Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems Moving Remnants Of Spylocked Manually


  • Please log in to reply
2 replies to this topic

#1 filmacre

filmacre

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 March 2007 - 08:04 PM

Following the instructions on how to remove the Spylocked malware manually, your instructions say to go to your desktop and double click on the FixSD.reg file then when it asks you if you would like to merge the information, press the Yes button and then the OK button. Then click on the Start button and then select the Run option. Then it says, In the Open: field type c:\windows\system32 and then press the OK button. Then when the folder appears, if it says Thes files are hidden, click on the Show the contents of this folder options. Okay, I already had my settings set to where no files were hidden. Skipping the part about how to Show hidden files and folders, it went on to say, Scroll through the list of files in this folder and look for fyxkaah.dll then right-click on that file and rename it fyxkaah.dll.bad. It also said find onwtj.dll and tahxqcj.dll and rename them onwtc.dll.bad and tahxqj.dll.bad. It went on to say if you do not find any of these files, then you should post a note about it in the Am I Infected? forum. I did not find these files in the c:\windows\system32 folder. When I originally realized I had unintentionally down loaded the Spylocked malewarimmediatelytely tried to uninstall it. It appeared to uninstall but the little blinking red icon indicating the fake System Alert is still there and it won't delete. The Spylocked icon right beside it however did delete but not when I uninstalled the program. I had to deletemanuallyully after I uninstalled the program. But the fake System Alert icon is still there and if you try to right click on it to try to delete it, it takes you to the Spylocked ad page asking you to buy their spyware remover software. I guess what I want to know is, did Spylock really uninstall when I tried to uninstall it? And if so, why is their fake System Alert icon still in my Windows taskbar at the bottom of my computer screen and why won't it delete? I also noticed that although the Spylocked 3.1 did disappear from my Add or Remove Programs list when I tried to uninstall it, another name appeared at the same time called, Windows Safety Alert and the name will not uninstall when I try to uninstall it. There is also a MySpaceIM listed that will not uninstall even tho I did get the actual Mspace Instant Messenger to uninstall when I unistalled it a while back. It appears to be just the name that won't unstall off the list. Are these programs still secretly hiding somewhere in my computer or did they uninstall like they appeared to? And why are the names still on the Add or Remove Programs list and why is the blinking fake Security alert icon still on my Windows taskbar?

BC AdBot (Login to Remove)

 


#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:43 AM

Posted 26 March 2007 - 08:10 PM

Hello,

http://www.2-spyware.com/remove-spylocked....CFRROQwod6kdCWg This site will give you detailed information on what registry entries to remove and so on.

hope this helps
Regards,

Alan.

#3 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:43 PM

Posted 26 March 2007 - 09:29 PM

Why did you not run the smitfraudfix?
The references to the programs that you have uninstalled but are still listed in Add/Remove, can be removed with tool inside Ccleaner. A good program on your computer to have. You should also run the cleaner to remove temporary files, logs, cookies, etc. Use the default settings for cleaning and do not use the "Issues" button.

Another good program to run is Super Antispyware to clean up leftovers from the spylocked infection and to remove lots of other malware.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

You should also flush "system restore points"after malware is gone.

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Flush System restore after you are free of malware--Directions for Milennium and XP
http://www.real-knowledge.com/flushres.htm

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings.
http://www.ccleaner.com/

Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
(pre-Vista OS's)

Edited by buddy215, 26 March 2007 - 09:33 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users