Spylocked !!

newboy_3

Hi Techies.

I need some help in removing a spyware / trojan. I have looked around for a free removal tool for 'spylocked', but all seem to do a free scan, but then want you to pay to remove.
I thought I was protected, as I am running with;
CCleaner / W Defender / AdAware / AVG antispyware and also Norton Internet security 2007.

Any suggestions??

Newboy

Browntoa

To remove SpyLocked you need a tool called

http://www.filepedia.com/desktop_software/desktop_security/smitfraudfix.cfm

Download this to your desktop before we begin the removal process. You also need a tool that can open Zip files. Windows XP can do this for you automatically or you can download 7-Zip (a free compression utility).

1. Extract the files out of SmitfraudFix.zip.
2. After extractions you should find a folder on your desktop that contains 11 files.
   
3. Reboot your PC into Safe Mode.
4. Once the PC has rebooted open the SmitfraudFix folder on your desktop and double-click on SmitfraudFix.cmd.
   
5. Press any key to continue.
   
6. You'll now be faced with 6 options:
   
   Press 2 to start Clean (safe mode recommended) followed by ENTER.
   
7. If you are running Windows XP you'll see the Disk Cleanup start up and clean out your temp files and Temporary Internet Files folder.
8. When asked if you want to clean the registry, press Y followed by ENTER.
   
9. Check for the following files:
   C:\WINDOWS\system32\fyxkaah.dll
   C:\WINDOWS\system32\onwtj.dll
   If you find these, delete them.
10. Check for and delete if present the following files:
    C:\Program Files\SpyLocked\spylocked.exe
    C:\Program Files\SpyLocked\sd.ini
11. Check for and delete if present the following folder:
    C:\Program Files\SpyLocked
12. Reboot your PC.

Your PC should now be free of SpyLocked.

http://www.pcdoctor-guide.com/wordpress/?p=4107

Browntoa

then follow the steps in post 1 to 4 of this thread

http://forums.moneysavingexpert.com/showthread.html?t=133269

as these types of infections are "gateway" infections that will install other trojans etc

I would avoid online banking/ebaying, credit card transactions until you have done the clean up

newboy_3

Thanks Browntoa

Will advise how I get on.

Newboy

newboy_3

Hi Browntoa

Wasn't sure where I was supposed to be checking for the files (as per line 9).
But, saying that, all seems to have been removed, and all scans completed as per your second post.

Many thanks for your advice.

Newboy

MisterNick

I have just been infected with this. Is it likely to have been there long without my knowledge as I do quite a lot of on-line banking transactions.

I am going to have a go at this with my son in the morning, but I am not a real techie.

The instructions look straight forward but is that the case? Is it clear where to check for the files as Newboy did not seem to think that this was the case?
I have also run Spybot and I think that it removed a Smitfraud file amongst others that I had never seen before. Is this ok?

Many thanks for any help

Alfonso_Skinarelli

MisterNick,

The problem with trojans such as these is they often come as a bundle with other malware. While the instructions posted may well remove the said infection, the registry key(s) that are initially changed to allow reinfection/reinstallation of the rogue program change on a daily basis. As such, I advise you to start a new topic of your own and post a HijackThis log along with the SmitfraudFix Rapport.txt after running the tool. If you bank online, I would definately hold fire on accessing any banking sites with this machine until we've taken a look at the state of play for you.