My computer keeps popping up bubbles saying I have spyware etc. I ran Adaware and Spybot, It keeps popping up spyware warnings. I just installed Spyware Sherriff and it says I have 228 files infected and is still counting. What should I do?

That happened to me last year, it was a DOS program that installed itself in my Start Up.
My solution? I was ready for a new computer anyway, so I bought it.
Trend Micro is what I added to my new computer.

I don't know. I trust Adaware and never heard of Spyware Sherriff. Seems odd that a lesser known program would spot that many files that Adaware didn't.

My homepage has been changed and it won't let me install any other spyware blockers. WTF?

sounds like spyware sherrif is really some spyware/adware

yep...do some googling

http://en.wikipedia.org/wiki/Spysheriff

Spyware Sherriff wouldn't finish the scan, It said windows ran into a problem so I uninstalled it. I'm running Spybot again and have already found 19 new problems.

ugh, i don't trust anything with a @list.ru email address

this website looks pretty good:

http://elamb.blogharbor.com/hacked/removespysheriff.htm

i actually use the MS Defender thing now...

simply doing the XP uninstall software thing is probably not going to get rid of spy sherrif completely. use some of the websites that give detailed instructions on how to get rid of it.

Every time I click on a site to remove Spywaresheriff it immediately sends me to spywaresheriff's site.

did you try the link yermom posted? i didn't get redirected.

of course, maybe spysherrif did something to you computer so that if you try to go to a removal site you get redirected. that would suck.

if that's the case, as someone to copy and paste the removal directions here.

I feel infected just from reading this thread.

BY FAR the best $30 YOU WILL EVER SPEND.

It stops that crap dead in its tracks. I highly recommend it.

http://www.webroot.com/land/freescan-3000.php?rc=266&rsc=417&ac=417


YWIA

The one on wikipedia looked like a good step.

Reboot in safe mode and restore the computer to a point before you installed the program.

Get webroot spy sweeper and never worry about it again.

I tried. I can't get to safe mode. This sucks.

I feel for you! This happened to me (not with SpywareSheriff) a couple years ago. Try this link http://www.2-spyware.com/goout.php?id=5 it's from one of the links on the Wikipedia page.

I should mention it brings up a file download to remove SpywareSheriff and not a webpage.

I tried. I can't get to safe mode. This sucks.

what is keeping you from doing that?

what is keeping you from doing that?
I clicked F8 like it said and nothing happens.

It won't let me clear history, delete cookies or files.

I clicked F8 like it said and nothing happens.

weird.

TrendMicro. I haven't had a problem at all since I switched to their stuff. Microsoft Anti-Spyware hasn't even twitched since then.

I can't d/l the Beta 2 of MS anti-spyware because it can't validate my Windows XP. I think I'm'a actually have to pay for XP at some point. Probably as soon as I get a job.

It won't let me get any new downloads. I tried trendmicro and several others but I can't download anything.

What you're going to need now is for someone else to get the file you need to clear Spyware Sheriff off your system and burn it onto a disk for you. That may be the only way. And if that doesn't work, you may be - how to put this nicely - fux0r3d.

This just sucks.

...system recovery seriously didn't work? Something like this happened to me, where the CD drive stopped working, and random links would pop up on every web page I visited. I had to delete everything off my computer and save a few files on my ipod... it sucked. Good luck, man.

Anyone know of any good computer repair places in NW OKC?

http://forums.techguy.org/54-security/

see if any of these geeks can help you, before you shell out any cashola :D

Have you tried cleaning/sweeping your registry?

Have you tried cleaning/sweeping your registry?
It won't let me.

It won't let me.

Well, I personally think you may be screwed.

Have you tried hitting ctrl+alt+del to totally close any programs running in the background which probably includes the spyware which MAY be preventing you from doing all this? I've had spyware problems in the past that run silently in the background that you can only close out by finding them in the task manager and ending the process.

Once you do that it may allow you to do whatever you need to do in order to get rid of it.

Well, I personally think you may be screwed.

Have you tried hitting ctrl+alt+del to totally close any programs running in the background which probably includes the spyware which MAY be preventing you from doing all this? I've had spyware problems in the past that run silently in the background that you can only close out by finding them in the task manager and ending the process.

Once you do that it may allow you to do whatever you need to do in order to get rid of it.
I tried that. It shows about half of the 29 processes running but won't let me scroll down to see the rest. I was just able to download AVG virus scan. It immediately found a trojanhorse virus Norton didn't detect. It healed it, retarted my computer and has been scanning for about 20 minutes. I can now delete history. I haven't tried to delete files or cookies yet. I'll try after the scan finishes.

I ran Spybot again and found 8 registry keys with spyware. I fixed them, ran Spybot again and the same 8 came up again.

I tried that. It shows about half of the 29 processes running but won't let me scroll down to see the rest. I was just able to download AVG virus scan. It immediately found a trojanhorse virus Norton didn't detect. It healed it, retarted my computer and has been scanning for about 20 minutes. I can now delete history. I haven't tried to delete files or cookies yet. I'll try after the scan finishes.

Well, if that doesn't work you could administer it a good sound beating.

Well, if that doesn't work you could administer it a good sound beating.
I'm about ready to. :mad:

So what's the up date? Is it this spysheriff Sh*t of your compy yet?

Sometimes you may have to reboot your computer a few times to finally get to where F8 works and lets you boot in safe mode.

So what's the up date? Is it this spysheriff Sh*t of your compy yet?
I don't think so. I change my home page to msn and the next time I try it it goes back to about:blank and says its windows security center. It says I have a spyware problem and has a link to click. The link is to spysheriff.

I don't think so. I change my home page to msn and the next time I try it it goes back to about:blank and says its windows security center. It says I have a spyware problem and has a link to click. The link is to spysheriff.
I hate internet pricks that make crap like that. Hmmm... Well, it seems to me that system restore would be the best bet, but who knows.

AVG just found another virus. Its Trojan horse Downloader.Generic.VQY

Sometimes you may have to reboot your computer a few times to finally get to where F8 works and lets you boot in safe mode.
I tried it like 10 times. Isn't there supposed to be a box saying safe mode or something?

AVG has now found 5 infected objects. All trojan horse downloaders.

AVG has now found 5 infected objects. All trojan horse downloaders.

I'm out of ideas. Sorry, seriously I'd just shut the bugger down and take it straight to a tech dude tomorry.

I'm out of ideas. Sorry, seriously I'd just shut the bugger down and take it straight to a tech dude tomorry.
I think I'll buy an abacus and a typewriter..............a manual one.

Its been scanning for over an hour now. This is so boring.

I feel for you. Hope all goes well with it.

Step 1: Disconnect your computer from the internet (ie pull the ethernet cord or disconnect the modem)
Step 2: Copy all of your data files over to a DVD or something. Don't forget your email, bookmarks, and anything else that you care about
Step 3: Reinstall Windows. Make sure you FORMAT THE HARD DRIVE when it gives you the option.
Step 4: Install AVG
Step 5: Install a firewall
Step 6: Install Firefox
Step 7: Set IE's security level to high
Step 8: Hook your computer back up to the internet
Step 9: Go to WIndows Update and install all the updates to your computer
Step 10: Never use IE again

OK, here is from that link on wikipedia:

Remove SpySheriff. Description and removal instructions:


SpySheriff

Type: Malware (http://www.2-spyware.com/malware-removal)
Severity scale:http://www.2-spyware.com/pics/image60.png (http://www.2-spyware.com/malware-removal) (60 / 100)
SpySheriff is a corrupt illegally distributed anti-spyware program (http://www.2-spyware.com/review-spy-sheriff.html). It is secretly installed to victim computers by various trojans and through certain web browser exploits. Once executed, SpySheriff registers itself in the system and runs a payload. It changes the desktop background to a fake warning message, forbids access to some web sites and may even block any attempts to connect to the Internet. The parasite can also disable some Windows essential components and tools such as the System Restore and the Date and Time application. In some cases SpySheriff may attempt to delete certain installed anti-spyware programs, crash the system and display bogus system error reports. This malware is able to prevent the user from uninstalling. It can also restore its removed components. SpySheriff automatically runs on every Windows startup.

Pest Trap (SpySheriff's clone) manual removal instructions (http://www.2-spyware.com/remove-pest-trap.html)

Ask additional question regarding SpySheriff in spyware removal Forum (http://www.2-spyware.com/forum/posting.php?mode=newtopic&f=3&subject=SpySheriff%20removal)

Related files: spysheriff.exe (http://www.2-spyware.com/file-spysheriff-exe.html), winstall.exe (http://www.2-spyware.com/file-winstall-exe.html), heur000.dll (http://www.2-spyware.com/file-heur000-dll.html), heur001.dll (http://www.2-spyware.com/file-heur001-dll.html), heur002.dll (http://www.2-spyware.com/file-heur002-dll.html), heur003.dll (http://www.2-spyware.com/file-heur003-dll.html), iesecurity.dll (http://www.2-spyware.com/file-iesecurity-dll.html), procmon.dll (http://www.2-spyware.com/file-procmon-dll.html), uninstall.exe (http://www.2-spyware.com/file-uninstall-exe.html), desktop.html (http://www.2-spyware.com/file-desktop-html.html), wallpaper.html (http://www.2-spyware.com/file-wallpaper-html.html)

SpySheriff properties:
• Shows commercial adverts
• Stays resident in background

SpySheriff snapshot:
http://www.2-spyware.com/images/data_images/spysheriff.jpg (http://www.2-spyware.com/goout.php?id=5)

Automatic SpySheriff removal:
http://www.2-spyware.com/pics/download.gif download removal software (http://www.2-spyware.com/goout.php?id=5)

SpySheriff manual removal:
Kill processes:
spysheriff.exe, winstall.exe
Help: how to kill malicious processes (http://www.2-spyware.com/articles/security/57.html)

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\SNInstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\SpySheriff
HKEY_CLASSES_ROOT\CLSID\{202B0EFD-2CB9-039B-2B11-A3579D6D56A3}
HKEY_CLASSES_ROOT\CLSID\{7C43E35C-A398-7C5F-B1BA-7E87073BE150}
HKEY_CLASSES_ROOT\CLSID\{9CB4CE93-8CC7-9E03-1037-2DD837E3A52E}
HKEY_CURRENT_USER\Software\SpySheriff
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\SpySheriff
Help: how to remove registry entries (http://www.2-spyware.com/articles/security/46.html)

Delete files:
spysheriff.exe, winstall.exe, heur000.dll, heur001.dll, heur002.dll, heur003.dll, iesecurity.dll, procmon.dll, uninstall.exe, desktop.html, wallpaper.html
Help: how to remove harmful files (http://www.2-spyware.com/articles/security/47.html)

Delete directories:
C:\Program Files\SpySheriff
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpySheriff

Delete all the files inside C:\Windows\Prefetch or C:\Winnt\Prefetch.

Misc:
Exact file location:
winstall.exe - C:
wallpaper.html - C:\Windows\Web or C:\Winnt\Web
desktop.html - C:\Windows, C:\Windows\Web or C:\Winnt\Web
spysheriff.exe, heur000.dll, heur001.dll, heur002.dll, heur003.dll, iesecurity.dll, procmon.dll, uninstall.exe - C:\Program Files\SpySheriff

Other programs to remove SpySheriff:
• Spy Sweeper - Review (http://www.2-spyware.com/review-spy-sweeper.html) - Tutorial (http://www.2-spyware.com/articles/tutorials/75.html) - Download (http://www.2-spyware.com/goout.php?id=6)

Or just use webroot's Spy Sweeper, and it'll kill that crap dead in its tracks.

If Norms solution doesn't work, you're pretty much screwed b/c that's about as fundamental as it comes. That spysheriff may block the ability to format the hard drive. If that's the case, cut your losses and start with a new one. Good news is pc's are cheap...

If Norms solution doesn't work, you're pretty much screwed b/c that's about as fundamental as it comes. That spysheriff may block the ability to format the hard drive. If that's the case, cut your losses and start with a new one. Good news is pc's are cheap...
My old one got hijacked by something similar , couldnt do shat with it but I could pay em 59.99 and they would FIX it for me .
I took the beyonce out side and shot it several times . then bought a new one
Norm that tells us how to get rid of it , is there something in there to help us from getting it ?

Reading this thread has prompted me to finally give Firefox a try... Running the install program now.

My old one got hijacked by something similar , couldnt do shat with it but I could pay em 59.99 and they would FIX it for me .
I took the beyonce out side and shot it several times . then bought a new one
Norm that tells us how to get rid of it , is there something in there to help us from getting it ?


Webroot's Spy Sweeper!!!!!

It prevents and gets rid of spyware!

It's the best $30 I ever spent!

Webroot's Spy Sweeper!!!!!

It prevents and gets rid of spyware!

It's the best $30 I ever spent!
How does it work ? is it something I have run every now and then or does it just do its job . Does it eleinate the need for adaware , spybot search and destroy ?
thanks

How does it work ? is it something I have run every now and then or does it just do its job . Does it eleinate the need for adaware , spybot search and destroy ?
thanks

Here's a free download. It's either time limited or only finds (doesn't remove) the spyware.

http://www.snapfiles.com/get/spysweeper.html

You won't need ad-aware or spybot any longer. When you boot, it loads
and blocks spyware that tries to get in. It stops browser hijacks. It's
the all in one for spyware. I run it and Norton Antivirus and have no problems.

You won't be dissapointed!

Here's a free download. It's either time limited or only finds (doesn't remove) the spyware.

http://www.snapfiles.com/get/spysweeper.html

You won't need ad-aware or spybot any longer. When you boot, it loads
and blocks spyware that tries to get in. It stops browser hijacks. It's
the all in one for spyware. I run it and Norton Antivirus and have no problems.

You won't be dissapointed!
cool thanks Ill install it now . I have norton , didnt think it was enough

Norton sucks in every way possible. Autoprotect right now on this machine is taking up 78 megs of memory. WTF?

And if you use Firefox, you are waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay less likely to pick up spyware. Seriously.

I'm using it now, and it's okay so far. I feel special and unique now... kinda like a MAC user, though not so Jim Jones like.

heh, there are some Mac psychos out there

they are nice though, and they almost never have these problems

if only they weren't so expensive...

Norton sucks in every way possible. Autoprotect right now on this machine is taking up 78 megs of memory. WTF?

Got an old version? It's only using 18 megs on mine right now.

heh, there are some Mac psychos out there

they are nice though, and they almost never have these problems

if only they weren't so expensive...


You can always load Solaris X86 or Redhat and avoid the problems. :D

i've been having problems with Solaris x86

i use Redhat or Fedora all the time but they still aren't as clean as a desktop as OS X is

i'm actually using RHEL 4.2 right now ;) (and Firefox)

Man Yall lost me , Im and old dog trying to learn new tricks and most of it aint settin in .
If i use firefox and dump ie will I still have my home page ? favorites ? whats it gonna change ? hell Im lost :confused:
Another ? I just defragged and looked at the report it says I am using 5.06 gbs of space and have 1.44 free , How is this possible? I know this a cheapo version My son got this pc for me for Xmas , a wallyworld special . But why is so much space already taken ?
Thanks

Man Yall lost me , Im and old dog trying to learn new tricks and most of it aint settin in .
If i use firefox and dump ie will I still have my home page ? favorites ? whats it gonna change ? hell Im lost :confused:
Another ? I just defragged and looked at the report it says I am using 5.06 gbs of space and have 1.44 free , How is this possible? I know this a cheapo version My son got this pc for me for Xmas , a wallyworld special . But why is so much space already taken ?
Thanks

Well, there's absolutely no way to get rid of IE - you can just choose not to use it as your primary browser. And when you install Firefox it will generally ask you if you want it to import all your bookmarks (sorry, favorites) and settings from IE.

And if you're going to go paying for anti-spyware stuff, go all out and get the whole TrendMicro suite - about $70 gets you antivirus, firewall, etc. etc. I run trendmicro and the Microsoft Anti-Spyware (free, btw) and I haven't had a problem on my computer in a very long time.

Man Yall lost me , Im and old dog trying to learn new tricks and most of it aint settin in .
If i use firefox and dump ie will I still have my home page ? favorites ? whats it gonna change ? hell Im lost :confused:
Another ? I just defragged and looked at the report it says I am using 5.06 gbs of space and have 1.44 free , How is this possible? I know this a cheapo version My son got this pc for me for Xmas , a wallyworld special . But why is so much space already taken ?
Thanks

XP will use a TON of space just with the restore stuff

i can fill up 20GB pretty fast with just mail and programs

Well, there's absolutely no way to get rid of IE
Not exactly accurate, but close enough, since getting rid of it could cause all sorts of problems for you. Best thing to do is just not use it.

heh, there are some Mac psychos out there

they are nice though, and they almost never have these problems

if only they weren't so expensive...

Oh, come on yermom!!!

iMacs start at only $1300, and you can have OS X *and* Winders on it if you want!

It's liek two computers in one!!! That's pretty economical if you ask me!

I installed AVG, Ad-aware SE Personal and Abexo Registry Cleaner and got rid of lots of bad stuff. The little pop up bubbles are gone. I still have a few running processes that I know are bad but are way hard to get rid of including: wtoolsa.exe, wsup.exe and I have 6 of the svchost.exe. I think I'm supposed to have 3. The other 3 are bad stuff disguised as good stuff. I can't tell which are which though. I have 6 other processes that could be good stuff or could be bad stuff disguised as good stuff. The computer seems to be working ok so I guess I'll just keep running ad-aware and the other stuff and when I get a new computer I'll shell out some $ for top rate protection. That sound ok?

Not exactly accurate, but close enough, since getting rid of it could cause all sorts of problems for you. Best thing to do is just not use it.


IE is basically the "Happy Fun Ball"

Oh, come on yermom!!!

iMacs start at only $1300, and you can have OS X *and* Winders on it if you want!

It's liek two computers in one!!! That's pretty economical if you ask me!

do you know how badass of a PC you can get for $1300?

it is better than it was though, the quality of the iMac has gone up a LOT in the last few revisions

I installed AVG, Ad-aware SE Personal and Abexo Registry Cleaner and got rid of lots of bad stuff. The little pop up bubbles are gone. I still have a few running processes that I know are bad but are way hard to get rid of including: wtoolsa.exe, wsup.exe and I have 6 of the svchost.exe. I think I'm supposed to have 3. The other 3 are bad stuff disguised as good stuff. I can't tell which are which though. I have 6 other processes that could be good stuff or could be bad stuff disguised as good stuff. The computer seems to be working ok so I guess I'll just keep running ad-aware and the other stuff and when I get a new computer I'll shell out some $ for top rate protection. That sound ok?

i'm anal, so i'd be getting rid of everything i can see. if it's too bad reinstalling Windows is sometimes a pretty healthy experience (after backng up your data somewhere of course)

the #1 thing, like Norm said is use Firefox... only use IE for trusted stuff. there are a pretty small number of sites that won't work under Firefox, i run into one every couple of months or so

i'm anal, so i'd be getting rid of everything i can see. if it's too bad reinstalling Windows is sometimes a pretty healthy experience (after backng up your data somewhere of course)

the #1 thing, like Norm said is use Firefox... only use IE for trusted stuff. there are a pretty small number of sites that won't work under Firefox, i run in to one every couple of months or so
I may be mistaken, but I"m almost positive you can now open IE windows in firefox with a firefox plugin. Lemme check. Yep here it is https://addons.mozilla.org/firefox/1419/.

do you know how badass of a PC you can BUILD YOURSELF for $1300?

Fixed! :D


it is better than it was though, the quality of the iMac has gone up a LOT in the last few revisions

This is true, although I think the biggest improvements have been made in the Tiger revision of the OS.