Spylocked

From Wikipedia, the free encyclopedia
Jump to: navigation, search

SpyLocked, also known as SpywareLocked, is rogue software that seeks to trick the user into purchasing its full rogue version. SpyLocked issues false security messages alleging that the user's computer is infected with malicious spyware. Once installed, SpyLocked may be very difficult to remove and may re-install itself after partial removal.

Information[edit]

SpyLocked is a rogue security program that provides limited protection against spyware. It alerts users of false positives during spyware scans, as to goad them into purchase of the upgrade. SpyLocked's scans have also been shown to have a low accuracy, and to exaggerate low level threats as critical threats. The trial version will not remove these threats, and in order to do so the full version must be purchased.

Infection[edit]

SpyLocked's method of infection is similar to the delivery methods of all other rogue anti-spyware programs. SpyLocked can infect a computer through web browser security holes, downloading and installing itself through Zlob Trojan horses Infection.

Alleged Description[edit]

SpyLocked's creator describes SpyLocked as follows:

General malicious characteristics and behavior[edit]

Some problems encountered with SpyLocked are:

  • Poor scan reporting.
  • False detection and misleading results.
  • Deceptive advertising within application
  • Fake critical infection alerts
  • Self-updating

Problems caused by SpyLocked[edit]

Once inside the computer, SpyLocked may cause a variety of problems to the owner of the computer. Symptoms are obvious: popups, false system alerts in the notification area, and a noticeably slower computer. What are less obvious are the activities the software executes within the system. These trojans can steal personal information. These type of trojan have been known to steal bank account numbers, credit card information, home addresses, dial 1-900 numbers on your money, and much more.

  • SpyLocked may generate excessive advertisements and bombard the computer screen with unwanted pop-ups.
  • The infected computer may show an icon on the notification area adjacent to the system clock. Clicking the icon will take the user to a rogue anti-spyware site. Even if the message is not clicked, it will intermittently show a message similar to:

"The system has detected a number of active spyware applications that may impact on the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution."

  • SpyLocked may not allow the user to uninstall it by using Add/Remove function and may recreate itself every time the user tries to remove it manually. Additionally, trying to remove it manually may even lead to a system crash. SpyLocked will deliver fake security messages that user's computer is infected with spyware in order to promote its alleged rogue anti-spyware product.
  • SpyLocked may run as a number of different processes including 'isamain.exe', ismain.exe' and 'isamntr.exe' These processes usually can not be terminated individually (however, they can be removed using the 'End Process Tree' option on the Windows Task Manager) as they often restart themselves.
  • SpyLocked may block the access to some websites for its purpose to prevent the user from downloading legitimate anti-spyware programs.

Variants[edit]

SpyLocked is known to be associated with such rogue anti-spyware programs as Spydawn, SpySheriff, SpywareQuake, VirusBurst, and VirusLocker. These programs share similar interface with the mentioned anti-spyware applications and have the same deceptive intentions.

Notes and references[edit]