TechSpot

Help W/ SpySheriff & W2.Spybot.Worm

By mslyric
Mar 30, 2007
  1. Both SpySheriff & W2.Spybot.Worm have been found on my computer.

    The spysheriff just recently came up in a scan after I had tried the removal process for the w2.spybot.worm.

    I have disabled sys restore
    update def. & did a full scan, then deleted all infected files
    deleted any values related to those files that were added to the registry.
    and also looked for 0 byte files which I did not find any.

    i restarted and the w2.spybot.worm showed up again in another file. So I ran another scan which is when the SpySheriff was found.
    I deleted the file through AVG. But Believe I am still infected.
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    You should reenable system restore and have it set a new restore point so that, if anything goes wrong during cleaning, you have something to look back on. Don't disable system restore again until your system is clean.

    Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

    If, after reading the above thread, you decide to clean your system, read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of mslyric only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    the FAQs tell you how to remove spysherriff.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Follow the instructions given by kitty500cat exactly, then post the requested logfiles.

    Regards Howard :wave: :wave:

    This thread is for the use of mslyric only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. mslyric

    mslyric TS Rookie Topic Starter

    I have completed all the steps in the link above. I believe that I am free of viruses/spyware/ect.
    Turns out I was really infected. Below is what all was found and removed.

    Dropper.VB.lu
    Trojan.Proxcra.K.A
    Hijacker.Befins.b
    Downloader.Small.itv


    I have the latest log from hijackthis attached to the post.
    I haven't saved any logs from the other programs. Should I do another scan with AVG AS and post that log?
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It appears you`re running more than one antivirus programme. This is not recommended. I recommend you uninstall Symantec/Norton as per the instructions in this post HERE.

    You need to post the following logfiles.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of mslyric only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...