Thanks to this thread and forum for helping me with this issue. I managed to remove the spysheriff virus without having to call my brother or ex-boyfriend!
I followed the instructions here and on spyany.com and compiled them. These were my steps
1. Reboot the computer to Safe Mode (Press F8 when Windows start)
2. Delete the following files ( Before doing this make sure you can see hidden files and folders):
C:\Windows\Desktop.html
C:\Winstall.exe
3. Delete the folder 'C:\Program Files\SpySherrif\' and all the contents within it.
4. Click Start > Run, type 'regedit' to open the Registry Editor.
5. Navigate to and delete the following registry subkey (if exist):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-here I deleted 1 value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\A ctiveDesktop
-here I deleted 6 values
Exit Registry Editor.
6. Search for and delete the following files
Ibm00001.exe – I didn’t have this one
Ibm00002.dll
Secure32.html
All files containing sheriff
7. Delete the following, if found:
C:\Documents and Settings\user account\Start Menu\Programs\SpySheriff <-whole folder
C:\Documents and Settings\user account\Application Data\Install.dat
C:\Program Files\SpySheriff <-whole folder
C:\Windows\Desktop.html
C:\winstall.exe
C:\Program Files\Daily Weather Forecast\
*NOTE* user account is not the actual name of that folder. The name of that folder will be the name of your computer profile.
7. Go to Start > Run, type %temp% to open the %temp% folder. Delete all the files with the %temp% folder.
8. Reboot the computer.
After all this, the virus seemed to be gone, but I could not run my xp firewall. I got an error that said “Windows cannot display windows firewall settings” when I tried to open the firewall in my control panel.
My fix for that was easy once I found this link http://windowsxp.mvps.org/sharedaccess.htm
BUT you must use IE. Mozilla won’t display the download properly.
And now everything works great!
Thanks again!
I followed the instructions here and on spyany.com and compiled them. These were my steps
1. Reboot the computer to Safe Mode (Press F8 when Windows start)
2. Delete the following files ( Before doing this make sure you can see hidden files and folders):
C:\Windows\Desktop.html
C:\Winstall.exe
3. Delete the folder 'C:\Program Files\SpySherrif\' and all the contents within it.
4. Click Start > Run, type 'regedit' to open the Registry Editor.
5. Navigate to and delete the following registry subkey (if exist):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-here I deleted 1 value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\A ctiveDesktop
-here I deleted 6 values
Exit Registry Editor.
6. Search for and delete the following files
Ibm00001.exe – I didn’t have this one
Ibm00002.dll
Secure32.html
All files containing sheriff
7. Delete the following, if found:
C:\Documents and Settings\user account\Start Menu\Programs\SpySheriff <-whole folder
C:\Documents and Settings\user account\Application Data\Install.dat
C:\Program Files\SpySheriff <-whole folder
C:\Windows\Desktop.html
C:\winstall.exe
C:\Program Files\Daily Weather Forecast\
*NOTE* user account is not the actual name of that folder. The name of that folder will be the name of your computer profile.
7. Go to Start > Run, type %temp% to open the %temp% folder. Delete all the files with the %temp% folder.
8. Reboot the computer.
After all this, the virus seemed to be gone, but I could not run my xp firewall. I got an error that said “Windows cannot display windows firewall settings” when I tried to open the firewall in my control panel.
My fix for that was easy once I found this link http://windowsxp.mvps.org/sharedaccess.htm
BUT you must use IE. Mozilla won’t display the download properly.
And now everything works great!
Thanks again!