How To Remove Spysherriff

[stellar]

Thanks to this thread and forum for helping me with this issue. I managed to remove the spysheriff virus without having to call my brother or ex-boyfriend!

I followed the instructions here and on spyany.com and compiled them. These were my steps

1. Reboot the computer to Safe Mode (Press F8 when Windows start)
2. Delete the following files ( Before doing this make sure you can see hidden files and folders):

C:\Windows\Desktop.html
C:\Winstall.exe

3. Delete the folder 'C:\Program Files\SpySherrif\' and all the contents within it.
4. Click Start > Run, type 'regedit' to open the Registry Editor.
5. Navigate to and delete the following registry subkey (if exist):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-here I deleted 1 value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\A ctiveDesktop
-here I deleted 6 values
Exit Registry Editor.

6. Search for and delete the following files
Ibm00001.exe – I didn’t have this one
Ibm00002.dll
Secure32.html
All files containing sheriff

7. Delete the following, if found:

C:\Documents and Settings\user account\Start Menu\Programs\SpySheriff <-whole folder
C:\Documents and Settings\user account\Application Data\Install.dat
C:\Program Files\SpySheriff <-whole folder
C:\Windows\Desktop.html
C:\winstall.exe
C:\Program Files\Daily Weather Forecast\

*NOTE* user account is not the actual name of that folder. The name of that folder will be the name of your computer profile.

7. Go to Start > Run, type %temp% to open the %temp% folder. Delete all the files with the %temp% folder.

8. Reboot the computer.

After all this, the virus seemed to be gone, but I could not run my xp firewall. I got an error that said “Windows cannot display windows firewall settings” when I tried to open the firewall in my control panel.

My fix for that was easy once I found this link http://windowsxp.mvps.org/sharedaccess.htm

BUT you must use IE. Mozilla won’t display the download properly.

And now everything works great!

Thanks again!

 

[m0nty]

this spysherriff caused me loads of grief this last couple days.. i knew it was spyware instantly when it told me in the alert box that spysheriff had detected a trojan.. well i knew for a fact that i had never installed spysheriff.. i know what anti-spyware soft i had installed.. but hell it takes some getting rid of..

i might add that it also allowed other spyware thru that my av, and firewall didn't detect because for some reason it had disabled the firewall and av..

i spent 14hrs in dos mode killing everything and removing locked files.. and scanning and rescanning with different av software..

i've had to install a different firewall, as it has rendered windows sp2 firewall useless.. it keeps saying unable to start firewall due to unknown problem.. winsockfix failed to solve it.. so i'm using kerio now..

now i have to repair my network somehow, as the attack somehow screwed that up and non of my home computers can connect except for limited accessibility. damn i hate malware.. (if the software i use mainly was available on linux, i wouldn't touch microsoft ever again)

 

[CrossFire851]

Simple and easy (I haven't read this one only the tittle sry but i need my nappy)

System Restore the computer to time it did not have SPyWare Sherif

 

[m0nty]

i don't use system restore, i think reaslly it's a waste of space because malware and viruses also copy themselves to the restore folders.. so even restoring to previous time will not get rid of them because they'll just re infect from their stealthy installers that were copied to the restore section..

which is why when running virus checks and stuff you should disable system restore because windows actually prevents the av software from modifying the protected restore files hence any viruses in the restore section can't be cleaned or killed..

 

[howard_hopkinso]

which is why when running virus checks and stuff you should disable system restore because windows actually prevents the av software from modifying the protected restore files hence any viruses in the restore section can't be cleaned or killed..

Absolutely spot on m0nty.

Regards Howard

 

[cook]

Firewall

To the wizards of the Computerworld.
Once again congratulations on the fine instruction in removing all the comercial malarcie from the poor pc amoeba's like myself.
How ever I got another question relating the Spysherrif problem.
I got All the stuff of and the pc has been running fine up to now.
How ever when everything was removed I am still not been able to turn on the windows firewall. I cheked the win site and the help in the pc but no real help here.
I also followed the instructions provided by windows to go true the config screen but also no go.
Does anny of you have anny advice? Or is it just bvest to leave it off and work with a free Firewall? (curently using zone allarm)
Thanks in advance for the enlightenment.

 

[m0nty]

stellar posted:

After all this, the virus seemed to be gone, but I could not run my xp firewall. I got an error that said “Windows cannot display windows firewall settings” when I tried to open the firewall in my control panel.

My fix for that was easy once I found this link http://windowsxp.mvps.org/sharedaccess.htm

BUT you must use IE. Mozilla won’t display the download properly.

the above fixes the windows firewall.

ideally you should actually fix it, as a broken file may give problems later on elsewhere..

but disable windows built in firewall if you are using any other firewall product, there's no reason to use 2, and they could conflict with each other at some point.