Jump to content
Sign in to follow this  
admin

SpySheriff - A Warning - Do not download!

Recommended Posts

admin    0
admin

SpySheriff

 

SpySheriff is malware that disguises itself as an anti-spyware program, in order to trick the owner of the infected computer to buy the program, by repeatedly informing them of false threats to their system. SpySheriff often goes unnoticed by actual anti-spyware programs, and is difficult to remove from an infected computer.

 

"Another version of SpySheriff"

 

The popup advertisement that leads to the infection. SpySheriff can not be simply deleted, as it reinstalls itself through hidden components on the computer. Trying to remove it with the Add/Remove programs feature has similar results, or may result in a system crash. A blue screen of death will occur and possibly make the computer lose all memory, or render it completely useless.

 

The program will stop the computer from connecting to the internet or a limited internet connection, and will display an error message reading "The system has been stopped to protect you from Spyware."

 

The desktop background can also replaced with a blue screen of death, or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."

 

SpySheriff has been known to create another user account, at the administrator level, to block access to programs and utilities for other users. If logged in as an administrator, it is sometimes possible to delete the SpySheriff account.

 

It also acts to stop any attempt to do a System restore by preventing the calendar and restore points from loading. This prevents the user from being able to revert their computer to an earlier usable state. A System restore is however often possible after booting in Safe mode.

 

It blocks several websites, including the ones that have downloadable anti-spyware software, and locks the user's Internet Explorer options.

 

SpySheriff clones

 

The company that developed SpySheriff, knowing that people have become aware of SpySheriff being malware, has created several SpySheriff clones that have different names and styles than SpySheriff, but share the same interface and similar behaviors of SpySheriff. Adware Sheriff, Pest Trap, SpywareNo, Spylocked, SpywareQuake, SpyTrooper, Spydawn, AntiVirGear, Brave Sentry, "SpywareStrike", SpyShredder, Alpha Cleaner and "SpyAxe" are the best known of these.

 

Removal

 

SpySheriff is very difficult to remove directly. Attempting to remove it using the "Add/Remove Programs" control panel may sometimes work. However, SpySheriff has a tendency to reinstall itself due to hidden components. The simplest solution is to try genuine spyware removal tools in the hopes that it can be cleaned, but there are also possibilities for manual removal.

 

Since System Restore is locked by SpySheriff, it is very hard to remove it through it, however, using System Restore in Safe Mode might work, but there is a possible chance that the SpySheriff's components may be inside the System Restore folders.

 

Tools called SmitFraudFix and SmitRem are said to get rid of SpySheriff they work by deleting all of SpySheriff's components and if the desktop wallpaper had been changed, the removal tool replaces it with a plain blue screen. Ad-Aware and Vundo-Fix can remove SpySheriff components by removing trojans associated with the program.

 

HijackThis is sometimes recommended to remove registry entries by SpySheriff. Sometimes the only way to completely remove the virus is by saving all documents on a hard drive and re-installing Windows/reformating if the above removal solutions do not seem to work.

 

Using programs such as avast!, Spyware Doctor and McAfee Security Center can prevent this infection from entering the computer.

 

From Wikipedia, the free encyclopedia

 

----------------------------------------------------------------------------------

 

How to remove SpySheriff

 

SpySheriff is a mock antispyware application that uses fake security alerts to dupe users into purchasing the program.

 

SpySheriff is typically installed through a security hole in MS Windows that automatically downloads a Trojan to your PC. The Trojan then issues bogus security alerts in the Windows taskbar. When you click on a fake security warning, SpySheriff is downloaded and installed to the system.

 

SpySheriff also locks the Windows desktop to a black background with a warning message stating that "your computer is at risk."

 

How to Remove SpySheriff (Removal Instructions)

 

Below are simplified steps to guide you through the removal process.

 

1. Begin by rebooting your computer into Safe Mode (with Networking support). Click: Start -> Shutdown -> Restart; once the computer restarts, press the "F8" key multiple times until a Startup Menu appears. Choose Safe Mode with Networking.

 

2. Once in Safe Mode, uninstall Spy Sheriff by going to Start -> Control Panel -> Add/Remove Programs, select "SpySheriff" and click Remove. Note: do not reboot your computer yet or SpySheriff will reinstall itself.

 

3. Click here to get Adaware SE (free); when installing, make sure to update the signature files of Adaware.

 

4. Run Adaware SE and do a "Full System scan" and an ADS scan. An ADS scan will require you to select a drive (select the C: drive.)

 

5. Click here to get Spybot Search & Destroy; this will clear the remaining bits of Spy Sheriff. Download the updates once you have installed the software on your system. When complete, do a full system scan.

 

6. Boot back into Normal mode and check if Spy Sheriff has been removed. If it has not, I would suggest running both Spybot and Adaware again to make sure you didn't miss any steps.

 

7. Visit the Windows Update web site and acquire any updates for your computer. This will help to ensure your system does not get infected again with Spy Sheriff.

 

That's it!

 

Source: infopackets.com

Share this post


Link to post
Share on other sites
bitesize    10
bitesize

I've also seen one called Windows Antivirus with the current year after it. It tends to hide in a website about screen printing but that changes. Once that gets into your system it can be difficult to remove.

Share this post


Link to post
Share on other sites
lilythepink    10
lilythepink

Thanks for the warning, Andries. I'd get my knickers in a knot if this happened to me but I use "Bit Defender" and before I load any new programme, I phone and check with them that it is okay. It's worth the call.

Share this post


Link to post
Share on other sites
kyle2    10
kyle2

Why the Heck would any company make something as nasty as this, what for? Whats the matter with those people? A COMPANY no less, designing malicious nonsensical software. May the fleas from 10000 camels infest their armpits! :twisted:

Share this post


Link to post
Share on other sites
SEWINGMACHINELADY    10
SEWINGMACHINELADY

great warning! :)

Share this post


Link to post
Share on other sites
SUNMASTER    10
SUNMASTER

This post is actually nearly 3 years old that bitesize replied to.

 

21-03-08 14:09 :hm:

Share this post


Link to post
Share on other sites
lilythepink    10
lilythepink
This post is actually nearly 3 years old that bitesize replied to.

 

21-03-08 14:09 :hm:

 

It's good that one of us checks these things! lol And here we are, all thanking Andries again!

Share this post


Link to post
Share on other sites
bitesize    10
bitesize

lol, as you can see i have way too much time on my hands :razz:

Share this post


Link to post
Share on other sites
rezizter    10
rezizter

old but gold.

 

Still see this sort of infection often.

It now spreads through torrents and warez files

Share this post


Link to post
Share on other sites
Free Soul Styles    10
Free Soul Styles

There's a virus going around that HOLDS YOUR PC HOSTAGE!!

 

Once you've clicked on the page (even a valid, legit website like Facebook or Youtube), you receive a popup demanding that you pay X amount in order to "save" your info. You cannot do ANYTHING on your pc once that happens. I don't know the name of the virus, but it got my hubby last night while he was downloading an update. He had to format his pc to fix it. He was on a valid site and out of nowhere he gets a popup saying he HAD to pay 3.99US$ in order for the file to be cancelled. Same virus attacked his pc's at work. It's a nasty bugger and there is no antivirus to sort it out (yet). We tried Microsoft Security Essentials, Nortons etc... Eventually we had to just format.

 

I wouldn't take a chance paying them....

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×