30 total posts
Here is some more information on SpyLockeed
Heres what others say about SpyLocked
SpyLocked may be marketed by malware that displays false or exaggerated warnings of spyware infection on the desktop to entice users to download the program. SpyLocked typically displays exaggerated or false scan reports of infection to frighten the user into paying for the program since the free version of the program will not perform threat removal.
spylocked flashing icon on task bar
I deleted every file and registry entry I could find and still had the flashing icon on the task bar. I later located a file named oyopu.dll in the system32 folder. After deleteing this file, the icon went away.
Hope this helps someone else.
I've been spylocked
I looked for the oyopu.dll and don't see it...could it be somewhere else?
Could it be "hidden"?
If you haven't "unhidden" your files and folders, it could be one reason you're not seeing it.
Click on the Tools menu and select Folder Options.
Click on the View tab.
Under the Hidden files and folders category select Show hidden files and folders.
Uncheck Hide protected operating system files.
Press Apply and then OK
If that doesn't help, it may help to look for it while in Safe Mode. See the second #11 listed halfway down the page at:
It may help..
SpyLocked is now detected by freeware RogueRemover
Users who got SpyLocked can try the above mentioned self-help guides or use RogueRemover (free utility to remove and detect growing number of rogue products)
Download RogueRemover from http://www.malwarebytes.org/rogueremover.php
I looked in RogueRemover programs targeted drop down menu and it is not listed.Unless it will be listed in an up dated version.
I personally requested via private message to the author of RogueRemover to kindly include SpyLocked in the detection. His response the other day is.. it will be added and released in next update together with detection with many other rogue products.
Update was released and it includes SpyLocked.
It is there today:
See the post of Roddy in Updates thread today:
See the history:
"Version 113 (3/25/07)
AdwareCleaner, AdwareGuardian, AdwareStopper, AdwareSweep, AdwareSweeper, MalwaresWipeds, PestWiper, SpyContra, SpyLocked, SpywareHound, VirusBlasters, VirusBurst
AntiVermins, Anti-Virus&Spyware, DriveCleaner 2006, MalwareAlarm, MalwareWipe, PestCapture, Rogue.Infector, SystemDoctor 2006, SpyDeface, SpyHeal, Spyware Stormer, Ultimate Cleaner
No applications were delisted.
We have now reached 300 rogue applications detected!"
The database also has SpyLocked in the list:
Just as I thought,it needed to be updated,I checked Roddy's post.
And a screenshot that it is there..
Still have a system tray icon with annoying pop-up
The RogueRemover was successful in removing the last Registry Key that seemed to remain after I thought I had gotten all traces of SpyLocked.
Unfortunately, though I still have an icon in my system tray that toggles between a questions mark and a strike through icon. Annoying "system alert!" pop-ups stem from this icon periodically.
Suggestions on removal? Thanks!!
System Alert pop-up
Try the self-help guide by BleepingComputer.com at:
There's automated and manual removal.
If you are not comfortable in using the above, please post a HijackThis log in Bleeping Computer forum and they'll assist you in finding the issue and provide removal.
"RogueRemover was successful in removing the last Registry Key"
I don't understand,are you saying that RogueRemover removes registry keys?
spylocked icon popup
i just renamed ilmpjy.dll to ilmpjy.bad ( in c:\windows\system32). That did it!
just make sure you can see system and hidden files in tools, folder options,its in system32
wood0454 & ilmpjy.dll
Just to let everyone know wood0454 has got the solution to removing those unbelievably annoying system tray icons - just remember to set the folder options otherwise you will not find the ilmpjy.dll file.
As a tech I have seen may cases of spylocked. To remove spylocked download smitrem.exe ( about halfway down the page )from http://noahdfear.geekstogo.com/ and smitfraudfix ( the first link under download siri.urz.free ) from
http://siri.geekstogo.com/SmitfraudFix.php . Save both to your desktop.
Boot your computer into safe mode and run these 2 tools and it shall remove spylocked. Smitrem.exe - Click on start so that it extracts all. On your desktop you will have a new yellow folder for smitrem , open that folder and choose runthis. Press any key all the way through untill the scan starts. Allow the scan to run it checks for may tyoes of malware and removes them. Once that completes , right click on smitfraudfix , choose extract all. You will have a new folder , inside the folder choose smitfraudfix. Using the keyboard 2 and enter , then y and enter. Next do 3 and enter , y and enter. Once complete choose q to quit. Once you have run both tools reboot your pc and the warning that you are infected with malware should now be gone.
Best of luck
You can skip smitrem.exe. It has not been updated in months, and will definitely will not clean newer variants. SmitfraudFix should take care of the problem, unless there are also other infections present that it cannot handle.
Cannot get rid of flashing icon
I did the search (with hidden files included) for ilmpjy.dll, and nothing came up. Any suggestions on how to get rid of the icon and the warning pop ups?
I have downloaded Spyhunter and Spyware Doctor, and they say I have no more threats, but I still have that flashing Icon and the pop up warning.
I am using a PC with XP.
Any help will be appreciated.
Steve, Did You Follow The Instructions Posted...
..by Donna in the link at the beginning of this thread.. Here's that link again:
Download SmitFraudFix from the location provided in the link above.. REstart the computer into Safe Mode, then run SmitFraudFix per the instructions, then reboot the computer. AFTER after following all the instructions for running SmitFraudFix and rebooting the computer, then run all the other tools you have.
Hope this helps.
You're welcome Tom :)
I remeber bonzi-buddy and 14 of 16 were in the registry
Some were so obvious that it was a link between other ones that were healthy. I think I had WIN98SE then and one was blocking Windows MediaPlayer 9.0 - it was listed before it in the registry. Once I dug them all out and deleted. There were no more problems. It was picked up by a trial of CA's Pest Patrol now it is CA Antispyware. I got them from Ad-Aware SE and they were there as to their locations, all Ihad todo was move the link over to right to see were they were located, went to Run, typed in regedit & clicked ok so I could find them in the registry using the list in Ad-Aware. Some were in CLSID. One said only bonzi. I used that for someone who had a lady friend use his computer and all her mail was still there. She isn't now. Darrell
thank you so much, the software website you posted really helped me get rid of my rogue antivirus, spylocked. your link was the only one that worked, and it was free too!
I was spylocked
Thank you so much guys for this article!!! i have spent 5 hours tonight uninstalling spylocked, updating AVG, running spybot and scanning my computer, and all the time that blooming pop up would not go away. thanks to you all for recommending rogueremover i ghave got rid of it WOOP WOOP!!! so big big thanks!
Spylocked May Be Exploiting .Ani Vulnerability
I have read a few reports online that Spylocked my be exploiting the .ani cursor vulnerability. can anyone confirm this? This would explain why our customers continually get reinfected after removing spylocked unless they patch their systems. The trouble is, a lot of the computers we deal with use Realtec chipsets, so patching causes a ton of other headaches...
Message was edited by: admin
There's A Patch For The Realtek Issue
First, install the ANI cursor update, then install the patch.. It should stop the problem with Realtek errors.. At least it has on all our machines. See the link below..
Hope this helps.
Your post requires an edit
I've sent an alert to the forum admin today to edit your post by removing the link in your post. All your posts is also requested today to remove the link to your website. Most of your posts point to your site only and it's blatant advertising. The other username is tschrock1 which also links to the said site over and over again.
Kindly read the complete policies of CNET forums:
Thank you for the understanding and cooperation.
Regarding your question, please see reply of fellow moderator and MVP Grif Thomas because if one has a patched system, there's no worry anymore on whatever vulnerability is targetted by malware. That is if the patch fixes the same issue that a malware will exploit.
: New rogue called SpyLocked
This sounds very similar to Spy Sheriff.