Talk:Spylocked
From Wikipedia, the free encyclopedia
Dear fellows,
Take into account my contribution, on the method, that it is being used by the creators of SpyLocked, to infect our systems: a)Opening a malicious webpage, a program is executed in our system. b)This program drops a malicious dll file in %windir%\system32 directory. (this library file is often called "eeuydc.dll") c)Gives the following attributes to this file: s,h,r. d)Then it creates two entries in the registry: One for the class of the malicious object and a second one, which is the command that loads the malicious object during OS startup. The registry key, that it uses for the second entry is: HK_LM\Software\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler In this key it adds a new parameter named by the class name of the malicious object and having as value a random name - so from this point, working reversely, you can find the name of the class and then the name of the dll. As an IT consultant I have never dealt with this key, but it is at least as old as windows98.
Best regards to all! Spiros Kollias --62.38.205.49 07:09, 4 May 2007 (UTC)
Contents |
[edit] Edit war
Please stop the unproductive editwar Mike1d. Now all links are mentioned. I added a link to the company associated with the malware Spylocked. Otto 07:54, 26 May 2007 (UTC)
[edit] Successful removal
I succeeded to remove spylocked with the trial software CounterSpy from SunBelt. Otto 07:54, 26 May 2007 (UTC)
[edit] You are doing wrong here
First of all, you are removing my desire links secound, what are you doing here? You are doing spamming here, because bleeping computer is providing clear instruction to remove the spylocked, whereas you are showing to this link "*Solution for removal of SpyLocked <- this is for spydawn not for spylocked" instead of " *[www.bleepingcomputer.com/forums/topic85376.html - SpyLocked] " what is your motive to do so? its means you want to show that your links "spywaresignatures" are best than others. Other thing that, what is your motive to put the last link of SpyLocked company, please see very carefully , -> *SpyLocked The company where the malware redirects to. What is the meaning of that ? You have its answer, try to find out that one. If you removes my desire links, i will remove yours. Thats it. (not signed by Mike1d)
- Finally you give arguments instead of warring. You should have done that in the first place. The links from bleepingcomputer where originally not from me. You were revert warring with an anonymous (122.16*) and I wanted an explanation why you deleted these links. Second, I didn't remove your link to Pcontech, it was still there. Third: the reason for the link to Spylocked is obvious: that is the company which is profiting from the malware. Otto 07:34, 28 May 2007 (UTC)
[edit] You are doing wrong here
OTTO, Please check your user talk page
Hello Otto, respecting Wikipedia's policies here are some points covering your querries with Spylocked Page.
I have been posting links to SpywareSignatures Tool which removes spylocked, THat tool really works well and is even being recommeded by MVPs in the One care and Microsoft Support forums.
Here you might want to see it
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1426598&SiteID=17
The page from where it is downloaded has more than 15K hits in last couple of months.
Moreover its a popular download on Download.com
http://www.download.com/Free-SpyLocked-Removal-Tool/3000-8022_4-10667426.html?tag=lst-0-1
This software is downloaded over 3000 times since 9th May.
I would suggest you to download this tool once and test it against spylocked as you did with CounterSpy.
On Another note. I have never removed any link For bleeping computer nor any other that you pasted reading your comments at the talk page. But the other user was constantly removing all the links and i kept on pasting your links back as you did the first time. Thats how we didnt get to know that it was taking to SpyDawn and not Spylocked because it was never touched.
And also I never posted link to spylocked(dot)com
I hope it helps.
Please let me know if the links i posted were SPAM, and i would quit posting.
Best Regards ES101
- To my opinion it is appropriate to put a link to the tools mentioned above by ES101. I have requested attention for this revert war on Wikipedia:Wikiquette_alerts#Edit_war_at_Spylocked. Otto 17:19, 29 May 2007 (UTC)
[edit] Mike1d Would Keep on removing links to the tool
Hello Otto
Thanks for your reply to hold it alrite to add links to the tool I mentioned. But Mike1D would keep on removing it and posting links to PCONTECH site... Any Solutions ? :)
Cheers ES101
[edit] Add " Spycrush"
Need to add spycrush as another variant of this virus. Can be removed by [smitfraudfix.exe. http://siri.geekstogo.com/SmitfraudFix.php]
Reg SC
[edit] Terrible article - requires cleanup
This article really needs cleaning up. It is written in bad English and is the subject of repeated edit wars. In fact, I'd say this was an example of one of the worst articles on Wikipedia. --Christopher 11:03, 24 July 2007 (UTC)