SpySheriff

From Wikipedia, the free encyclopedia

You have new messages (last change).
SpySheriff interface
SpySheriff interface

SpySheriff is a malware that disguises itself as an anti-spyware program, in order to trick the owner of the infected computer to buy the program, by repeatedly informing them of false threats to their system. SpySheriff often goes unnoticed by actual anti-spyware programs, and is difficult to remove from an infected computer.

Contents

[edit] Problems caused by SpySheriff

  • SpySheriff can not be simply deleted, as it reinstalls itself through hidden components on the computer. Trying to remove it with the Add/Remove programs feature has similar results, or may result in a system crash.
  • The program will stop the computer from connecting to the internet or a limited internet connection, and will display a Blue Screen of Death, reading "The system has been stopped to protect you from Spyware."
  • The desktop background can also replaced with a blue screen of death, or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."
  • SpySheriff has been known to create another user account, at the administrator level, to block access to programs and utilities for other users. If logged in as an administrator, it is sometimes possible to delete the SpySheriff account.
  • It also acts to stop any attempt to do a System restore by preventing the calendar and restore points from loading. This prevents the user from being able to revert their computer to an earlier usable state. A System restore is however often possible after booting in Safe mode.
  • It blocks several websites, including the ones that have downloadable anti-spyware softwares, and locks the user's Internet Explorer's options.

[edit] SpySheriff clones

The company that developed SpySheriff has known that people have become more aware of SpySheriff being malware and has created several SpySheriff clones that have different names and styles than SpySheriff, but share the same interface and similar behaviors of SpySheriff. "Pest Trap", "SpywareNo", "SpyTrooper", "Brave Sentry", "SpywareStrike" and "SpyAxe" are the best known of these.

[edit] Removal

SpySheriff is very difficult to remove directly. Attempting to remove it using the "Add/Remove Programs" control panel may sometimes work. However, SpySheriff has a tendency to reinstall itself due to hidden components. The simplest solution is to try genuine spyware removal tools in the hopes that it can be cleaned, but there are also possibilities for manual removal.

Please see http://www.bleepingcomputer.com/forums/topic22402.html for instructions on how to remove the malware.

[edit] See also

Rogue software

Retrieved from "http://en.wikipedia.org../../../s/p/y/SpySheriff_2861.html"
In other languages