spysheriff HELP!!

riosfernando

riosfernando

Member
Hi,

My girlfriend sytem have a Spysheriff program, according with her, she did install it, and no one use her computer but her. How a program could be installed with out download and the install process??

How can I rid off of that program? I tried in control panel with out any success, I use Spybot-Search and destroy, Spyswepper and Spyblaster and I cant get rid off that pest. Does anyone here knows if any other program could help..

Thank you a lot....
 
Last edited:
WeatherMan

WeatherMan

Active Member
If the program isn't in add n remove programs try going to start/My Computer/C Drive/Program Files/ look for SpySheriff, go into the folder and look for an uninstallation file.
 
C

cell4me

banned
Download smitRem.exe from HERE saving the file to your desktop. Double click it to extract the contents to a folder of it’s own.

Download EWIDO and update it's definitions but do not run it yet!

Restart your computer in safe mode, logon to the user account that is infected, open the smitRem folder and double click the RunThis.bat file to start the tool.

Follow the prompts on screen and allow disk cleanup to complete.

Reboot computer and run a scan with ewido and fix what it finds...reboot computer!
 
C

cell4me

banned
Ewido is a 14 day working free trial and you can still use it after that it just wont offer real time protection...it will work just run the fix I posted and all your worries will go bye bye...:D
 
C

cell4me

banned
The idea of this thread though is this person is already infected with spysheriff and needs a fix! And to my knowledge there is no way to prevent spysheriff or any other variation of smitfraud from infecting a PC. I got it myself just from looking at a web site and I use every program you listed and about 8 others.
 
Last edited:
P

PC eye

banned
cell4me said:
The idea of this thread though is this person is already infected with spysheriff and needs a fix! And to my knowledge there is no way to prevent spysheriff or any other variation of smitfraud from infecting a PC. I got it myself just from looking at a web site and I use every program you listed and about 8 others.
Click to expand...

The main problem with shareware like ewido is that it will list items as malware that are actually far from it. Or you get a shareware to find something but need to order the full version for the fix. If there is a tool specifically written to remove SpySheriff or another malice you would use that over a shareware. The others mentioned here are freewares that update themselves periodically. If you don't have a specific tool you work with several to find one that does work.
 
C

cell4me

banned
PC eye said:
The main problem with shareware like ewido is that it will list items as malware that are actually far from it. Or you get a shareware to find something but need to order the full version for the fix. If there is a tool specifically written to remove SpySheriff or another malice you would use that over a shareware. The others mentioned here are freewares that update themselves periodically. If you don't have a specific tool you work with several to find one that does work.
Click to expand...
I posted the tool for this person to remove the infection and ewido will clean up whats left over...things that other spyware removers will not get.

Ewido will not list items as malware that are actually far from it and ewido is not shareware, ewido is a fully functional trojan remover and works in a different way than spybot or ad-aware, the security sweet is a 14 day trial after that the scanner remains fully functional.

If you think ad-aware or some other program will remove spysheriff feel free to tell the original poster however I must inform you that spysherrif is a variant of smitfraud and I guarantee you that none of the programs you posted will remove it you need smitrem.exe!
 
Last edited:
P

PC eye

banned
"Briefing
› Name: SpySheriff
› Belong to Adware
› Producer: SpySheriff
› Url: www.spysheriff.com Description:
SpySheriff is related to Adware. adware usually installed on computer without user knowledge. It is designed to display ads while internet explorer is running. Pop-up ads won't leave you even if you have been disconnected. Surely adware affects PC performance, you will find it hard to remove adware applications, ads contain pornographic content which is not suitable for you or even for your kids.

SpySheriff features:
Remove SpySheriff. Removal instructions
Tool created by: Noahdfear
Download smitRem.exe to desktop.
Launch smitRem.exe.
Click Start
Confirm box "All files have been extracted" by pressing OK
Reboot into safe mode.
Locate smitRem folder on desktop and run RunThis.bat file to start clean SpySheriff infection.
After smitRem has finished a file named smitfiles.txt should appear in c:/ directory. If SpySheriff was removed succesfully, file content should say that.
Reboot the machine into NORMAL MODE
Now SpySheriff should be gone
Automatic SpySheriff removal tools:
Spy Sweeper

Manual SpySheriff removal directions:
Attention! Before taking the following actions, please make your system and registry backup in case you make an error.
Clean registry entries (how to?):
HKEY_CLASSES_ROOT\clsid\{202b0efd-2cb9-039b-2b11-a3579d6d56a3}
HKEY_CLASSES_ROOT\clsid\{7c43e35c-a398-7c5f-b1ba-7e87073be150}
HKEY_CLASSES_ROOT\clsid\{9cb4ce93-8cc7-9e03-1037-2dd837e3a52e}
HKEY_CURRENT_USER\software\spysheriff
HKEY_CURRENT_USER\software\spysheriff\ie security
HKEY_CURRENT_USER\software\spysheriff\ie security\blockedlocations
HKEY_CURRENT_USER\software\spysheriff\process security
HKEY_CURRENT_USER\software\spysheriff\process security\policies
HKEY_CURRENT_USER\software\spysheriff\process security\policies\allowed
HKEY_CURRENT_USER\software\spysheriff\scan
HKEY_CURRENT_USER\software\spysheriff\system security

Remove files (how to?):
heur001.dll
heur002.dll
heur003.dll
iesecurity.dll
newdial.exe
procmon.dll
secure32.html
secure32.ph_
spysheriff.exe
spysherrif.bmp
uninstall.exe
[Program files dir]\spysheriff\uninstall.exe
[Program files dir]\spysheriff\procmon.dll
[Program files dir]\spysheriff\removed.wav
[Program files dir]\spysheriff\spysheriff.dvm
[Program files dir]\spysheriff\iesecurity.dll
[Program files dir]\spysheriff\notfound.wav
[Program files dir]\spysheriff\spysheriff.exe
winstall.exe
[common programs dir]\spysheriff\spysheriff.lnk
[desktop dir]\spysheriff.lnk
[Program files dir]\spysheriff\base.avd
[Program files dir]\spysheriff\base001.avd
[Program files dir]\spysheriff\base002.avd
[Program files dir]\spysheriff\found.wav
1950.exe
heur000.dll
[Program files dir]\spysheriff\heur000.dll
[Program files dir]\spysheriff\heur002.dll
[Program files dir]\spysheriff\heur003.dll
Remove directories (how to?):
[common programs dir]\spysheriff
[Program files dir]\spysheriff

© Copyright 2005-2006, spyware-removal-guideline.com, All Rights Reserved." http://www.spyware-removal-guideline.com/spysheriff-removal
 
C

cell4me

banned
Thats the fix I posted only spysweeper no longer offers a free trial hence the need to use ewido!

PS: SpySheriff is related to Adware, However it is a variant of smitfraud and normal adware removers like ad-aware will not work.
 
Last edited:
P

PC eye

banned
I wasn't referring to Spysweeper when posting that. Read further to see. "Download smitRem.exe to desktop.
Launch smitRem.exe.
Click Start
Confirm box "All files have been extracted" by pressing OK
Reboot into safe mode.
Locate smitRem folder on desktop and run RunThis.bat file to start clean SpySheriff infection.
After smitRem has finished a file named smitfiles.txt should appear in c:/ directory. If SpySheriff was removed succesfully, file content should say that.
Reboot the machine into NORMAL MODE
Now SpySheriff should be gone" The smitRem.exe is a specialized remover for the SpySheriff variant. The link immediately downloads the remover.
 
You must log in or register to reply here.
Top