17 replies to this topic

[fredvries]

SpyLocked 4.0 is out.

spylocked.com

You should delete:
C:\PROGRAM FILES\SPYLOCKED 4.0\SPYLOCKED 4.0.EXE
C:\PROGRAM FILES\SPYLOCKED 4.0\SPYLOCKED 4.0.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked 4.0.exe
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\gSAGti
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\InprocServer32
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\InprocServer32#ThreadingModel
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\iQBaxyptCpt
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\JpdTjqE
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\lAquljXqnlz
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\ProgID
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\qllniklljt
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\titlihkurfD
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\TypeLib
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\VersionIndependentProgID
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\YgWhwBWSr
HKCR\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}
HKCR\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}\1.0
HKCR\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}\1.0
HKCR\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}\1.0\win32
HKCR\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}\1.0\FLAGS
HKCR\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}\1.0\HELPDIR
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\ProxyStubClsid
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\ProxyStubClsid32
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\TypeLib
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\TypeLib#Version
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\ProxyStubClsid
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\ProxyStubClsid32
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\TypeLib
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\TypeLib#Version
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\ProxyStubClsid
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\ProxyStubClsid32
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\TypeLib
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\TypeLib#Version
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\ProxyStubClsid
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\ProxyStubClsid32
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\TypeLib
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\TypeLib#Version
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\ProxyStubClsid
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\ProxyStubClsid32
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\TypeLib
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\TypeLib#Version
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\ProxyStubClsid
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\ProxyStubClsid32
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\TypeLib
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\TypeLib#Version
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\ProxyStubClsid
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\ProxyStubClsid32
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\TypeLib
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\TypeLib#Version
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\ProxyStubClsid
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\ProxyStubClsid32
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\TypeLib
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\TypeLib#Version
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\ProxyStubClsid
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\ProxyStubClsid32
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\TypeLib
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\TypeLib#Version
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\ProxyStubClsid
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\ProxyStubClsid32
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\TypeLib
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\TypeLib#Version
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\ProxyStubClsid
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\ProxyStubClsid32
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\TypeLib
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\TypeLib#Version
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\ProxyStubClsid
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\ProxyStubClsid32
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\TypeLib
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\TypeLib#Version
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\ProxyStubClsid
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\ProxyStubClsid32
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\TypeLib
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\TypeLib#Version
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\ProxyStubClsid
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\ProxyStubClsid32
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\TypeLib
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\TypeLib#Version
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\ProxyStubClsid
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\ProxyStubClsid32
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\TypeLib
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\TypeLib#Version
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\ProxyStubClsid
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\ProxyStubClsid32
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\TypeLib
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\TypeLib#Version
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MENU START\PROGRAMMA'S\SPYLOCKED 4.0\SPYLOCKED 4.0.LNK
C:\PROGRAM FILES\SPYLOCKED 4.0\UNINST.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MENU START\PROGRAMMA'S\SPYLOCKED 4.0\UNINSTALL SPYLOCKED 4.0.LNK
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MENU START\SPYLOCKED 4.0.LNK
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\BUREAUBLAD\MALWAREBYTES\SL_SETUPX.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\BUREAUBLAD\SPYLOCKED 4.0.LNK
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SPYLOCKED 4.0.LNK
C:\PROGRAM FILES\SPYLOCKED 4.0\SPYLOCKED 4.0.URL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC90A729-086B-4564-9915-918D3C429236}\RP53\A0034304.EXE
C:\WINDOWS\Prefetch\SPYLOCKED 4.0.EXE-0F623AE7.pf

[JeanInMontana]

Too bad they can't use that energy for something good.

[fredvries]

Agreed.

The money they earn is tainted.

[nosirrah]

We should google "spylocked 4.1" and wait for it to pop up on the cracks sites .

[RubbeR DuckY]

Who would have thought that 4.0 would come out.

[AndyAtHull]

Not me at first but seeing the versions come out like they have, can't say I am suprised now.

[JeanInMontana]

nosirrah, on May 22 2007, 01:00 PM, said:

We should google "spylocked 4.1" and wait for it to pop up on the cracks sites .

Holy crap. http://www.google.com/search?q=spylocked+4...lient=firefox-a

[nosirrah]

Throw some quotes on that .

http://www.google.com/search?hl=en&q=%...G=Google+Search

Nothing yet , but I'm watching .

[JeanInMontana]

Quotes on what?

[nosirrah]

Doing a google search for spylocked 4.1 and "spylocked 4.1" are very different things .

[JeanInMontana]

Oh yes, I used your terms exactly. Highlighted what you posted and used right context menu option [search Google for "spylocked 4.1"] the link was the results.

[nosirrah]

Are you sure ? Your link has 312,000 results , mine has 0 .

[JeanInMontana]

Ah ha! The quotation marks show in the right context menu but they are not actually applied for the search. Why I don't know and I have thought until now they were used. For instance using the search not found for "spylocked 4.1" and highlighting that and right click appears as ""spylocked 4.1"" . Deceptive, but I learned something valuable. Thanks

[Bugbatter]

I noticed that RogueRemover was updated on May 16 to handle a later version of Spylocked. I assumed it was the v.3.9. Has Spylocked 4.0 been added yet?

[fredvries]

SpyLocked 4.0 isn't in the database of Malwarebytes' RogueRemover yet. But we are working on the update as we speak/post.

In the meantime infected users can manually disable SpyLocked 4.0 by removing the following line in the HijackThis results:

O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\WINDOWS\system32\ndwvm.dll

[Bugbatter]

Thank you for your reply. If I had waited a few more minutes before posting, I could have answered my own question. The user's log just came back, and I see that I have some work to do.
Looking forward to your update, and thank you for all the hard work you guys are doing in developing these tools.

[RubbeR DuckY]

Will be updated tonight =)

[SwampDiner]

Added 132