Know Your Malware: SpySheriff Removal

SpySheriff is a corrupt illegally distributed anti-spyware program. It is secretly installed to victim computers by various trojans and through certain web browser exploits. Once executed, SpySheriff registers itself in the system and runs a payload. It changes the desktop background to a fake warning message, forbids access to some web sites and may even block any attempts to connect to the Internet. The parasite can also disable some Windows essential components and tools such as the System Restore and the Date and Time application. In some cases SpySheriff may attempt to delete certain installed anti-spyware programs, crash the system and display bogus system error reports. This malware is able to prevent the user from uninstalling. It can also restore its removed components. SpySheriff automatically runs on every Windows startup.

Related files: spysheriff.exe, winstall.exe, heur000.dll, heur001.dll, heur002.dll, heur003.dll, iesecurity.dll, procmon.dll, uninstall.exe, desktop.html, wallpaper.html

SpySheriff properties:
Shows commercial adverts
Stays resident in background Remove SpySheriff, removal instructions

Linked by shanmuga Monday, 19th December 2005 7:53AM