1. /
  2. Security Response/
  3. SpywareLocker

SpywareLocker

Updated:
September 20, 2007 1:21:41 PM
Type:
Misleading Application
Name:
SpywareLocker
Version:
2.1
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Behavior:
The program must be manually installed.

When it is executed and a scan is run, it scans the computer and displays exaggerated reports of threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the fake threats.





Installation:
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\SpywareLocker.lnk
  • %UserProfile%\Start Menu\Programs\SpywareLocker\SpywareLocker.lnk
  • %UserProfile%\Start Menu\Programs\SpywareLocker\Uninstall.lnk
  • %ProgramFiles%\SpywareLocker\SpywareLocker.exe
  • %ProgramFiles%\SpywareLocker\SpywareLocker.lic
  • %ProgramFiles%\SpywareLocker\SpywareLocker0.sl
  • %ProgramFiles%\SpywareLocker\SpywareLocker1.sl
  • %ProgramFiles%\SpywareLocker\SpywareLocker0.dll
  • %ProgramFiles%\SpywareLocker\SpywareLocker1.dll
  • %ProgramFiles%\SpywareLocker\SpywareLocker3.dll
  • %ProgramFiles%\SpywareLocker\Uninstall.exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_USERS\[ALL USERS]\Software\Microsoft\Windows\CurrentVersion\Run\"SpywareLocker" = "C:\Program Files\SpywareLocker\SpywareLocker.exe"

The program also creates the following registry subkeys:
  • HKEY_USERS\[ALL USERS]\Software\SpywareLocker
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareLocker


Similar Security Risks
DrAntiSpy


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver