SPYLOCKS

From Wiki: http://en.wikipedia.org/wiki/SpyLocked

Try this:

You need to remove all these files

spylocked.exe
xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll

you can find more information here
http://www.xp-vista.com/spyware-removal/spylocked-removal-instructions

OR:

Check this: http://www.bleepingcomputer.com/forums/topic85376.html

MSRundll.exe

From Symantec this virus is called W32.Vibmaru
Try to fix it by the following golden rules for virus removing:
1. Disable System Restore, if you are using XP
2. Update virus defintions
3. Run a full scan
4. Delete some registry

4. To delete the value from the registry

1. Delete these entries
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"System" = "system.exe (74295303)"
   
   
2. Restore the following registry entries to their original values, if required:
   
   HKEY_CLASSES_ROOT\scrfile\"(default)" = ""
   HKEY_CLASSES_ROOT\inifile\shell\open\command\"(default)" = "system32.exe %1"
   HKEY_CLASSES_ROOT\txtfile\shell\open\command\"(default)" = "msrundll.exe %1"
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\"ActiveTimeBias" = "420"
   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\"ActiveTimeBias" = "480"
   
   

Virus for China

Just fixed a browser hijack called My123.com for one of my friend in China....

At first, I think it is a simply job by removing some files by booting up a UBCD4Win CD and delete some registry entries. However, the virus comes back and I found it is a rootkit hidden inside drivers which are loaded during boot up.

It drive me to get the interest to study and find solutions for the unique viurs in China. I prepare to put some solutions on this blog and hope others could provides me the viurs sample so that I can do some more research....