Malware Removal Information

Ga naar de inhoud

Hoofdmenu

SpyLocked

Infecties > Archief O - S

SpyLocked (of SpywareLocked) is een spywareremover van de zwarte lijst.

In de systray zie je een knipperend icoontje dat je waarschuwt dat de computer geïnfecteerd is.
Het programma wordt op de computer gedropt, vindt een aantal infecties, maar geeft aan deze pas te verwijderen als je het product koopt.



Elke keer de computer opnieuw start, start ook SpyLocked en begint het te scannen.



Kenmerken in een hijackthislog zijn ondermeer deze:
O4 - HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked\SpyLocked.exe /h
O4 - HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\SpywareLocked.exe /h
O4 - HKLM\..\Run: [SpywareLocked 3.3] "C:\Program Files\SpywareLocked 3.3\SpywareLock.exe" /h
O4 - HKLM\..\Run: [SpywareLocked 3.4] "C:\Program Files\SpywareLocked 3.4\SpywareLock.exe" /h
O4 - HKLM\..\Run: [SpywareLocked 3.5] "C:\Program Files\SpywareLocked 3.5\SpywareLock.exe" /h
O4 - HKLM\..\Run: [SpyLocked 3.6] "C:\Program Files\SpyLocked 3.6\SpyLocked 3.6.exe" /h
O4 - HKLM\..\Run: [SpyLocked 3.7] "C:\Program Files\SpyLocked 3.7\SpyLocked 3.7.exe" /h
O4 - HKLM\..\Run: [SpyLocked 3.9] "C:\Program Files\SpyLocked 3.9\SpyLocked 3.9.exe" /h
O4 - HKLM\..\Run: [SpyLocked 4.0] "C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
O4 - HKLM\..\Run: [SpyLocked 4.3] "C:\Program Files\SpyLocked 4.3\SpyLocked 4.3.exe" /h
O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - C:\WINDOWS\system32\oyopu.dll
O22 - SharedTaskScheduler: chitosan - {ceca6f2b-247b-4ece-9b7a-d0135c8036fc} - C:\WINDOWS\System32\onwtj.dll
O22 - SharedTaskScheduler: characterizing - {b292ec9f-a074-4115-8342-1f459702d8d2} - C:\WINDOWS\System32\fyxkaah.dll
O22 - SharedTaskScheduler: grithbreach - {07a582e8-bae3-457d-9d29-2048de45a369} - C:\WINDOWS\system32\qvjpt.dll
O22 - SharedTaskScheduler: frisbee - {abef791f-947e-4cdf-83c3-e72a240afb67} - C:\WINDOWS\system32\ygjun.dll
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - C:\WINDOWS\system32\dxovx.dll
O22 - SharedTaskScheduler: heterandrous - {735e980d-45d2-4777-af82-9923d3c8d3ae} - C:\WINDOWS\system32\kgkdbsk.dll
O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - C:\WINDOWS\system32\antzozc.dll
O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\WINDOWS\system32\ndwvm.dll


Verwijdermethodes:

Smitfraudfix (gemaakt door S!Ri)
Zie hier.

Roguescanfix (gemaakt door Beamerke)
Zie hier.

Manueel verwijderen:
Rechtsklik op het icoontje van SpyLocker in de systray, en kies voor "Exit".
Bevestig de waarschuwing die je krijgt om SpyLocker af te sluiten door op "Ja" te klikken".
Ga naar start - Alle programma's - SpyLocker en kies uninstall SpyLocker 3.1 om het deïnstallatieprocess te starten.
Hernoem het verantwoordelijk bestandje, (zie hieronder) of verwijder dit bestand met behulp van Killbox.
Download Pocket KillBox.
Unzip het programma naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie “Delete on reboot”.
In het veld “Full path of file to delete" plaats je volledige pad naar het verantwoordelijke bestand.
Klik dan op de knop "Single File".
Klik op de knop met de rode cirkel en het witte kruis.
Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".
Na herstart zou de infectie verdwenen moeten zijn.
Om wijzigingen in het register op te ruimen, kan je deze regfile nog gebruiken.


Gekende varianten:

afkvvy.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4688f900-0d0c-4788-b297-59cc10e70ccc}"="bipinnatifid"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}\InProcServer32]
@="C:\\Windows\\system32\\afkvvy.dll


antzozc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa4fbf53-c766-4622-8011-a87a805eebf0}"="deboner"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa4fbf53-c766-4622-8011-a87a805eebf0}\InProcServer32]
@="C:\\WINDOWS\\system32\\antzozc.dll"


czxtyx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"="calocarpum"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\\WINDOWS\\system32\\czxtyx.dll"

dooep.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@="C:\\Windows\\system32\\dooep.dll

dtjby.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c5a0fff-9164-493b-93e0-17446374e0a0}"="inflexive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}\InProcServer32]
@="C:\\WINDOWS\\system32\\dtjby.dll"


dxovx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="C:\\WINDOWS\\system32\\dxovx.dll"


eeuydc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="auditioned"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@="C:\\WINDOWS\\system32\\eeuydc.dll"


egzcqg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}"="antiforeigner"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}\InProcServer32]
@="C:\\WINDOWS\\system32\\egzcqg.dll"


fyxkaah.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\\WINDOWS\\system32\\fyxkaah.dll"
"ThreadingModel"="Apartment"


ilmpjy.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\\WINDOWS\\System32\\ilmpjy.dll"


indwvm.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\\WINDOWS\\system32\\indwvm.dll"


kgkdbsk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32]
@="C:\\WINDOWS\\system32\\kgkdbsk.dll"


lcsrsrv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}"="huet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}\InProcServer32]
@="C:\\WINDOWS\\system32\\lcsrsrv.dll"


onwtj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}"="chitosan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}\InProcServer32]
@="C:\\WINDOWS\\System32\\onwtj.dll"
"ThreadingModel"="Apartment"


oyopu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@="C:\\WINDOWS\\system32\\oyopu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}"="homina"


pjgerka.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596e4935-4d3b-4a3c-842d-2efd1b3de598}\InProcServer32]
@="C:\\WINDOWS\\system32\\pjgerka.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{596e4935-4d3b-4a3c-842d-2efd1b3de598}"="hundi


pkgvyg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0ded443-5e68-4001-a81b-0a0001621ab8}"="excreted"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0ded443-5e68-4001-a81b-0a0001621ab8}\InProcServer32]
@="C:\\WINDOWS\\System32\\pkgvyg.dll"


pkjcoxq.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e1d3b05d-4dd9-468d-982e-c342f05436e5}"="crowsteps"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d3b05d-4dd9-468d-982e-c342f05436e5}\InProcServer32]
@="C:\\WINDOWS\\system32\\pkjcoxq.dll"


qvjpt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07a582e8-bae3-457d-9d29-2048de45a369}\InProcServer32]
@="C:\\WINDOWS\\system32\\qvjpt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{07a582e8-bae3-457d-9d29-2048de45a369}"="grithbreach"


qzviz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"="curdler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\\WINDOWS\\system32\\qzviz.dll"


rcohty.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b23dc537-3e13-44c7-bf67-d8405eb377f7}"="bedstead"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b23dc537-3e13-44c7-bf67-d8405eb377f7}\InProcServer32]
@="C:\\WINDOWS\\System32\\rcohty.dll"


rxqcpn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3}\InProcServer32]
@="C:\\WINDOWS\\system32\\rxqcpn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3}"="coenosarc"


tahxqcj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fac42-a7be-4702-87ef-75d8dc14249e}\InProcServer32]
@="C:\\WINDOWS\\system32\\tahxqcj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d6fac42-a7be-4702-87ef-75d8dc14249e}"="hemine"


uimcu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6ad686b9-ab56-4ebc-a804-9f70b55b4577}"="floripondio"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}\InProcServer32]
@="C:\\WINDOWS\\system32\\uimcu.dll"


viuaoq.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7058baa-49a4-40b7-95c2-eec95cdf51f3}"="infumate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7058baa-49a4-40b7-95c2-eec95cdf51f3}]
@="C:\\WINDOWS\\system32\\viuaoq.dll


xuoce.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{da3b49f6-8c54-4429-a275-21a86dcca413}"="admissibility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32]
@="C:\\WINDOWS\\system32\\xuoce.dll"


ygjun.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{abef791f-947e-4cdf-83c3-e72a240afb67}"="frisbee"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abef791f-947e-4cdf-83c3-e72a240afb67}\InProcServer32]
@="C:\\WINDOWS\\system32\\ygjun.dll"


yronl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}\InProcServer32]
@="C:\\WINDOWS\\system32\\yronl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}"="haefner"


yuspej.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}"="ephemeran"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}\InProcServer32]
@="C:\\WINDOWS\\system32\\yuspej.dll"

Terug naar de inhoud | Terug naar het hoofdmenu