SpyLocked / SpywareLocked Removal Guide

hy do you need to get rid of SpyLocked / SpywareLocked?

SpyLocked / SpywareLocked is a corrupt anti-spyware program illegally installed to user computers by widely spread trojans and through exploits. This application is not only a weak spy ware remover, but also a clone of the infamous rogues.

SpywareLocked is a successor of SpyLocked. Both programs have the same look, use identical parasite definitions databases and consist of terribly similar components. SpywareLocked is actually an updated variant of SpyLocked – some minor, mostly cosmetic changes have been introduced in order to avoid detection by some security-related programs.

Results of thorough tests we have conducted reveal that although the program does not produce false positives and really finds some malicious parasites, it cannot completely eliminate most prevalent infections, and therefore is definitely unable to protect user privacy and system security.

The program refuses to remove any parasites it finds and asks to register and purchase the full version. Active Guard, SpyLocked / SpywareLocked real-time monitor, is also disabled.

What installs SpyLocked / SpywareLocked without your knowledge and consent?

SpyLocked / SpywareLocked is a trojan that displays an icon in the system tray. This icon shows a message, which says that the compromised computer is infected with dangerous spyware parasites and asks the user to download and install a removal program, which actually is SpyLocked / SpywareLocked, the same named corrupt illegally distributed spyware remover. Once the user clicks on that message, the trojan opens a web site distributing SpyLocked / SpywareLocked. It may also try to download the application. The trojan is able to change the Internet Explorer default home page and redirect the web browser to malicious web sites. SpyLocked / SpywareLocked automatically runs on every Windows startup.

Usually, the parasite gets installed by fake video codecs.

Are you infected?

Your system is infected with SpyLocked / SpywareLocked if you can see any of the following symptoms:

a) There is a suspicious icon in the system tray. It might be a red circle with a line inside, a question mark or an icon similar to one of the Windows Update tool.

b) A suspicious icon in the system tray pops up a message saying that your computer is infected with dangerous parasites. It asks you to download and install a removal program, which actually is SpyLocked / SpywareLocked. This message usually contains the following text:

System alert!
System has detected a number of active spyware applications
that may impact the performance of your computer.Click the
icon to get rid of unwanted spyware by downloading an
up-to-date antispyware solution.

c) SpyLocked / SpywareLocked, a corrupt spyware remover is installed to your system. It runs on every Windows startup. The program’s main window is shown above.

d) Your Internet Explorer home page has changed and you cannot get it back. Now you get a warning page saying that spyware and viruses are detected on your PC and asking you to run a free scan in order to remove malware.

e) Any of these processes is running: spylocked.exe, spywarelocked.exe, spy-locked.exe, spywarelock.exe, spywarelocked 3.5.exe, spylocked 3.6.exe, spylocked 3.7.exe, spylocked 3.9.exe.

f) Your HijackThis log contains any of the following entries:
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked\spylocked.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.6\spylocked 3.6.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.7\spylocked 3.7.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.9\spylocked 3.9.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 4.0\spylocked 4.0.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 4.1\spylocked 4.1.exe
O4 – HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\spywarelocked.exe
O4 – HKLM\..\Run: [SpywareLocked 3.3] C:\Program Files\SpywareLocked 3.3\spy-locked.exe
O4 – HKLM\..\Run: [SpywareLocked 3.4] C:\Program Files\SpywareLocked 3.4\spywarelock.exe
O4 – HKLM\..\Run: [SpywareLocked 3.5] C:\Program Files\SpywareLocked 3.5\spywarelocked 3.5.exe
O21 – SSODL: admissibility – {da3b49f6-8c54-4429-a275-21a86dcca413} – C:\WINDOWS\system32\xuoce.dll
O21 – SSODL: auditioned – {44e670f2-d57b-4815-a576-955d17dbbf2d} – C:\WINDOWS\system32\eeuydc.dll
O21 – SSODL: antiforeigner – {ede8bed5-92cf-4482-8f51-a01cd9b3ea37} – C:\WINDOWS\system32\egzcqg.dll
O21 – SSODL: bedstead – {b23dc537-3e13-44c7-bf67-d8405eb377f7} – C:\WINDOWS\system32\rcohty.dll
O21 – SSODL: calocarpum – {0e4e5110-a772-4c4a-a7dc-137fe10abd6e} – C:\WINDOWS\system32\czxtyx.dll
O21 – SSODL: characterizing – {ceca6f2b-247b-4ece-9b7a-d0135c8036fc} – C:\WINDOWS\system32\fyxkaah.dll
O21 – SSODL: chitosan – {b292ec9f-a074-4115-8342-1f459702d8d2} – C:\WINDOWS\system32\onwtj.dll

O21 – SSODL: crowsteps – {e1d3b05d-4dd9-468d-982e-c342f05436e5} – C:\WINDOWS\system32\pkjcoxq.dll

O21 – SSODL: curdler – {bd0fc212-0a36-4232-83cc-2063fb9282e0} – C:\WINDOWS\system32\qzviz.dll
O21 – SSODL: deboner – {fa4fbf53-c766-4622-8011-a87a805eebf0} – C:\WINDOWS\system32\antzozc.dll
O21 – SSODL: depreciable – {716002db-288c-4bf0-80cd-a467e78d8b55} – C:\WINDOWS\system32\dxovx.dll
O21 – SSODL: ephemeran – {3baa1ad8-ee49-4772-bf0b-f55083e0f7aa} – C:\WINDOWS\system32\yuspej.dll
O21 – SSODL: equiparant – {25b7d2fd-4f71-46d1-801a-7de323e4ec82} – C:\WINDOWS\system32\indwvm.dll
O21 – SSODL: excreted – {b0ded443-5e68-4001-a81b-0a0001621ab8} – C:\WINDOWS\system32\pkgvyg.dll
O21 – SSODL: floripondio – {6ad686b9-ab56-4ebc-a804-9f70b55b4577} – C:\WINDOWS\system32\uimcu.dll
O21 – SSODL: frisbee – {abef791f-947e-4cdf-83c3-e72a240afb67} – C:\WINDOWS\system32\ygjun.dll
O21 – SSODL: grassily – {4233ac08-a2c4-4742-a0b4-83719613d62c} – C:\WINDOWS\system32\ilmpjy.dll
O21 – SSODL: grithbreach{07a582e8-bae3-457d-9d29-2048de45a369} – C:\WINDOWS\system32\qvjpt.dll
O21 – SSODL: haefner – {1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad} – C:\WINDOWS\system32\yronl.dll
O21 – SSODL: hemine – {9d6fac42-a7be-4702-87ef-75d8dc14249e} – C:\WINDOWS\system32\tahxqcj.dll
O21 – SSODL: heterandrous – {735e980d-45d2-4777-af82-9923d3c8d3ae} – C:\WINDOWS\system32\kgkdbsk.dll

O21 – SSODL: homina –
{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} – C:\WINDOWS\system32\oyopu.dll
O21 – SSODL: huet – {f38b1b2b-4976-46dd-9fe5-60fde72f0b4d} – C:\WINDOWS\system32\lcsrsrv.dll
O21 – SSODL: inflexive – {0c5a0fff-9164-493b-93e0-17446374e0a0} – C:\WINDOWS\system32\dtjby.dll
O21 – SSODL: infumate – {d7058baa-49a4-40b7-95c2-eec95cdf51f3} – C:\WINDOWS\system32\viuaoq.dll

%System% is your default system directory, which usually is C:\WINDOWS\System for Windows 98 and Windows Me, C:\WINDOWS\System32 for Windows XP, and C:\WINNT\System32 for Windows 2000.

Automatic removal of the SpyLocked / SpywareLocked trojan

Removing the SpyLocked / SpywareLocked trojan along with the same named corrupt spyware remover automatically is easy. Just follow these steps:

1. Download PC Tools STOPzilla or Webroot Spy Sweeper. These programs are the most effective and popular spyware removers available.
2. Install the downloaded program to your system. Read STOPzilla and Spy Sweeper tutorials to learn more.
3. Update the installed anti-spyware.
4. Run full system scan.
5. Remove all the threats the application will find.

Please note that eliminating the parasites automatically might be a paid function, which is not available in the limited free version. Purchasing STOPzilla or Spy Sweeper makes these products fully functional also enabling built-in real-time protection.

Manual removal of the SpyLocked / SpywareLocked trojan

1. Download the SmitFraudFix tool and unpack its files to a chosen folder.

2. Download Pocket KillBox or KillBox utility.

3. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the SpyLocked / SpywareLocked entry. Uninstall the corresponding program.

4. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked\spylocked.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.6\spylocked 3.6.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.7\spylocked 3.7.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.9\spylocked 3.9.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 4.0\spylocked 4.0.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 4.1\spylocked 4.1.exe
O4 – HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\spywarelocked.exe
O4 – HKLM\..\Run: [SpywareLocked 3.3] C:\Program Files\SpywareLocked 3.3\spy-locked.exe
O4 – HKLM\..\Run: [SpywareLocked 3.4] C:\Program Files\SpywareLocked 3.4\spywarelock.exe
O4 – HKLM\..\Run: [SpywareLocked 3.5] C:\Program Files\SpywareLocked 3.5\spywarelocked 3.5.exe
O21 – SSODL: admissibility – {da3b49f6-8c54-4429-a275-21a86dcca413} – C:\WINDOWS\system32\xuoce.dll
O21 – SSODL: auditioned – {44e670f2-d57b-4815-a576-955d17dbbf2d} – C:\WINDOWS\system32\eeuydc.dll
O21 – SSODL: antiforeigner – {ede8bed5-92cf-4482-8f51-a01cd9b3ea37} – C:\WINDOWS\system32\egzcqg.dll
O21 – SSODL: bedstead – {b23dc537-3e13-44c7-bf67-d8405eb377f7} – C:\WINDOWS\system32\rcohty.dll
O21 – SSODL: calocarpum – {0e4e5110-a772-4c4a-a7dc-137fe10abd6e} – C:\WINDOWS\system32\czxtyx.dll
O21 – SSODL: characterizing – {ceca6f2b-247b-4ece-9b7a-d0135c8036fc} – C:\WINDOWS\system32\fyxkaah.dll
O21 – SSODL: chitosan – {b292ec9f-a074-4115-8342-1f459702d8d2} – C:\WINDOWS\system32\onwtj.dll

O21 – SSODL: crowsteps – {e1d3b05d-4dd9-468d-982e-c342f05436e5} – C:\WINDOWS\system32\pkjcoxq.dll

O21 – SSODL: curdler – {bd0fc212-0a36-4232-83cc-2063fb9282e0} – C:\WINDOWS\system32\qzviz.dll
O21 – SSODL: deboner – {fa4fbf53-c766-4622-8011-a87a805eebf0} – C:\WINDOWS\system32\antzozc.dll
O21 – SSODL: depreciable – {716002db-288c-4bf0-80cd-a467e78d8b55} – C:\WINDOWS\system32\dxovx.dll
O21 – SSODL: ephemeran – {3baa1ad8-ee49-4772-bf0b-f55083e0f7aa} – C:\WINDOWS\system32\yuspej.dll
O21 – SSODL: equiparant – {25b7d2fd-4f71-46d1-801a-7de323e4ec82} – C:\WINDOWS\system32\indwvm.dll
O21 – SSODL: excreted – {b0ded443-5e68-4001-a81b-0a0001621ab8} – C:\WINDOWS\system32\pkgvyg.dll
O21 – SSODL: floripondio – {6ad686b9-ab56-4ebc-a804-9f70b55b4577} – C:\WINDOWS\system32\uimcu.dll
O21 – SSODL: frisbee – {abef791f-947e-4cdf-83c3-e72a240afb67} – C:\WINDOWS\system32\ygjun.dll
O21 – SSODL: grassily – {4233ac08-a2c4-4742-a0b4-83719613d62c} – C:\WINDOWS\system32\ilmpjy.dll
O21 – SSODL: grithbreach{07a582e8-bae3-457d-9d29-2048de45a369} – C:\WINDOWS\system32\qvjpt.dll
O21 – SSODL: haefner – {1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad} – C:\WINDOWS\system32\yronl.dll
O21 – SSODL: hemine – {9d6fac42-a7be-4702-87ef-75d8dc14249e} – C:\WINDOWS\system32\tahxqcj.dll
O21 – SSODL: heterandrous – {735e980d-45d2-4777-af82-9923d3c8d3ae} – C:\WINDOWS\system32\kgkdbsk.dll

O21 – SSODL: homina –
{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} – C:\WINDOWS\system32\oyopu.dll
O21 – SSODL: huet – {f38b1b2b-4976-46dd-9fe5-60fde72f0b4d} – C:\WINDOWS\system32\lcsrsrv.dll
O21 – SSODL: inflexive – {0c5a0fff-9164-493b-93e0-17446374e0a0} – C:\WINDOWS\system32\dtjby.dll
O21 – SSODL: infumate – {d7058baa-49a4-40b7-95c2-eec95cdf51f3} – C:\WINDOWS\system32\viuaoq.dll

%System% is your default system directory, which usually is C:\WINDOWS\System for Windows 98 and Windows Me, C:\WINDOWS\System32 for Windows XP, and C:\WINNT\System32 for Windows 2000.

5. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator’s privileges.

6. Once in Safe Mode, run the SmitFraudFix tool by executing the smitfraudfix.cmd file.
The official SmitFraudFix tutorial can be found here.


Alternative SpyLocked / SpywareLocked manual removal instructions

If you cannot download or use the SmitFraudFix tool, please follow alternative manual removal instructions:

1. Download Pocket KillBox or KillBox utility.

2. Press Start > Settings, and open the Control Panel. Launch the Add or Remove Programs tool. In the list of installed software find the SpyLocked / SpywareLocked entry. Uninstall the corresponding program.

3. Download the HijackThis program. Run a system scan, then fix the following entries (if present):
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked\spylocked.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.6\spylocked 3.6.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.7\spylocked 3.7.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 3.9\spylocked 3.9.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 4.0\spylocked 4.0.exe
O4 – HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked 4.1\spylocked 4.1.exe
O4 – HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\spywarelocked.exe
O4 – HKLM\..\Run: [SpywareLocked 3.3] C:\Program Files\SpywareLocked 3.3\spy-locked.exe
O4 – HKLM\..\Run: [SpywareLocked 3.4] C:\Program Files\SpywareLocked 3.4\spywarelock.exe
O4 – HKLM\..\Run: [SpywareLocked 3.5] C:\Program Files\SpywareLocked 3.5\spywarelocked 3.5.exe
O21 – SSODL: admissibility – {da3b49f6-8c54-4429-a275-21a86dcca413} – C:\WINDOWS\system32\xuoce.dll
O21 – SSODL: auditioned – {44e670f2-d57b-4815-a576-955d17dbbf2d} – C:\WINDOWS\system32\eeuydc.dll
O21 – SSODL: antiforeigner – {ede8bed5-92cf-4482-8f51-a01cd9b3ea37} – C:\WINDOWS\system32\egzcqg.dll
O21 – SSODL: bedstead – {b23dc537-3e13-44c7-bf67-d8405eb377f7} – C:\WINDOWS\system32\rcohty.dll
O21 – SSODL: calocarpum – {0e4e5110-a772-4c4a-a7dc-137fe10abd6e} – C:\WINDOWS\system32\czxtyx.dll
O21 – SSODL: characterizing – {ceca6f2b-247b-4ece-9b7a-d0135c8036fc} – C:\WINDOWS\system32\fyxkaah.dll
O21 – SSODL: chitosan – {b292ec9f-a074-4115-8342-1f459702d8d2} – C:\WINDOWS\system32\onwtj.dll

O21 – SSODL: crowsteps – {e1d3b05d-4dd9-468d-982e-c342f05436e5} – C:\WINDOWS\system32\pkjcoxq.dll

O21 – SSODL: curdler – {bd0fc212-0a36-4232-83cc-2063fb9282e0} – C:\WINDOWS\system32\qzviz.dll
O21 – SSODL: deboner – {fa4fbf53-c766-4622-8011-a87a805eebf0} – C:\WINDOWS\system32\antzozc.dll
O21 – SSODL: depreciable – {716002db-288c-4bf0-80cd-a467e78d8b55} – C:\WINDOWS\system32\dxovx.dll
O21 – SSODL: ephemeran – {3baa1ad8-ee49-4772-bf0b-f55083e0f7aa} – C:\WINDOWS\system32\yuspej.dll
O21 – SSODL: equiparant – {25b7d2fd-4f71-46d1-801a-7de323e4ec82} – C:\WINDOWS\system32\indwvm.dll
O21 – SSODL: excreted – {b0ded443-5e68-4001-a81b-0a0001621ab8} – C:\WINDOWS\system32\pkgvyg.dll
O21 – SSODL: floripondio – {6ad686b9-ab56-4ebc-a804-9f70b55b4577} – C:\WINDOWS\system32\uimcu.dll
O21 – SSODL: frisbee – {abef791f-947e-4cdf-83c3-e72a240afb67} – C:\WINDOWS\system32\ygjun.dll
O21 – SSODL: grassily – {4233ac08-a2c4-4742-a0b4-83719613d62c} – C:\WINDOWS\system32\ilmpjy.dll
O21 – SSODL: grithbreach{07a582e8-bae3-457d-9d29-2048de45a369} – C:\WINDOWS\system32\qvjpt.dll
O21 – SSODL: haefner – {1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad} – C:\WINDOWS\system32\yronl.dll
O21 – SSODL: hemine – {9d6fac42-a7be-4702-87ef-75d8dc14249e} – C:\WINDOWS\system32\tahxqcj.dll
O21 – SSODL: heterandrous – {735e980d-45d2-4777-af82-9923d3c8d3ae} – C:\WINDOWS\system32\kgkdbsk.dll

O21 – SSODL: homina –
{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} – C:\WINDOWS\system32\oyopu.dll
O21 – SSODL: huet – {f38b1b2b-4976-46dd-9fe5-60fde72f0b4d} – C:\WINDOWS\system32\lcsrsrv.dll
O21 – SSODL: inflexive – {0c5a0fff-9164-493b-93e0-17446374e0a0} – C:\WINDOWS\system32\dtjby.dll
O21 – SSODL: infumate – {d7058baa-49a4-40b7-95c2-eec95cdf51f3} – C:\WINDOWS\system32\viuaoq.dll

%System% is your default system directory, which usually is C:\WINDOWS\System for Windows 98 and Windows Me, C:\WINDOWS\System32 for Windows XP, and C:\WINNT\System32 for Windows 2000.

4. Now restart your system in Safe Mode. This step is very important!
Please note that you need to have the administrator’s privileges.

5. Once in Safe Mode, use either Pocket KillBox or KillBox to delete all the files from the list above present in your system.

Malicious files in C:\WINDOWS\System32 or C:\WINNT\System32:
antzozc.dll
czxtyx.dll
dtjby.dll
dxovx.dll
eeuydc.dll


egzcqg.dll

fyxkaah.dll
ilmpjy.dll
indwvm.dll

kgkdbsk.dll

lcsrsrv.dll
onwtj.dll
oyopu.dll
pkgvyg.dll
pkjcoxq.dll


qvjpt.dll
qzviz.dll
rcohty.dll
tahxqcj.dll
uimcu.dll
viuaoq.dll

xuoce.dll

ygjun.dll
yronl.dll
yuspej.dll

Malicious files in C:\Program Files\SpyLocked:
spylocked.exe
sd.ini

Malicious files in C:\Program Files\SpyLocked 3.6:
spylocked 3.6.exe
sd.ini

Malicious files in C:\Program Files\SpyLocked 3.7:
spylocked 3.7.exe
sd.ini

Malicious files in C:\Program Files\SpyLocked 3.9:
spylocked 3.9.exe
sd.ini

Malicious files in C:\Program Files\SpyLocked 4.0:
spylocked 4.1.exe
sd.ini

Malicious files in C:\Program Files\SpyLocked 4.1:
spylocked 4.1.exe
sd.ini



Malicious files in C:\Program Files\SpywareLocked:
spywarelocked.exe
sd.ini

Malicious files in C:\Program Files\SpywareLocked 3.3:
spy-locked.exe
sd.ini

Malicious files in C:\Program Files\SpywareLocked 3.4:
spywarelock.exe
sd.ini

Malicious files in C:\Program Files\SpywareLocked 3.5:
spywarelocked 3.5.exe
sd.ini

6. Delete the following directories (if present):
C:\Program Files\SpyLocked

C:\Program Files\SpyLocked 3.6
C:\Program Files\SpyLocked 3.7
C:\Program Files\SpyLocked 3.9
C:\Program Files\SpyLocked 4.0
C:\Program Files\SpyLocked 4.1
C:\Program Files\SpywareLocked
C:\Program Files\SpywareLocked 3.3
C:\Program Files\SpywareLocked 3.4
C:\Program Files\SpywareLocked 3.5


Files
Software
Compare
Like us on Facebook