Better block them in your Hosts file.
SpyLocked / SpywareLocked Removal Guide

Other programs to remove SpyLocked:

• Spy Sweeper - Review - Tutorial - Download

Information added: 21/03/07
Information updated: 26/06/07

Additional resources related to SpyLocked:

Attention: If you know or you have a website or page about SpyLocked removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about SpyLocked parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.


Enter security code:


Comments from visitors:

1. by Guest. 2007-06-26 14:06:17
yeah I got spylocked and it automatically scanned my computer....same thing happened about a year ago when WIN software came and almost destroyed my computer. At that time I downloaded Windows Defender and I worked really good too!!

2. by Guest. 2007-06-17 09:06:29
hope this works, how do they get away with this, should be laws against it!!!!!!!!!

3. by Guest. 2007-06-06 03:06:19
It wont let me visit any other websites or download anything. I have a Spylocked 4.0 icon on my task bar. I tried downloading software from another PC and putting it on a disk, then using the disk in the infected machine, but this is not working either :( any ideas?

4. by Guest. 2007-05-30 17:05:09
I used the Macafee help desk and you can download a patch that removes the spylocked
program in about 10 seconds.

5. by Guest. 2007-05-24 21:05:48
lol this didnt work or spyhunter lies!! this said i didnt have the ware and spyhunter said i had it!!! wow seems like they all are the same!!

6. by Guest. 2007-05-19 09:05:51
ok

7. by Guest. 2007-05-19 04:05:16
woo, thie is a hard work . it is a great lesson foe me .... thanks

8. by Guest. 2007-04-29 07:04:34
Will anything be destroyed on the comuter if i download removal software?

9. by Guest. 2007-04-10 05:04:39
What if it has already been installed, and the computer has already been restarted? I tried the system restore tool, but it seems to have taken them away. Any info would be greatly appreciated..

10. by Guest. 2007-04-01 05:04:53
oyopu.dll is a new file in the spylocked program.

11. by Guest. 2007-03-27 19:03:37
Hello, I cannot get rid of the icon in the toolbar! everything else is gone except that icon, does anyone know where it specifically resides?
Related news:
Similar parasites:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.