SpyLocked Removal Instructions
June 28th, 2007 by Brian
SpyLocked Descriptions:
SpyLocked (v. 4.3) also known as SpywareLocked or SpyLocked 3.9 or SpyLocked 4.1 or SpyLocked 4.2 or SpyLocked 4.3, is counterfeit anti-spyware software. SpyLocked usually installed itself onto your PC without your permission, through Trojan, Virus or fake software. SpyLocked will display fake system alerts or fake security alerts to trick user to buy the Paid Version of SpyLocked. 
To avoid putting your computer at risk, it is important to remove SpyLocked or SpywareLocked thoroughly. You can try our recommended SpyHunter* Spyware Detection Utility, which is very easy and straight-forward. You don’t need to know anything about Spylocked. However, if you understand registry and dll files in Windows, we strongly recommend you to try the Spylocked/Spywawrelocked removal instructions that we put together. It’s been proven that it can essentially get rid of SpyLocked or SpywareLocked from your machine.
We will constantly update the instructions to combat against Spylocked and its variants. Please feel free to post comments if you have any questions or suggestions regarding Spylocked. This is a great community and I am sure that you would find the answers. Good luck! (New variant is also known as VirusProtect) (New variant is also known as Trojan.Win32)
Download SpyHunter* Spyware Detection Utility.
Manual Removal Instructions:
Stop SpyLocked Processes:
(Learn how to do this)
spylocked.exe
SpywareLocked.exe
Spy-Locked.exe
SpywareLock.exe
SpywareLocked 3.5.exe
SpyLocked 3.6.exe
SpyLocked 3.7.exe (new)
SpyLocked 3.9.exe (new)
SpyLocked 4.0 exe (new)
SpyLocked 4.1.exe (new)
SpyLocked 4.2.exe (new)
SpyLocked 4.3.exe (new)
Unregister SpyLocked DLL Files:
(Learn how to do this)
xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
isadd.dll
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
ilmpjy.dll
rcohty.dll
egzcqg.dll
xuoce.dll
kgkdbsk.dll
antzozc.dll
uimcu.dll
dtjby.dll
indwvm.dll
viuaoq.dll
eeuydc.dll
pkjcoxq.dll
afkvvy.dll (new)
dooep.dll (new)
pjgerka.dll (new)
rxqcpn.dll (new)
Find and Delete these SpyLocked Files:
(Learn how to do this)
spylocked.exe
xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
isadd.dll
pkgvyg.dll
pmsnrr.exe
pmmnt.exe
isamntr.exe
avD.exe
codecaddon1169[1].exe
SpywareLocked 3.3.lnk
Spy-Locked.exe
qzviz.dll
Ygjun.dll
SpywareLock.exe
SpywareLocked 3.5.exe
SpywareLocked 3.5.lnk
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
SpyLocked 3.6.exe
SpyLocked 3.6.url
SpyLocked 3.6 Website.lnk
dxovx.dll
lcsrsrv.dll
ilmpjy.dll
rcohty.dll
egzcqg.dll
xuoce.dll
SpyLocked 3.7.exe
kgkdbsk.dll
antzozc.dll
SpyLocked 3.9.exe
SpyLocked 3.9.url
SpyLocked 3.9.lnk
uimcu.dll
dtjby.dll
indwvm.dll
viuaoq.dll
eeuydc.dll
pkjcoxq.dll
SpyLocked 4.0.exe
SpyLocked 4.0.url
SpyLocked 4.0.lnk
SpyLocked 4.1.exe
SpyLocked 4.1.url
SpyLocked 4.1.lnk
SpyLocked 4.2.exe
SpyLocked 4.2.url
SpyLocked 4.2.lnk
SpyLocked 4.3.exe (new)
SpyLocked 4.3.url (new)
SpyLocked 4.3.lnk (new)
afkvvy.dll (new)
dooep.dll (new)
pjgerka.dll (new)
rxqcpn.dll (new)
Remove SpyLocked Registry Values:
(Learn how to do this)
43DF1CEE-70B3-4E2D-A740-4AC468786207
6AFB5B8E-ACFD-4489-91B3-DAA1388A31EC
E9817993-83FF-4343-B14E-6CDFB378B21D
815B01A0-BF97-41E9-ACF2-32B76F98A960
5CA1A9F6-10F8-4008-B884-755B25B6848A
F5D23930-23C6-440E-AB55-D019E1171539
50450F27-B90B-422B-A4C9-5EC5A5B78001
2C5B5226-045D-4A46-B4FC-228B0891FEEC
314120E4-5A05-492C-9BF2-22558CF0F202
630CBF61-54CC-4AC3-97B0-D4071345807C
EDE2A2B4-B1CB-4BF8-93D1-154E49284A71
314120E4-5A05-492C-9BF2-22558CF0F202
C5BF4465-5322-462F-B41F-459F649F3996
392D4A36-6ADF-4A99-A820-3014A53E62E3
3BF6C840-4D12-4FB5-88A2-E2BC03461DC2
42F16135-D0A4-43A2-990C-27FCABD9C19F
E4703CF2-7F82-4AD7-B317-8EC1CBC9B619
4D31CCA1-C42B-4796-851F-CA8ED4CD2A7E
Download SpyHunter* Spyware Detection Utility.
(If you find this helpful, please feel free to share it with friends by digg, del.icio.us, Reddit or Google.)
Digg
del.icio.us
Google
Yahoo
Reddit
Furl
NickBC Says
I have tried all likely resolutions and this is by far the easiest and most efficient one. Thank you!
Mar 20th, 2007 at 7:08 pm
Tom Says
how does spylocked relate to spydawn?
Mar 21st, 2007 at 10:04 pm
Brian Says
Tom,
According to Wikipedia, “SpyLocked is known to be associated with such rogue anti-spyware programs as Spydawn and SpySheriff. These programs share similar interface with the mentioned anti-spyware applications and have the same deceptive intentions.”
In short, it’s a new variant which can endanger your computer if you are not careful enough. That’s why we need to be extremely careful while we are surfing. Don’t install any video codec and ActiveX control if you aren’t sure.
Mar 21st, 2007 at 10:14 pm
Kevin Says
I have come to this page after going to pages listing more detailed instructions for deleting ‘all’(approximately 30 which were still in registry after uninstall was executed) related registry keys. All files/processes listed here on this page were already removed, but I STILL have a flashing icon in taskbar that alternates between flashing red “NO” symbol and a blue questionmark, which is STILL linked to the SpyLocked homepage. Has anyone who has tried the solution on this page had a similar problem? Wouldn’t this tend to indicate that the trojan is still on my hard-disk and could repair itself?
Mar 22nd, 2007 at 2:33 pm
Brian Says
Kevin,
Those registry keys might belong to Zlob Trojan that executing the System Alert Popup on the taskbar.
Software\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{634be415-da12-496b-b89e-329b73c4807f}
Software\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Software\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{8329660f-e248-4872-98cc-fb9c4fec7ba8}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ EXPLORER\RUN\C:\WINDOWS\System32\issrch.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{2016a466-91a2-43c6-97d8-2fd380f065ef}
You can click on the following link to get more information on how to remove them:
http://www.xp-vista.com/spyware-removal/zlob-removal-instructions
After you manually delete the regkeys, you might still want to scan your drive with the automatic removal tool (the scanner is free) to ensure that you are free of infected files. Repeat the steps if any offended entries are found. The reason you need to do this because the spyware could recreate itself if zlob.trojan is not completely removed from your machine.
Good luck!
Mar 22nd, 2007 at 2:40 pm
Tim Says
If you get either one of these messages, then you are probably infected with SpyLocked.
“System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution.”
“Warning!
W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to seal passwords and private information from the infected computer.”
Mar 23rd, 2007 at 1:25 pm
Brian Says
You could get SpyLocked by opening an infected message in MySpace or other Social-networking websites. You could also get it from installing fake video/audio codec, fake software or fake software updates.
Mar 24th, 2007 at 2:20 pm
Brian Says
If your homepage was was changed to “asafetyproject . com” or “yourieprotect . com” then you most probably have been infected with SpyLocked, SpyDawn or MalwareWiped. You can easily get rid of them by following the removal instruction at the top of this page.
Mar 24th, 2007 at 2:21 pm
Sunny Says
Yes, I paid for it. I wasn’t smart enough to follow the complicated procedures. Accounting major
But it’s a peace of mind to get rid of this stupid icon. Never download unknown files again 
This is a great lesson!
Mar 24th, 2007 at 6:14 pm
bernad Says
Never download unknown files again, that right. Particularly those applications from unknow vendor.
Mar 25th, 2007 at 8:26 pm
Mike Says
I’ve tried this and several other supposed methods of removing SpyLocked but none of them work. How do I get rid of this trojan?
Mar 25th, 2007 at 9:25 pm
Brian Says
Mike,
The instructions worked for a lot of people. You just need to know what you are doing first. If you let us know what you have tried and what errors you’ve encountered, we can probably give you a better answer.
If non of above work, you can still try the Automatic Removal tool. Of course, it’s at a cost but it will give you peace of mind. From what I learned, Spyhunter support would give you a custom fix remotely if somehow Spylocked or other spywares can’t be removed by the software.
Good luck!
Mar 25th, 2007 at 11:06 pm
Greg Says
Has anyone heard if spylocked or the Zlob trojan can and or will jump of onto an external device, such as an ipod?
And if it can do I just look for those .dlls?
Thanks for any help
Mar 26th, 2007 at 12:24 pm
Brian Says
Greg, not that I know of.
Mar 26th, 2007 at 12:25 pm
haseep Says
yes thank
Mar 26th, 2007 at 12:30 pm
haseep Says
yes it’s good site for fixing error on pc.
Mar 26th, 2007 at 12:37 pm
Mike Says
All of those .DLL files in these instructions apparently don’t exist on my computer. I tried to unregister them and they I received a message stating that they couldn’t be found.
I also tried the smitfraudfix method; going into safe mode etc. That did absolutely nothing.
Mar 26th, 2007 at 2:47 pm
Brian Says
Mike, you need to make sure if your machine was infected by Spylocked. It could be other spywares. I would suggest you to download the removal tool to scan the drive. You don’t have to pay for the scan which will tell you if there’s anything infected files. Hope this helps. Good luck!
Mar 26th, 2007 at 4:35 pm
Mark L Says
Hey,
Yea I was infected, and it took a while to get rid of everything. I did it by using the spy hunter to look up the files, but proceeded to delete them manually. Anyways, thanks for the tips. Good luck
Mar 26th, 2007 at 4:43 pm
Brian Says
Mark, job well done! Glad to hear that
Mar 26th, 2007 at 4:54 pm
c Says
i manually deleted all the files by using spy hunter, but the icon is still on my computer… is there anything else i need to do? restart computer?
Mar 26th, 2007 at 5:04 pm
Brian Says
C, can you elaborate a little bit more? Did you scan the drive with Spyhunter then delete the files/regkeys manually? Or you have the full version of Spyhunter? If you have a full version, you can go to “Help”-> Technical support system, open a support ticket, generate support log and send the support log information. When they receive your support log they can assist you to resolve the issue.
Mar 26th, 2007 at 6:05 pm
MORGAN Says
does this work
Mar 27th, 2007 at 1:15 am
Asad Says
I have an icon still, and tried everything you guys said. i found 2 zlob virussed on the registry and removed them and restarted the computer but it is still there. I run the program again and they were really gone however the bloody icon was still there? GRRRRR!!!!
Mar 27th, 2007 at 5:01 am
Asad Says
Yes, i have came up with a solution!!! You guys could thank me later!! There is a new infector called tahxqcj.dll located in the windows/system32 folder.
Deleting only works with one way(not even the safe mode):
Run CMD and go to the Windows/System32 folder by writing: ‘cd C:/Windows/System32′ and ENTER.
Then go to the task manager and end the process called explorer.exe (your back-screen should disappear). Then go back to the CMD window and type in ‘del tahxqcj.dll’ and ENTER. (The Spyware should be totally gone)
Then go back to the task manager and then file, new task and type in ‘explorer.exe’ and ENTER.
Wallah…All fixed!!!
Mar 27th, 2007 at 5:38 am
Susie Says
Asad - Thank you! It’s gone, finally. The tahxqcj.dll file indicated it was created in 2005 (I think, but not when I got this bug). How is that possible?
Mar 27th, 2007 at 9:10 am
c Says
it said that file could not be found
Mar 27th, 2007 at 12:53 pm
c Says
tried again and yay finally got it off, thank u
Mar 27th, 2007 at 1:05 pm
Paula Says
What is CMD? (Looks like DOS mode to me.) Do I need to manually delete all the files found by spyhunter first, and then follow the instructions to remove tahxqcj.dll? Thanks.
Mar 27th, 2007 at 4:36 pm
Asad Says
There is a new bad file called ‘qvjpt.dll’ located in system32 folder.
Mar 27th, 2007 at 7:15 pm
Sir Nick Says
I agree with Asad - great idea.
Mar 27th, 2007 at 8:09 pm
Gale Says
Please help! I tried Asad’s method but when I run the cmd it starts up like this
C:\Documents and Settings\(user)
What do I do? I can’t press backspace
Thank you
Mar 27th, 2007 at 8:47 pm
Brian Says
Gale, if you are not familiar with command prompt, you can use Windows’ search function to locate the dll then delete them.
Mar 27th, 2007 at 8:52 pm
Gale Says
Do I still have to do end the explorer.exe process though? Thank you
Mar 27th, 2007 at 9:12 pm
Gale Says
Ok I searched it with windows but it says that I cannot delete it. I think its because I didn’t end the process of explorer.exe. When I do end the process the search program disappears…Help, and thank you
Mar 27th, 2007 at 9:17 pm
Tom Says
Hi, I have the same problem as Gale, I think its also because I didn’t end the explorer.exe process. When I do, the search program for windows disappears.. Help please. Thank you!!
Mar 27th, 2007 at 9:19 pm
John Says
Explorer.exe is part of the system. Ending this particular process will cause problems for Windows. If you don’t feel comfortable remove Spylocked manually, the automatic tool is a great option for those who is not familiar with system editting. Yes, it might cost $30, but it also saves you a lot of headaches.
Mar 27th, 2007 at 11:09 pm
Asad Says
NO NO NO NO NO!!!!
You need to close explorer.exe (from task manager)
Closing explorer does no damage what’s so ever. It is just a bloody program!!!
^^^All the folders close as well^^^(including Search) so you need to delete it from command prompt!!!
Apologies for the spelling mistakes i made last time (’/’ should have been ‘\’). Start Command Prompt. You should write this in CMD(DOS): ‘cd C:\Windows\System32′ and ENTER. And then close explorer.exe and go back into CMD and type in ‘del (filename)’ and ENTER. Then go back to task manager, to file, new task and type in ‘explorer.exe’ and ENTER. This should work if you did it right like Susie and c did at the top.
And you guys, this is the free, fastest and easiest way to get rid of this virus.
PS. Gale, you can’t delete or backspace the thing at the start of when you run Command Prompt. Just ignore it. Type what I said and it should take you to the right folder.
Mar 28th, 2007 at 1:14 am
Asad Says
You will likely see that the last two dlls in the list at the top would most likely be the virus because they are the new ones.
Mar 28th, 2007 at 1:20 am
Asad Says
If anyone doesn’t understand how closing explorer.exe makes it so you can delete the virus here is the explanation:
When you close explorer.exe, it stops the functionality of everything that has got to do with viewing your c dive and stuff like that. Here is what i mean:
———————————————–
It closes all folder viewing windows.
Closes the task bar at the bottom.
Therefore it stops all the programs that run on the taskbar, like all the icons. This stops the functionality of the virus and there you can delete it(using CMD otherwise known as DOS) following my steps above.
———————————————–
Mar 28th, 2007 at 1:40 am
Cyrus Says
How do I know if I have removed the program? Thanks in advance
Mar 28th, 2007 at 3:38 pm
Brian Says
Cyrus, the easiest way to do it is to download the removal tool, which will scan your machine for free.
Mar 28th, 2007 at 4:24 pm
Cyrus Says
ok thanx, I disconnected my infected computer from the internet, is that smart
Mar 28th, 2007 at 4:31 pm
Cyrus Says
So I the free scanner catches nothing I am good to go?
Mar 28th, 2007 at 4:42 pm
Asad Says
Cyrus,
What country are you from?
It is just that i did not understand what you said.
PS. Please everyone tell me which countries you live in. I live in Australia.
Mar 28th, 2007 at 7:27 pm
randy Says
asad, you’re a god. it works after everything else failed. a thousand thanks my friend.
Mar 28th, 2007 at 9:11 pm
Keith Says
Asad,
Ditto, worked great!!
Mar 28th, 2007 at 11:24 pm
Asad Says
Thanks a lot. Your Welcome.
PS. You did not say which country you live in?!
Mar 29th, 2007 at 1:33 am
Robert C Says
Thank You ALL for your help!
I was able to manually get rid of SpyLocked
Mar 29th, 2007 at 3:48 am
Tom Says
My computer could not find any of those DLL Files and also could not even find Spylocked.exe under my system processes, however I know that I am infected because I have the annoying flashing icon that links to the Spylocked website and get the annoying pop-up “warning”. Has anyone else experienced this or knows what my problem is?
Mar 29th, 2007 at 4:46 pm
Ken Says
Asad you are a lifesaver. Thanks so much for your help. p.s. i usually hit the “/” instead of the “\” too
Mar 29th, 2007 at 4:48 pm
Asad Says
Kind of you to put that concern Tom,
There are two new bad files:
oyopu.dll
yronl.dll
Mar 29th, 2007 at 6:47 pm
Soodle Says
Thanks for all the help about this Asad.
I’ve managed to get rid of the spylocked icon in the taskbar, but I still get annoying pop-ups while I’m using the internet.
I’ve been through every .dll file listed on this page to try and delete it using the method you described, but cmd says it can’t find any of them on my computer.
Any ideas?
Thanks again.
soodle
Mar 31st, 2007 at 5:06 am
teri Says
Thanks so much for the help…after a day of searching and trying to get rid of that nasty thing it is gone. Such a relief =) You guys/girls are so smart!! =D Thanks so very much.
Apr 1st, 2007 at 3:12 am
Richard Says
Asad,
I have followed your instructions but CANNOT get rid of the Spylocked icon in the taskbar!!
Getting this message
“Could not find C:\WINDOWS\System32\tahxqcj.dll”
Any chance we can speak - I’m in St Kilda, Melbourne.
Apr 1st, 2007 at 4:07 am
prasanna Says
supper
Apr 1st, 2007 at 4:09 am
dave UK. Says
many many thanks Asad,it took a while but i finally nailed the little fxxxer
Apr 1st, 2007 at 6:13 pm
Erythorbic Says
Had a hell of a time getting it to work,Mine was one of the new dll files… Heres a tip that helped me.. Do a search on all files on your computer enter .dll and it will list all the dll’s on your computer then look at them by date.. as long as you know the day you were infected you can pretty much find which one you have from the list with out having to go through them all.
Apr 2nd, 2007 at 11:53 am
Rob Says
I have found the file oyopu.dll in my System32 folder. However, when I do the steps you list out, my CMD promt says “Could Not Find C:\Windows\System32\oyopu.dll” But when I go to the System32 folder in Explorer, it’s there!
Apr 2nd, 2007 at 3:17 pm
Rachel Says
ASAD,I think I love you. I was soo worried that I was going to have to take this damn thing to Best Buy. Thank you so so much.
Apr 2nd, 2007 at 3:33 pm
Richard Says
YEAH BABY - it’s gone!!!!
Rob,
Same thing with me, BUT, tried it AGAIN using CMD prompt method as outlined by Asad, AFTER trying to delete it in explorer - for some reason it worked this time????
Ours is not to reason why….
Apr 3rd, 2007 at 4:31 am
Richard Says
Maybe somthing to do with the 4 beers I drank trying to work it out…..
Apr 3rd, 2007 at 4:32 am
Susan Says
I spent half day trying to remove Spylocked manually then ended up purchasing Spyhunter. It’s a breeze! Now the icon is gone.
Apr 3rd, 2007 at 5:03 pm
jason Says
Thanks Asad
Apr 4th, 2007 at 7:30 am
jason Says
Asad, you saved me a load of time, thanks for your fix.
This is first time i have been infected and I don’t know much about spyware, was the dll file opening explorer and working or was only the pop activated?
Apr 4th, 2007 at 7:43 am
Jeff Says
ASAD,
I need help…
Okay here is what I did….
1) clicked RUN and then typed CMD.
2) I pasted this there…. cd C:\Windows\System32 and then it says Windows cannot find ‘cd’ . Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then Click Search.
—- Or —-
When I clicked RUN and typed CMD. and it popped up it says
C:\Documents and Settings\(user)> and then typed cd C:\Windows\System32
it said ‘_’ is not recognized as an internal or external command, operable program or batch file.
What do I do….??
But when I tried to search them:
spylocked.exe
xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll (new)
yronl.dll (new)
isadd.dll (new)
on the Folder System32, I cannot find them.
Any help plz!
Apr 4th, 2007 at 8:12 pm
Andrew Says
Same here Jeff. Nothing appears to be in the System32 folder. I have followed all directions to a tee and no such luck. Although.. In my Program Files Folder on my C drive, I have a folder named Video Access ActiveX Object that contains the isadd.dll file, as well as a few other suspicious ones.. For example, iesplugin.dll and some .exe files listed as follows..
isamntr
iesuninst
isamini
isunst
pmmnt
pmunst
If someone can take this a step futher, Id really appreciate it. Thanks!!
Apr 5th, 2007 at 3:18 am
jon spear Says
Thank you, Asad!!!
Here is my experience:
I have Spybot, which is a free program. I used it to clean my computer, which mostly worked, except for the icon in the lower right hand corner of the screen. I believe that it couldn’t erase the last file, because the file was in use when explorer was open.
So, I figured that I must use Asad’s method. I first followed Asad’s instructions as best as I could, and tried to delete the bad new files. I got the error message that the file(s) could not be found. So then I typed ‘dir/a/p’ in the cmd window, and eventually found that oyopu.dll was the bad file which I had. I tried deleting it, but it still said that the file couldn’t be found!
So then I typed ‘explorer.exe’, and used the mouse to point and click my way to the C:\WINDOWS\System32 folder. I could see the bad oyopu.dll file in there (an easy way to find the bad file is to use the ‘Details’ option in the drop down menu for ‘View,’ and then arrange by ‘date modified.’ It will likely be one of the newest files).
In that Windows mode, I renamed the bad file as ‘badfile.dll’ Then I went back to the cmd mode and was able to type ‘del.badfile.dll.’
I don’t know why, but changing the bad file name seemed to work. Hope this helps…
Apr 5th, 2007 at 3:50 am
jon spear Says
In the above post, I meant to say that I was able to type
‘del badfile.dll’ Please excuse the typographical error. I apologize in advance for any confusion.
Apr 5th, 2007 at 3:53 am
jon spear Says
In response to Jeff and his problems with using the cmd window:
It looks like you are not familiar with navigating through directories using the old DOS-like commands. Here are some useful hints:
When you first run the ‘cmd’ program, it puts you into a specific directory. In your case, that directory is indicated as
C:\Documents and Settings\(user)
To go up a directory, type ‘cd ..’
If you do that a couple of times, you will get to the root directory, where the prompt says:
C:\
Then type ‘cd windows\system32′ and you should be in the right directory.
Apr 5th, 2007 at 10:39 am
Phil A Says
New file detected for Spylocked 3.3 = qzviz.dll
located in c:\windows\system32 and is stealthed. Not just hidden attrib, but stealth. using regsvr32 to attempt unregister reports it is there, but errors. After that you can clean it manually. SpyHunter with database version 04.04.2007 does NOT detect this.
Registry keys indicated with this variant:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
“{bd0fc212-0a36-4232-83cc-2063fb9282e0}”=”curdler”
[HKEY_CLASSES_ROOT\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@=”C:\WINDOWS\system32\qzviz.dll”
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@=”C:\WINDOWS\system32\qzviz.dll”
Apr 5th, 2007 at 9:26 pm
Melinda Crepin Says
I still have the stupid icon on my taskbar and I can not get it off. I am finding that all of the instructions are confusing. I could really use a step by step to remove it because my spysweep says that there is nothing else on my computer.
Apr 5th, 2007 at 9:36 pm
Thomas (Missouri - USA) Says
It looks like the Spylocked program is changed agout as fast as fixes are identified.
About 24 hours ago, I apparently got hit with it. “SpyBot Search and Destroy” got rid of the files in its current database but that was only about 90% of the bad files.
SpyBot missed tahxqcj.dll and qujpt.dll
It also missed,
iesplugin.dll
which appears to be a parallel problem (this may not be from from Spylocked). It puts icons in IE toolbar that link to www.secureguidance .com which seems to be a rogue site similar to Spylocked with false come ons.
In my case the task toolbar blinking icon must have been from a new file
qzviz.dll
that is not mentioned above. Since it was unlisted above, I renamed it. Then I rebooted the computer and the bliking icon was gone. Since everything else seems to be working properly, I then deleted the renamed file.
Hope this helps some.
The Missouri state motto is “United We Stand - Divided we Fall” Sharing the collective experiences above have sure helped with this problem.
Good luck to all.
Apr 6th, 2007 at 12:11 am
Danny Says
thnks for the help i got rid of the dam icon just trying to get rid off the web site when i log on to the internet. i tell you what they have some nerv puting a virus on your pc then geting you to pay for them to take it off i feel giveing them a good beating
Apr 6th, 2007 at 1:31 am
sean Says
thanks so much guys, i finally managed to get my computer safe and running again
just wanna let you all know that the .dll file that was infecting me was named differently from everyone else’s..so like erythorbic said, its best to search for the .dll file that was modified on the day that your comp got infected and delete that one.
Apr 6th, 2007 at 7:42 am
Guneet Says
i tried using spyware doctor bu still the pop sign keeps on coming1 so now i am going to try the above steps and hope that it gets removed from pc
Apr 6th, 2007 at 1:22 pm
Phil A Says
SEAN -
If you were infected with yet -another- DLL variant, please share with the group so we can all be smarter.
thanks!
Apr 6th, 2007 at 9:31 pm
Jay Says
New file found for SpyLocked pkgvyg.dll
Apr 7th, 2007 at 12:41 am
Jay Says
The methods that finally worked for me: Search for all .dll files, and sort by date. Find the most recently created ones, and use Asad’s method for deleting them!
Thanks Asad!
–I’m from Montana, USA, btw.
Apr 7th, 2007 at 12:48 am
Arne Says
Hi,
I’m pretty bad at computers and all that, but i kind of have a problem. I used to have the spylocked thing on there with the pop-ups. Then i used smitfraudfix (in save mode), and now the pop-ups are done and all that. However, when i scan the computer using Spyhunter, it still has about 90 hits including the zlob.trojan files… Does anyone have an idea what to do?:S
thanks
Apr 7th, 2007 at 9:51 am
Arne Says
I think i’ve fixed it now… I used the spyhunter scan to find all the infected objects and manually deleted all of them using the register editor and simply by searching “my computer”… Upto now i don’t think i’ve wrecked the system for it seems to be working properly. Thanks people,
Arne
Apr 7th, 2007 at 11:00 am
Victor Says
I just found qzviz.dll I tried deleting it through command prompt which didnt work then I tried renaming it and deleting it with command prompt still no luck, can anyone here help me, also what is this, it was typed earlier and when i used spyhunter it looked familiar:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
“{bd0fc212-0a36-4232-83cc-2063fb9282e0}”=”curdler”
[HKEY_CLASSES_ROOT\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@=”C:\WINDOWS\system32\qzviz.dll”
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@=”C:\WINDOWS\system32\qzviz.dll”
I’ve seen the HKEY on spyhunter but i can’t delete it without purchasing it and i know my parents are gonna get mad if they have to purchase something, help and thanks ahead of time
Apr 7th, 2007 at 12:55 pm
M Says
I ran the SpyNoMore software to locate the infected files, went through and manually deleted all of them, but then when I had to delete the actual Trojan, it was not letting me delete it, so I followed Asad’s instructions and was able to delete it through DOS commands. Now the icon is gone and all scans suggest it’s truly gone!
Apr 8th, 2007 at 8:06 pm
Rick Says
Thanks for all of your help
Beaumont Texas
Apr 9th, 2007 at 1:47 am
Sylvia Says
Man, I need serious help here!
Erm how am I suppose to know which file to delete when I can’t find any of the mention ones above.
Anyone??
Apr 9th, 2007 at 9:02 am
Ryan Says
I used Spyware Doctor and scanned my system. Everything was found except for the flashing icon in the tray @ the bottom right. I looked for all the listed .dll files and finally found “qzviz.dll” it had a modified date of April 7, 2007 which is when I was infected. Deleted it all clear.
I want to thank everyone for there expertise. For those of you still struggling, be patient and realize that you are not intended to fix this easily. All the information you need to fix the problem is listed on this site.
Ryan from Canada
Apr 9th, 2007 at 12:55 pm
Ryan Says
Viktor,
click start and hit search the *.dll files and look for the listed .dll files from above. you will find them in c:\windows\system32. once you find one rename it. if it is the correct one the icon will change immediately however until you reboot it will still be there. Restart and if it doesn’t show up go and delete the file that you renamed.
Apr 9th, 2007 at 1:04 pm
Kaylyn Says
Ryan, you my friend are a genius…THANK YOU! THANK YOU! THANK YOU! The flashing icon is gone, no pop-ups come up and i didn’t have to pay a red cent! thanks
However, everything seems great but how do i know for sure its gone, i mean my scanner didn’t pick it up in the first place?
Apr 9th, 2007 at 7:19 pm
Brian Says
New DLL for Spylocked removal instructions: pkgvyg.dll
Apr 10th, 2007 at 10:04 am
David Says
I have Windows ME how do i get rid of spylocked?
Apr 10th, 2007 at 3:03 pm
Kaylyn the Shizznit Says
Btw, everyone pay attention to what Ryan says. I followed his instructions and was able to completely eliminate Spylocked from my computer. That little SOB is gone!!!
Apr 10th, 2007 at 3:28 pm
Cole Says
I recently got it, not sure how, but it is there. I am trying to get rid of it. Any suggestions that don’t involve buying anything?
Apr 10th, 2007 at 10:38 pm
Cole Says
Btw, I think Spy-Sub.exe is another process one. The name looked a tad suspicious.
Apr 10th, 2007 at 10:39 pm
Cole Says
I found a new unregister SpyLocked DLL file - qzviz.dll
It won’t let me remove it. It says it is in System32 folder and says accessed denied when I try and delete it. Don’t really understand why the access is denied because I am an admin (only account on this computer) so I am guessing SpyLocked protects itself like that.
Apr 11th, 2007 at 12:21 am
entalvis Says
easiest way i found to manually remove:
use the “free” tool to scan, then manually remove the registry keys found and then RENAME the .dll file using windows explorer.(you cannot delete the file using windows explorer because it is in use. also, this will find whatever .dll file your version of the trojan decided to use) reboot and it will not load and you can then delete the previously renamed .dll file.
if you are afraid or really unsure about how to remove registry keys then pay for the software, as you can easily render you computer useless and end up reloading windows by playing in the registry.
also, i ran the tool while runnig in safe mode, i also ran spybot and adware to make sure i had no other spyware/adware infecting the system as well and also an antivirus program. i manually updated all of these using a flash drive.
Apr 11th, 2007 at 12:32 am
Toxic Avenger Says
I’d like to ask the obvious question which no one has asked yet:
How do we get back at these @#% Spylocked @#%s for trashing our computers and wasting hours (in some cases, days) of our workdays?!!
I’ve started spamming their “contact us” form with all sorts of nasty comments carefully designed to ruin the day of anyone who reads them, or at the very least annoy them so bad they won’t have time to cause more internet mayhem. A friend of mine has suggested an auto-spammer to plug up their email (their “contact us” form doesn’t have a bot blocker).
These are all just cheap jabs, I admit. But I can’t exactly plan a drive-by shooting. From what I understand, they are located in Latvia.
So anyway, is anyone taking action against these @#$s?
Yours angrily,
The Toxic Avenger
Apr 11th, 2007 at 12:00 pm
B Says
Ok, well i now have this spylocked thing on my computer and its buggin me. So i downloaded the spyhunter and did the scan, so how do i get rid of spylocked with out buying spyhunter?
Apr 12th, 2007 at 5:35 am
Brian Says
B,
The step-by-step removal instruction show how to remove Spylocked manually. This is always something you should try if you are good with the computer. And it costs you nothing.
However, if you aren’t sure what you are doing or don’t know much about computer, you can go for the safe route and pay for the removal software. It’s safe and easy but also costs you $30 to end your headache. Oh, don’t forget to ask your IT friends if you know anybody. “A friend in need is a friend indeed.”
Hope this helps. Good luck!
Apr 12th, 2007 at 5:03 pm
Jenny Says
hey guys.. Im at my wits end with this thing.. it infected my old compaq armada 7770dmt and now it wont even let me online
Im seriously about to cry I tried looking for the .dll files but cant find any of them on there!! I know that the program is still on there because of the fact that the flashing icon keeps showing up I have no idea what else to do.. 
Apr 12th, 2007 at 10:09 pm
Brian Says
Jenny,
There’s no need to cry.
Since you can’t get online with the Compaq, you can print out the SpyLocked removal instructions and follow it step-by-step. It’s fairly easy. Otherwise, you try the removal tool but it also costs you $30. Just download it from a working computer and then put it on a USB drive. As always, you can reload the whole system as a last resort.
Good luck!
Apr 12th, 2007 at 10:11 pm
AL Says
i can’t remove after using Asad’s method and the smitfraudfix.exe method… what to do?
Apr 12th, 2007 at 11:17 pm
Matt Says
Found another dll to look for. Was infected yesterday and its Ygjun.dll. Thanks Ryan for the tip. I had everything cleaned out but that. As soon as you rename it, it changes the icon in the taskbar, and vanishes upon bootup.
Apr 13th, 2007 at 1:04 am
Christian Says
Thank you for the instructions…ii actually fell for it…looking for serial #’s and such..asking my friends and yeaa…Until i looked at wikipedia[my daily source of everything] and learned its a rogue software…then ii saw these links..and its great..thank you.. =]..and i will NEVER download any weird stuff anymore..thx
Apr 13th, 2007 at 11:35 pm
ken Says
i can’t download the tool? a blank page just opens up.
anyway. i dont see the icon at the toolbar anymore, however, spydoctor still shows me the spyware linked to spylocked. what should i do?
Apr 14th, 2007 at 10:47 pm
Brian Says
Ken, thanks for pointing it out. It’s been corrected.
Apr 14th, 2007 at 11:13 pm
RC Says
Thanks to Asad for his instructions and Matt also… I had the Ygjun.dll and I got it on the 13th. Learned a lesson. But I am still not too sure that my computer is clean, and the SpyHunter Links seem to be dead. I haven’t found another Anti-spyware program that was able to detect so many spylocked files. Any suggestions? and should I change my passwords now?
Apr 14th, 2007 at 11:13 pm
Dianne Says
I have been trying to get rid of that D#$% icon since 4/13 also. Now 4/15, I want to say thank you for all your suggestions on removing spylocked. I am going to do it now!
I am all for shutting them down… count me in! We need to show them how it feels to get an adware like theirs, have them have to remove it… days later. Then they want to get paid to remove it.. yeah right! When H#$@ freezes over. Thank you!
Apr 15th, 2007 at 8:59 am
Dianne Says
oh, I live in California, USA
Thanks!
Apr 15th, 2007 at 9:05 am
Miljan Says
yeah..thanks u all.my computer got infected with spylocked and some zlob troyans..what i did is next: first i used cracked version of spyware doctor and i scanned my comp.found about 81 bad files..cleaned them all but anyway i had a flashing icon in taskbar..than i used spyhubter(couldnot find a crack)so after it found 55 zlob troyans all in registery files,i had to remove them manually.after that i restarted my computer and it was ok:) mcafee ad-aware spyhunter didnot find anything..oooh yeah i got infected by downloading some kind of active x control:( without signature of course..soo be carefull..big thanks to Asad and Jon from Bosnia
Apr 15th, 2007 at 11:19 am
Mickey Says
good lord what a mess, I got this bug on the 13th, realized it immediatly and am finally rid of it ( I think) I used spyhunter and onecare.live .com to get rid of the basic mess, but that wretched Icon and warning still plagued me. Sure enough it was the ygjun.dll file. Got rid of it according to Ryans instructions and voila good riddance. My question is if there is anything else to look for. I see no .exe or.dll files related to spylocked, I am assuming that the registry files were taken care of by either onecarelive or spyhunter, and I have not seen any known processes running. Thanks RYAN and everyone else.
BTW I have had real good results with onecare.live. com… any one else have any comments on it??
Apr 15th, 2007 at 1:21 pm
RC Says
I got the .dll files off my computer, but SpyHunter says that I still have several Zlob registry files. How do I get rid of those? I searched the regedit program for all of the above registries.
Thank you all
Apr 15th, 2007 at 1:27 pm
ally s Says
clean and fresh… that is how my computer must be feeling. removed the spylock manually…. so thanks a lot to Brian, Assad and Ryan
by the way, I got the latest Ygjun.dll version and am from Mauritius
great work people… keep it up!
Apr 15th, 2007 at 5:52 pm
Sina Says
This is such a mess. Got it on the 15th, and still trying to get rid of it. I have basically tried everything here, and still the icon is there. All the files are gone, the .dll’s are gone, and the registery has been cleaned. BUT THE GODDAMNED ICON IS STILL BLINKING X(
Ok first of all, as you all have noticed, the scanners out there are worht. And secondly, I cannot download the file offered on this website. HELP.
Apr 17th, 2007 at 2:06 am
Sina Says
Ok found the .dll file to be ygjun.dll, and it was created on 2003!!!!???? I got my computer a month ago for goodness sake!!!
Apr 17th, 2007 at 2:09 am
Feffe Says
Allright, I’m still having some issues with this wretched virus.
I downloaded spyhunter, removed everything manually.
I got rid of one of the flashing icons. However, I had two!
This second icon isn’t flashing all the time. It shows up every now and then, flashes for a few minutes and then it’s gone. I have no idea how I’m supposed to find it, I searched for “.dll” and sorted by date but no .dlls in system32 were from the day I got the virus.
Oh, and just to add to the clarification: the first icon was caused by Ygjun.dll. Something tells me that there’s a new .dll now though.
Thanks to everyone so far and I hope someone can help me get rid of this completely.
Apr 17th, 2007 at 2:08 pm
Pablo Says
I got this problem on a Monday (yesterday). I did some basic things to try to remove it but I haven’t been able to remove it completely. SpyHunter is the first program to actually find all the registry values and files. Anyway, since I’ve had this, my laptop has been running incrediablly slow! My natural assumption is to assume that it is related to this problem. Is this correct? and will removing it fix it?
Apr 17th, 2007 at 5:46 pm
Tim Says
Feffe, try to see if you can find qch29sr.dll
It might be a new Spylocked dll.
Apr 17th, 2007 at 8:13 pm
Ron Says
Got the bastard!!! ygjun.dll was the culprit on mine. Was constantly running in memory and the normal removal programs wouldn’t delete it. Simply went to DOS and killed it from there. Thanks for all the help!
Apr 17th, 2007 at 11:07 pm
Ken Says
I don’t have any of the files and registry entries speicifed in the whole forum while I do have the flashing icon on my task bar.
ANY HELP?
Apr 18th, 2007 at 8:46 am
katy Says
i have tried unregistering all the .dll files listed and it says none of them exist on my computer…im possitive im infected with spylocked…help pls!!
Apr 18th, 2007 at 9:21 am
Ron Says
Hey Ken,
Try doing a search for *.dll and *.exe files. Sort them by last modified, and see if a file’s modified time matches the times when the virus started, particularly if it matches one of the files listed above.
I had the same problem where everything was clean except for that icon, which was always running in memory. Had to open the cmd prompt and end the explorer process before I could delete it with the dos command!
Worked
Apr 18th, 2007 at 9:30 am
Eric Says
can anyone confirm czxtyx.dll ?
Apr 18th, 2007 at 9:32 am
Eric Says
i think this is bad. this is what filemon showed on czxtyx.dll. i had renamed czxtyx.dll to czxtyx_bad.dll and this is what filemon showed when the “icon” tried to run i think:
22698 9:37:41 AM explorer.exe:2552 QUERY INFORMATION C:\WINDOWS\system32\czxtyx.dll NOT FOUND Attributes: Error
22699 9:37:41 AM explorer.exe:2552 QUERY INFORMATION C:\WINDOWS\system32\czxtyx.dll NOT FOUND Attributes: Error
Apr 18th, 2007 at 9:41 am
Feffe Says
None of the suggested .dlls have been found. I have no idea how to get rid of this thing… the icon in systray is a red triangle with a white “!” on it. Maybe it’s a different virus? any ideas?
Apr 18th, 2007 at 1:26 pm
Brian Says
Hey Eric, i’ve been fighting with this spylocked for the last few days here and got it down to the blinking icon in the taskbar left. Your czxtyx.dll is your culprit. change its name and kill it to fix your problem. good luck
FYI: For anyone else if it helps. the culprit dll that it was for me was 8 KB. hopefully that narrows your searches and choices.
Apr 18th, 2007 at 3:20 pm
hale Says
I tried to REGEDIT at RUN, but during type in this REGEDIT, computer becomes blinded and rebooted. Computer doesn’t give me time to type in manually nor of automatic download. Please help.
Apr 19th, 2007 at 11:33 am
Tom Says
Thanks, this was very helpful. Now my system is back to normal, except that aprotectservice.com is my homepage in internet explorer, even when i reset my homepage. How can i correct this please?
Apr 20th, 2007 at 2:09 pm
Nick Says
Hi,
I just got done being raped by spylock and thanks to the few responses on this forum I think Im safe. I dont know much about computers but here is what I did.
1)I first made sure the spyware program was deleted THEN all that was left was that damn blinking icon by my clock.
2)I did just what Eric and Brian said and that was do a search for *.dll
3)When the search is over I sorted the list by date and sure enough I found that file they mentioned: czxtyx.dll
4)I right clicked on the file and said rename and renamed it to czxtyx_f_off.dll and hit enter to save. At this point the icon stopped blinking BUT was still there.
5)I dragged the file onto my desktop BUT it wouldnt let me delete it. THEN I restarted my computer and when it was back in windows the icon was gone and I just deleted the file off my desktop.
6)FINAL note, Im no expert here but I wouldnt be surprised if the file name czxtyx.dll is changed to something else in a day or so by the hackers, so just be on the lookout for that and DONT go messing with files until you get a confirmation by others regarding the new file name to look for.
A final word I have to add:
Microsoft can burn in hell, they were no help
McAfee can burn in hell, they are even less help
Spyware fags can burn in hell
LAST, BUT …………………………………………
Thanks however to Eric and Brian, they solved the problem with the least trouble and as far as I can tell Im safe. That being said, after this disaster I know I cant trust anything, not even so called virus protection like McAfee.
Apr 21st, 2007 at 4:11 am
Ian Says
I had the same problem as everyone above. None of the files listed were in my system32 folder, but I still had the flashing icon and the pop ups. I finally found the one bad file searching the dll files. Mine was czxtyx.dll. I renamed it and deleted it. No problems since. Pop ups gone.
Ian
Georgia, USA
Apr 21st, 2007 at 6:54 am
rhow4 Says
Hi!
Another dll for spylocked…”rcohty.dll”; just renamed it and delete.
also guys thanks for the help.
FYI!
Apr 23rd, 2007 at 7:23 am
tita Says
Hey I got this virus today, gladly got rid of it manually. The file name was ilmpjy.dll.
Tita,
Brazil
Apr 23rd, 2007 at 8:27 am
zeena Says
Hey,
Got the virus two days back, got rid of it today, thanks to tita’s post. The name of the file is ilmpjy.dll
Apr 24th, 2007 at 6:03 pm
Same Story Says
hi zeena
got ilmpjy.dll today and successfuly delete it.
just out of curiosity, since we cant rely on the filename (it seems like an auto generate character) and date (different with every infection), maybe we can recognize it through the size?
btw, mine was 8 KB (8,192 bytes)
Apr 25th, 2007 at 12:22 am
vikki Says
Hi ,
I followed the removal tips and deleted it, the icon has gone.How do i know i am safe to shop online again for sure!
Apr 25th, 2007 at 12:25 pm
Ian Hector Says
The evil little bugger in my computer was also ilmpjy.dll.
Spent the money on the automatic removal tool which deleted everything except the flashing icon! I would definatly advise the free scan …..
Cheers Asad, brilliant method!
Aberdeen, Scotland.
Apr 26th, 2007 at 6:53 am
Matt Says
Hey! I’m knew to the thread, but wanted to thank everyone for all the helpful info. Also wanted to share my experience so it can help everyone else who happens along too.
At first I tried to play it safe and downloaded an automatic removal program. Tried Spyware Doctor first. It found and deleted over 100 infections. Then I tried Spyware Hunter second. It found and deleted another 50 or so. Still the flashing icon wouldn’t leave!!! So was it waste of $60? Yes and no. It saved time not having to delete 150 infections myself; I played it safe and didn’t screw up my computer more, and now I have two (seemingly) decent programs to protect my computer from here on out.
Then I found this discussion and tried look up all the new dll’s manually. I couldn’t find ANY of them on my comuter!!! Frustration abounded!
I ended up taking the advice of a few people here and sorted the system32 folder by date. Luckily I knew EXACTLY when I was infected and found two files that matched down to the minute. Both were called “tmp.” One was a text file, the other a registration entry. I deleted them and rebooted my computer and now the flashing icon is gone!!!
Hope that helps anyone who’s struggling with the stupid infection as much as I did!
Matt
Apr 26th, 2007 at 1:51 pm
Nate Says
THANK YOU ASAD!!!! You rule!!!! I’ve been trying to get that out of my computer for 2 days with no luck until I tried your method. Just a heads up, the ‘bad file’ in my system was ‘ilmpjy.dll’ I renamed it ‘bad file’ and like the other guy said, it changed the icon immediately, so I knew it was it. I don’t know if it changed the date or what, but I infected my computer yesterday, the 25th, but the file was dated April 23rd, so look into a few days before you got infected in your .dll files if you can’t find it on the day you were infected. P.S.-these people should be banned from using the internet and their company shut down. Oh yea, and here is the domain info for them if anybody can do anything with it:
Registration Service Provided By: ERDOMAIN.COM
Contact: 49.1797458539
Website: erdomain.com
Domain Name: SPYLOCKED.COM
Registrant:
Privacyprotect.org
Domain Admin (contact@privacyprotect.org)
PO Box 83-000
Johnsonville
Wellington
null,6440
NZ
Tel. 45.36946676
Creation Date: 19-Feb-2007
Expiration Date: 19-Feb-2008
Domain servers in listed order:
ns1.wildgadgets.biz
ns2.wildgadgets.biz
ns3.wildgadgets.biz
Administrative Contact:
Privacyprotect.org
Domain Admin (contact@privacyprotect.org)
PO Box 83-000
Johnsonville
Wellington
null,6440
NZ
Tel. 45.36946676
Technical Contact:
Privacyprotect.org
Domain Admin (contact@privacyprotect.org)
PO Box 83-000
Johnsonville
Wellington
null,6440
NZ
Tel. 45.36946676
Billing Contact:
Privacyprotect.org
Domain Admin (contact@privacyprotect.org)
PO Box 83-000
Johnsonville
Wellington
null,6440
NZ
Tel. 45.36946676
Status:ACTIVE
Apr 26th, 2007 at 2:23 pm
Spiros (gr) Says
Dear fellows,
your observations was invaluable and I want to thank you all.
Now take into account my contribution on the method that it is being used to infect our systems:
a)Opening a malicious webpage, a program is executed in our system.
b)This program drops a malicious dll file in %windir%\system32 directory.
c)Gives the following attributes to this file: s,h,r.
d)Then it creates two entries in the registry:
One for the class of the malicious object and a second one, which is the command that loads the malicious object during OS startup. The registry key, that uses for the second entry is: .
In this key it adds a new parameter named by the class name of the malicious object and having as value a random name - so from this point, working reversely, you can find the name of the class and then the name of the dll.
As an IT consultant I have never dealt with this key, but it is at least as old as windows98.
Best regards to all!
Apr 27th, 2007 at 3:09 am
Tim Says
If you still have the system alert popup try to see if you have bpvol.dll or splug.dll, if you do have it try to remove them, hope it solve your problem.
Apr 27th, 2007 at 10:41 am
Jennifer Says
I had the same problem with the blinking icon on my taskbar and found the file ilmpjy.dll searching through the .dll files, renamed it and the icon automatically changed to a blinking cloud with the ?, so I looked for other dll files installed on the day I was infected renamed them and deleted them because the first one could not be deleted then rebooted and the icon is gone. I don’t know if I’m completely free of this virus but I hven’t had no more problems ever since Thanks to this forum and its participants.
Apr 28th, 2007 at 5:51 pm
David (UK) Says
The dreaded blinking icon
I had it too, but reading through something like 150 of your comments, sggested fixes I was getting confused and very frustrated that I couldn’t find anyof dlls mentioned
So I cheated. I used Symantec’s premium service and for €47 a little man called Simil cleaned my machine by remote control from 5000 miles away
Thank-you Mr Norton
Apr 28th, 2007 at 9:51 pm
Melody Says
It took me almost 3 hrs to remove this, and now it’s back to normal! Thanks guys!
Apr 28th, 2007 at 10:00 pm
kel Says
after a few days i finally got rid of EVERYTHING.
i even went out and bought a new anti virus thinking at would get rid of it.
i ended up having the newer .dll
thanks for all the help people!
Apr 29th, 2007 at 3:18 am
David (UK) Says
A History
I got infected by thinking I was downloading a video codec. Wrong ! The spyware was tagged to it
The first thing I saw was the 2 icons, the yellow & the bloody blinking one
Searhing the files, I found a program folder called Video AX Object. Tried to delete, access denied !
Having Norton Internet Security 2007 on board, ran a full systems scan, which found it, and with a lot of internet traffic from Symantec, most was removed, but not
the f**king blinking one
Next I came to this page, I am no slouch, I cut my teeth on Machine Code & DOS but finding these dll’s, no way !
I tried most of the suggeted fixes, but couldn’t find any
of the dll’s described by Microsoft, Assad & others
By now it is the “Wee Small Hours” and getting desperate
So, I got on to Symantec help line, a “chat room” (free)
and a lady there made a few simple suggestions to try,
which didn’t cure the problem, but it was like a medical
“triage”, she made me offer of handing me over to a specialist on their “premium service” for a fixed rate of
€47, so I filled in the credit card details
I was handed over to a guy named Simil, (Indian?) but he
was HOT; after a few extra questions, he asked for permission to take full remote control
For those who have never experienced remote control, it is weired; somebody, thousands of miles away, moving your cursor, clicking on files & folders, calling helper
programs so fast I didn’t always follow what he was doing
The end result was that he completely cleaned my machine
os all the “Spylocked” crap, but found a “legacy” of some
previous spyware I didn’t know I had
If all else fails, try them
Apr 29th, 2007 at 6:49 pm
Joe Says
Ok - So I’ve searched for ALL the .dll files listed above and even did the .dll “By Date” search and didn’t find anything related. The only .dll files that were added today (my infection date) were the ones for Symantec/Norton (which I purchased for this very reason…) I, too, still have that blinking icon with the pop-up warning. Did I miss something? HELP!! Thank you!
Apr 30th, 2007 at 8:24 pm
Tim Says
Here is another new dll from spylocked dxovx.dll, hope this will help.
May 1st, 2007 at 12:26 am
Joe Says
Thank you Tim for that! I found it… strange enough, however, the date created/updated showed as being the day BEFORE I actually loaded the virus… so for some of you out there still struggling, please look for something possibly the day before…
Thank you Asad for you ingenious method to getting rid of that dratted blinking icon!
“This house is clean.”
Joe M.
May 1st, 2007 at 2:32 pm
JJ Says
would doing a system restore to the day before I got it and then deleting it from program files solve the problem? or vis versa?
May 1st, 2007 at 5:10 pm
Tony Says
New SpyLocked DLL:
bngwxqaw.dll
pmnlmlm.dll
May 1st, 2007 at 7:56 pm
mia Says
I agree with what Joe said. The .dll filename was created a day before my PC got infected… I found the dxovx.dll filename. I had to rename it before I followed Asad’s steps.
thanks a lot.
May 2nd, 2007 at 12:25 am