SpyLocked, or also known as SpywareLocked is a malicious rogue, which has a whole bag of tricks which serve its malevolent plan – to mislead you into purchasing the fake full version of SpyLocked.
Figure 1. Spylocked screenshot
Phony anti-virus programs, which resemble the real products in layout, and try to sell their phony full versions at a solid price, are called rogues. New rogues appear every day, and it becomes very difficult for the average user to differentiate between the legitimate applications and the fake ones, because they are very similar at first sight. Rogues always have some clever name – like SpyLocked or System Check, and seemingly feasible interface.
SpyLocked is distributed via malicious Trojans, which come disguised as video or audio codecs that you are prompted to download and install in order to gain access to a given video or audio file. If you are misled into downloading the codec, the Trojans immediately get settled into the system and download SpyLocked.
After its installation, SpyLocked performs a series of tricks which aim at scaring you into believing that there are various malware pieces in your PC. This is a lie via which the rogue aims at making you pay for its full version.
To start with – fake scans. SpyLocked starts scans of your system every time and again, without asking for your authorization. After each scan, it displays a counterfeit list of infections. The only real virus in this list is the very Trojan which has downloaded it. All the rest of the viruses are made up to frighten you. The rogue counts on the possibility that your fear may push you into buying SpyLocked’s full version, which is advertised after each scan as capable of removing all the viruses found by SpyLocked’s trial version. The truth is that there is no trial or full version of this product. It is all one and the same scam, which has been created by hackers in an attempt to gain profit by unsuspecting victims.
Fake security alerts are another deception-weapon used by SpyLocked. It makes them pop up extremely frequently. The bogus warnings are created to look very scary. Most of them claim that there are too many viruses in the PC, others state that there are attempts of identity theft and some even try to convince the user that a remote attacker (hacker) has managed to gain access to the computer. Below, you can see one of the less scary examples of SpyLocked notifications:
System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution.
The alerts may look legitimate, and they come from Windows taskbar, but this does not mean the information, included in them, is accurate. Apart from being irritating, the counterfeit scans and warnings also slow down the computer’s performance palpably and hinder your work on the PC.
To put it in a nutshell, if SpyLocked manages to find a way inside your system, the best way to treat it is to remove it immediately with the help of a legitimate anti-virus program.
We will constantly update the instructions to combat against Spylocked and its variants. Please feel free to post comments if you have any questions or suggestions regarding Spylocked. This is a great community and I am sure that you would find the answers. Good luck! (New variant is also known as VirusProtect) (New variant is also known as Trojan.Win32)
Although this virus was seen 4 years ago, researchers found that newly discovered malware strains have the same fingerprint as the old SpyLocked rogue.
Manual Removal Instructions:
Stop SpyLocked Processes:
(Learn how to do this)
spylocked.exe
SpywareLocked.exe
Spy-Locked.exe
SpywareLock.exe
SpywareLocked 3.5.exe
SpyLocked 3.6.exe
SpyLocked 3.7.exe (new)
SpyLocked 3.9.exe (new)
SpyLocked 4.0 exe (new)
SpyLocked 4.1.exe (new)
SpyLocked 4.2.exe (new)
SpyLocked 4.3.exe (new)
Unregister SpyLocked DLL Files:
(Learn how to do this)
xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
isadd.dll
pkgvyg.dll
qzviz.dll
Ygjun.dll
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
dxovx.dll
lcsrsrv.dll
ilmpjy.dll
rcohty.dll
egzcqg.dll
xuoce.dll
kgkdbsk.dll
antzozc.dll
uimcu.dll
dtjby.dll
indwvm.dll
viuaoq.dll
eeuydc.dll
pkjcoxq.dll
afkvvy.dll (new)
dooep.dll (new)
pjgerka.dll (new)
rxqcpn.dll (new)
Find and Delete these SpyLocked Files:
(Learn how to do this)
spylocked.exe
xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
isadd.dll
pkgvyg.dll
pmsnrr.exe
pmmnt.exe
isamntr.exe
avD.exe
codecaddon1169[1].exe
SpywareLocked 3.3.lnk
Spy-Locked.exe
qzviz.dll
Ygjun.dll
SpywareLock.exe
SpywareLocked 3.5.exe
SpywareLocked 3.5.lnk
yuspej.dll
czxtyx.dll
bpvol.dll
splug.dll
SpyLocked 3.6.exe
SpyLocked 3.6.url
SpyLocked 3.6 Website.lnk
dxovx.dll
lcsrsrv.dll
ilmpjy.dll
rcohty.dll
egzcqg.dll
xuoce.dll
SpyLocked 3.7.exe
kgkdbsk.dll
antzozc.dll
SpyLocked 3.9.exe
SpyLocked 3.9.url
SpyLocked 3.9.lnk
uimcu.dll
dtjby.dll
indwvm.dll
viuaoq.dll
eeuydc.dll
pkjcoxq.dll
SpyLocked 4.0.exe
SpyLocked 4.0.url
SpyLocked 4.0.lnk
SpyLocked 4.1.exe
SpyLocked 4.1.url
SpyLocked 4.1.lnk
SpyLocked 4.2.exe
SpyLocked 4.2.url
SpyLocked 4.2.lnk
SpyLocked 4.3.exe (new)
SpyLocked 4.3.url (new)
SpyLocked 4.3.lnk (new)
afkvvy.dll (new)
dooep.dll (new)
pjgerka.dll (new)
rxqcpn.dll (new)
Remove SpyLocked Registry Values:
(Learn how to do this)
43DF1CEE-70B3-4E2D-A740-4AC468786207
6AFB5B8E-ACFD-4489-91B3-DAA1388A31EC
E9817993-83FF-4343-B14E-6CDFB378B21D
815B01A0-BF97-41E9-ACF2-32B76F98A960
5CA1A9F6-10F8-4008-B884-755B25B6848A
F5D23930-23C6-440E-AB55-D019E1171539
50450F27-B90B-422B-A4C9-5EC5A5B78001
2C5B5226-045D-4A46-B4FC-228B0891FEEC
314120E4-5A05-492C-9BF2-22558CF0F202
630CBF61-54CC-4AC3-97B0-D4071345807C
EDE2A2B4-B1CB-4BF8-93D1-154E49284A71
314120E4-5A05-492C-9BF2-22558CF0F202
C5BF4465-5322-462F-B41F-459F649F3996
392D4A36-6ADF-4A99-A820-3014A53E62E3
3BF6C840-4D12-4FB5-88A2-E2BC03461DC2
42F16135-D0A4-43A2-990C-27FCABD9C19F
E4703CF2-7F82-4AD7-B317-8EC1CBC9B619
4D31CCA1-C42B-4796-851F-CA8ED4CD2A7E
(If you find this helpful, please feel free to share it with friends by digg, del.icio.us, Reddit or Google.)
I have tried all likely resolutions and this is by far the easiest and most efficient one. Thank you!
how does spylocked relate to spydawn?
Tom,
According to Wikipedia, “SpyLocked is known to be associated with such rogue anti-spyware programs as Spydawn and SpySheriff. These programs share similar interface with the mentioned anti-spyware applications and have the same deceptive intentions.”
In short, it’s a new variant which can endanger your computer if you are not careful enough. That’s why we need to be extremely careful while we are surfing. Don’t install any video codec and ActiveX control if you aren’t sure.
I have come to this page after going to pages listing more detailed instructions for deleting ‘all’(approximately 30 which were still in registry after uninstall was executed) related registry keys. All files/processes listed here on this page were already removed, but I STILL have a flashing icon in taskbar that alternates between flashing red “NO” symbol and a blue questionmark, which is STILL linked to the SpyLocked homepage. Has anyone who has tried the solution on this page had a similar problem? Wouldn’t this tend to indicate that the trojan is still on my hard-disk and could repair itself?
Kevin,
Those registry keys might belong to Zlob Trojan that executing the System Alert Popup on the taskbar.
Software\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{634be415-da12-496b-b89e-329b73c4807f}
Software\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Software\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{8329660f-e248-4872-98cc-fb9c4fec7ba8}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ EXPLORER\RUN\C:\WINDOWS\System32\issrch.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\{2016a466-91a2-43c6-97d8-2fd380f065ef}
You can click on the following link to get more information on how to remove them:
http://www.xp-vista.com/spyware-removal/zlob-removal-instructions
After you manually delete the regkeys, you might still want to scan your drive with the automatic removal tool (the scanner is free) to ensure that you are free of infected files. Repeat the steps if any offended entries are found. The reason you need to do this because the spyware could recreate itself if zlob.trojan is not completely removed from your machine.
Good luck!
If you get either one of these messages, then you are probably infected with SpyLocked.
“System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution.â€
“Warning!
W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to seal passwords and private information from the infected computer.”
You could get SpyLocked by opening an infected message in MySpace or other Social-networking websites. You could also get it from installing fake video/audio codec, fake software or fake software updates.
If your homepage was was changed to “asafetyproject . com” or “yourieprotect . com” then you most probably have been infected with SpyLocked, SpyDawn or MalwareWiped. You can easily get rid of them by following the removal instruction at the top of this page.
Yes, I paid for it. I wasn’t smart enough to follow the complicated procedures. Accounting major
But it’s a peace of mind to get rid of this stupid icon. Never download unknown files again 
This is a great lesson!
Never download unknown files again, that right. Particularly those applications from unknow vendor.
I’ve tried this and several other supposed methods of removing SpyLocked but none of them work. How do I get rid of this trojan?
Mike,
The instructions worked for a lot of people. You just need to know what you are doing first. If you let us know what you have tried and what errors you’ve encountered, we can probably give you a better answer.
If non of above work, you can still try the Automatic Removal tool. Of course, it’s at a cost but it will give you peace of mind. From what I learned, Spyhunter support would give you a custom fix remotely if somehow Spylocked or other spywares can’t be removed by the software.
Good luck!
Has anyone heard if spylocked or the Zlob trojan can and or will jump of onto an external device, such as an ipod?
And if it can do I just look for those .dlls?
Thanks for any help
yes thank
yes it’s good site for fixing error on pc.
All of those .DLL files in these instructions apparently don’t exist on my computer. I tried to unregister them and they I received a message stating that they couldn’t be found.
I also tried the smitfraudfix method; going into safe mode etc. That did absolutely nothing.
Hey,
Yea I was infected, and it took a while to get rid of everything. I did it by using the spy hunter to look up the files, but proceeded to delete them manually. Anyways, thanks for the tips. Good luck
i manually deleted all the files by using spy hunter, but the icon is still on my computer… is there anything else i need to do? restart computer?
Greg, not that I know of.
Mike, you need to make sure if your machine was infected by Spylocked. It could be other spywares. I would suggest you to download the removal tool to scan the drive. You don’t have to pay for the scan which will tell you if there’s anything infected files. Hope this helps. Good luck!
Mark, job well done! Glad to hear that
C, can you elaborate a little bit more? Did you scan the drive with Spyhunter then delete the files/regkeys manually? Or you have the full version of Spyhunter? If you have a full version, you can go to “Help”-> Technical support system, open a support ticket, generate support log and send the support log information. When they receive your support log they can assist you to resolve the issue.
does this work
I have an icon still, and tried everything you guys said. i found 2 zlob virussed on the registry and removed them and restarted the computer but it is still there. I run the program again and they were really gone however the bloody icon was still there? GRRRRR!!!!
Yes, i have came up with a solution!!! You guys could thank me later!! There is a new infector called tahxqcj.dll located in the windows/system32 folder.
Deleting only works with one way(not even the safe mode):
Run CMD and go to the Windows/System32 folder by writing: ‘cd C:/Windows/System32′ and ENTER.
Then go to the task manager and end the process called explorer.exe (your back-screen should disappear). Then go back to the CMD window and type in ‘del tahxqcj.dll’ and ENTER. (The Spyware should be totally gone)
Then go back to the task manager and then file, new task and type in ‘explorer.exe’ and ENTER.
Wallah…All fixed!!!
Asad – Thank you! It’s gone, finally. The tahxqcj.dll file indicated it was created in 2005 (I think, but not when I got this bug). How is that possible?
it said that file could not be found
tried again and yay finally got it off, thank u
What is CMD? (Looks like DOS mode to me.) Do I need to manually delete all the files found by spyhunter first, and then follow the instructions to remove tahxqcj.dll? Thanks.
There is a new bad file called ‘qvjpt.dll’ located in system32 folder.
I agree with Asad – great idea.
Please help! I tried Asad’s method but when I run the cmd it starts up like this
C:\Documents and Settings\(user)
What do I do? I can’t press backspace
Thank you
Gale, if you are not familiar with command prompt, you can use Windows’ search function to locate the dll then delete them.
Do I still have to do end the explorer.exe process though? Thank you
Ok I searched it with windows but it says that I cannot delete it. I think its because I didn’t end the process of explorer.exe. When I do end the process the search program disappears…Help, and thank you
Hi, I have the same problem as Gale, I think its also because I didn’t end the explorer.exe process. When I do, the search program for windows disappears.. Help please. Thank you!!
Explorer.exe is part of the system. Ending this particular process will cause problems for Windows. If you don’t feel comfortable remove Spylocked manually, the automatic tool is a great option for those who is not familiar with system editting. Yes, it might cost $30, but it also saves you a lot of headaches.
NO NO NO NO NO!!!!
You need to close explorer.exe (from task manager)
Closing explorer does no damage what’s so ever. It is just a bloody program!!!
^^^All the folders close as well^^^(including Search) so you need to delete it from command prompt!!!
Apologies for the spelling mistakes i made last time (‘/’ should have been ‘\’). Start Command Prompt. You should write this in CMD(DOS): ‘cd C:\Windows\System32′ and ENTER. And then close explorer.exe and go back into CMD and type in ‘del (filename)’ and ENTER. Then go back to task manager, to file, new task and type in ‘explorer.exe’ and ENTER. This should work if you did it right like Susie and c did at the top.
And you guys, this is the free, fastest and easiest way to get rid of this virus.
PS. Gale, you can’t delete or backspace the thing at the start of when you run Command Prompt. Just ignore it. Type what I said and it should take you to the right folder.
You will likely see that the last two dlls in the list at the top would most likely be the virus because they are the new ones.
If anyone doesn’t understand how closing explorer.exe makes it so you can delete the virus here is the explanation:
When you close explorer.exe, it stops the functionality of everything that has got to do with viewing your c dive and stuff like that. Here is what i mean:
———————————————–
It closes all folder viewing windows.
Closes the task bar at the bottom.
Therefore it stops all the programs that run on the taskbar, like all the icons. This stops the functionality of the virus and there you can delete it(using CMD otherwise known as DOS) following my steps above.
———————————————–
How do I know if I have removed the program? Thanks in advance
Cyrus, the easiest way to do it is to download the removal tool, which will scan your machine for free.
ok thanx, I disconnected my infected computer from the internet, is that smart
So I the free scanner catches nothing I am good to go?
Cyrus,
What country are you from?
It is just that i did not understand what you said.
PS. Please everyone tell me which countries you live in. I live in Australia.
asad, you’re a god. it works after everything else failed. a thousand thanks my friend.
Asad,
Ditto, worked great!!
Thanks a lot. Your Welcome.
PS. You did not say which country you live in?!
Thank You ALL for your help!
I was able to manually get rid of SpyLocked
My computer could not find any of those DLL Files and also could not even find Spylocked.exe under my system processes, however I know that I am infected because I have the annoying flashing icon that links to the Spylocked website and get the annoying pop-up “warning”. Has anyone else experienced this or knows what my problem is?