Jump to content

Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (14 April 2014 - 05:28 PM) By The Way, This Could Be An Interesting Subject For A Topic, What About Posting This Question? Let's See If Other People Have The Same Feeling Concerning Bootlists!
@  yordan : (13 April 2014 - 09:36 AM) Boot Order : Cd, [Usb,] Hard Drive :D
@  yordan : (11 April 2014 - 07:23 PM) I Simply Let The Bios Do That
@  Ritesh : (11 April 2014 - 10:23 AM) Is It Possible To Launch Fedora Live Cd Or Installation Disk From Hard Drive On Windows Platform Using Grub Mbr File.
@  Ritesh : (11 April 2014 - 10:21 AM) No U Are Not.. Btw.. I Have Question For You.
@  yordan : (10 April 2014 - 08:02 AM) You Are Partially Right.
I Was Not.
Nevertheless, I Am Again :)
@  Ritesh : (09 April 2014 - 07:33 PM) :P
@  Ritesh : (09 April 2014 - 07:33 PM) I Think U R Not..
@  yordan : (09 April 2014 - 09:28 AM) I'm The Master Of The Shoutbox!
@  yordan : (05 April 2014 - 10:32 PM) He-He
@  Ritesh : (04 April 2014 - 06:59 PM) Ha Ha Ha ....
@  yordan : (04 April 2014 - 11:15 AM) Welcome Back, Starscream!
@  yordan : (03 April 2014 - 02:31 PM) And I Hope That He Will Come Back Soon :)
@  yordan : (01 April 2014 - 02:53 PM) Nice, Ritesh Came, I'm Not Home Alone Today.
@  Ritesh : (01 April 2014 - 08:51 AM) Oh!!! Poor Dear Yordan..
@  yordan : (31 March 2014 - 10:02 AM) I'm A Poor Lonesome Cow-Boy
@  yordan : (27 March 2014 - 02:22 PM) He Is Unpatient Due To His Patients!
@  Ritesh : (27 March 2014 - 10:46 AM) :(
@  Ritesh : (27 March 2014 - 10:46 AM) He Is Busy With His Patients.
@  yordan : (26 March 2014 - 08:12 PM) Ahsani, Where Are You?

- - - - -

Spysheriff The Spyware Causing Anti-Spyware...

5 replies to this topic

#1 Shrike


    Newbie [ Level 2 ]

  • Members
  • 19 posts

Posted 10 July 2006 - 10:51 PM

Many of you probably already know of SpySheriff and its corrupt nature, and maybe there was already a post of it here, but either way if I can let a few people know I'll have helped them avoid some troubles that I went through. First of all under no circumstances should you install SpySheriff.

SpySheriff is a corrupt illegally distributed anti-spyware program. It is secretly installed to victim computers by various trojans and through certain web browser exploits. Once executed, SpySheriff registers itself in the system and runs a payload. It changes the desktop background to a fake warning message, forbids access to some web sites and may even block any attempts to connect to the Internet. The parasite can also disable some Windows essential components and tools such as the System Restore and the Date and Time application. In some cases SpySheriff may attempt to delete certain installed anti-spyware programs, crash the system and display bogus system error reports. This malware is able to prevent the user from uninstalling. It can also restore its removed components. SpySheriff automatically runs on every Windows startup.

Article from www.2-spyware.com - click here for the original article!

Several installations ago I made the mistake of Downloading and Installing SpySheriff, it's website (www.spysheriff.com) does a convincing job of portraying it as a legitimate SpyWare Removal Program. However once I installed it my computer quickly became infected with all sorts of Adware and Spyware and through my best efforts I couldn't get rid of them. SpySheriff would go through its process and pretend to remove them while changing OS settings and locking up the internet. I eventually had to reformat my hard drive and re-install WindowsXP...I found out later that it was in fact SpySheriff that had caused the problem in the first place. :unsure:

#2 WeaponX


    Way Out Of Control - You need a life :)

  • Members
  • 1,086 posts
  • Location:New York
  • myCENTs:86.41

Posted 11 July 2006 - 01:33 AM

This infection has been spreading around for some time now and it's ever changing. It's really a part of the Smitfraud infection and came come in various flavors if you can call it that. Removing it used to be a huge pain, until some authors came up with a tool to help remove most of the infection and render it useless (except for a few things to clean up maybe...at most).

For the instructions on how to fix this, read up on Grinler's article at BleepingComputer.

#3 Shrike


    Newbie [ Level 2 ]

  • Members
  • 19 posts

Posted 11 July 2006 - 05:24 AM

Yeah, it woulda been nice if I had known what the problem was while I was infected. Thanks for the link to the fix, I'll keep that in case I get infected again from some obscure .exe I download! :D I'm using Zone Alarm Internet Security Suite which includes an Anti-Virus/Anti-Spyware but it still misses ALOT. :unsure:

#4 Cruzo


    Newbie [ Level 2 ]

  • Members
  • 13 posts

Posted 16 July 2006 - 11:01 AM

Spy Sheriff is a system hijacker that causes popups to appear on your computer telling you that you have spyware installed (which you do!). Clicking on the alert brings you to a website which attempts to sell you a bogus spyware program called "Spy Sheriff".

In order to remove this infection we will need to use HijackThis to manually remove the infection:

1. Print out these instructions as we will need to shutdown every window that is open later in the fix.
2.Download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
3. Download, install, and update Ewido Security Suite
1. Install Ewido security suite
2. Launch Ewido, there should be a big E icon on your desktop, double-click it.
3. The program will prompt you to update click the OK button
4. The program will now go to the main screen
5. On the left hand side of the main screen click on Update
6. Click on Start. The update will start and a progress bar will show the updates being installed.
4. After the updates are installed, exit Ewido
5. Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
6. Once in Safe Mode, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
1. Click Options...
2. Move the arrow down to Custom CleanUp!
3. Put a check next to the following:
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Scan local drives for temporary files
Cleanup! All Users
4. Click the OK button
5. Press the CleanUp! button to start the program.
7. After Cleanup! is finished start Ewido Security Suite
1. Click on scanner
2. Make sure the following boxes are checked before scanning:
3. Click on Start Scan
4. Let the program scan the machine
5. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
8. When the scan is complete, exit the program and reboot back to normal mode.
9. Click on Start, then Control Panel, and double-click on the Add/Remove Programs icon.
10. Uninstall the SpySheriff program and then exit Add/Remove Programs.
11. Delete the following, in bold, if found:

C:\Documents and Settings\user account\Start Menu\Programs\SpySheriff <-whole folder
C:\Documents and Settings\user account\Application Data\Install.dat
C:\Program Files\SpySheriff <-whole folder
C:\Program Files\Daily Weather Forecast\

*NOTE* user account is not the actual name of that folder. The name of that folder will be the name of your computer profile.
12. Download HijackThis and save it to your C:\ folder. Extract the hijackthis.zip file to c:\hijackthis. We will use this program later.
13. Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HijackThis and press the Scan button. Place a check next to the following items, if found, and click FIX CHECKED:
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
14. Close HiJackThis.
15. RIGHT-CLICK HERE and go to Save As (in IE it's Save Target As) in order to download the smitfraud reg to your desktop.
16. Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES.
17. After the merged successfully prompt, using Windows Explorer, navigate to the following folder:
18. If there are any files inside the Prefetch folder, delete ALL of them. (Do NOT delete the folder. Just delete the files inside.)
19. Reboot your computer.
20. You should be able to change your desktop back to normal now.

Your computer should now be free of the SpySheriff infection.

#5 ProtoMan.EXE


    Newbie [ Level 2 ]

  • [HOSTED]
  • 26 posts

Posted 14 August 2006 - 07:13 AM

Whoa , I didn't know about SpySheriff could infect my computer before . Thank you . But be careful , I know some products named " Pest trap " and " Spy Trooper " , they are the same as SpySheriff , I visited thheir hamepage and I was surprised that there is no change from SpySheriff 's page except the name of the products .

#6 Guest_FeedBacker_*

  • Guests

Posted 28 May 2008 - 07:13 PM

Replying to ShrikeDo not click on the spysheriff.Com link it's dangerous avg search-shield blocked site!

Reply to this topic


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users