SpySheriff

I have been infect with this piece of trash. Have run all programs in antivirus tutorials without success - nothing seems to detect it. Please advise how to remove this garbage. Thanks

 

Chaslang,

Thanks for the reply. I ran all the basic stuff suggested, plus Trojanscan (only able to get it to run once, computer kept crashing). It found a bunch of cookies labeled as malware - deleted all cookies. Couldn't get Bitdefender to run - got a message Active X controls not allowed. Ran Panda, it found three viruses that it said Active scan couldn't remove. I haven't done anything else. Attached is HJT log. I did go into registry and deleted all references to SpySheriff. The program seems to have stopped running, but I'm still left with the desktop hijack



Thanks for your help,
Jeff

 

Additional info - HJT was run in normal mode. After reading other threads with Spysheriff problem, I also found Daily weather, which is apparently a bad actor. It did not show up in Add/Remove, but there was a folder in Program files. I deleted it, but had to do so in safe mode.


Jeff

 

While waiting for reply, I read the Hijack This tutorial and followed instructions given to Mr. Anderson by BJGarrick in another thread. I think I've solved the problem. Everything appears normal. Attached is the final Hijackthis log. Please advise if any other actions are needed.


Jeff

 

Attached is the HJT log done in normal mode after following all directions to eliminate Spysheriff and other trash. Please advise as to whether my system looks clean.

Also if you don't mind, give me some reassurance about deleting msjava and replacing with sun java. I am concerned about ending up with more problems. Can sun java be loaded without deleting msjava to test it? If so how.

Thanks for all your help.

Jeff

 

Ran Panda online scan again. It claims there is one infected file that "ActiveScan" cannot repair. How do I handle this?

Jeff

 

Panda didn't give the location or name of the file, or I didn't see where it did so. If it is supposed to, I'll run it again and look for it. I used their online scanning program. I also tried to run Bitdefender, it now will run (before I was getting a message that Active x controls were not permitted), but IE keeps crashing during the scan. I plan to try again!

Jeff

 

Finally got bitdefender to complete a scan. It foundAdware.Wheaterbut.A in AIM(%. It could not repair or delete. I deleted the entire folder.

 

Actually, I ran Panda again, and figured out how to get a report. This is what came up:

SpywareNo

Technical name: Adware/SpywareNo

Threat level: Low

Alias: Trojan.Win32.FakeAlert.a, spysheriff.com, Renos

Type: Spyware


How do I get rid of it?

Jeff

 

I ran regedit and searched for spywareno. Found references to it, renos, and win32fakealert and delete them. Also found the following references which I think also refer to them but since I'm not sure I would like advice regarding deleting them.



Key Name: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
Class Name: <NO CLASS>
Last Write Time: 6/24/2005 - 9:55 PM
Value 0
Name: 003
Type: REG_SZ
Data: Desktop.html

Value 1
Name: 004
Type: REG_SZ
Data: wp.bmp

Value 2
Name: 005
Type: REG_SZ
Data: wp.exe


Once again, thanks for your help

Jeff

 

Found that I have lost the ability to modify my desktop. There is no active desktop option when right clicking on desktop. When going to Display Properties and clicking on Desktop tab, the image of the monitor shows a white screen and backround options are "frozen" - they just don't work.

 

Does this have something to do with the registry changes I added from the response of bjgarrick to Mr. Anderson? The changes are attached

 

Solved desktop problem by following directions given to Na13sh. Now only need to resolve items in registry - whether they can be deleted - see previous posts. Sorry to asking so many questions. Appreciate all the help

Jeff

 

All seems to be well. I thank you so much for all your help. I do plan to run Panda one more time to see if everything is gone.

Jeff

 

Chaslang,

I ran Panda again. It keeps finding references to Spysheriff in my registry. Nothing else seems to find this. My computer is running fine. Any final suggestions?

Jeff

 

It doesn't say exactly where it is, except in the registry. Nothing else seems to find it. Ran Norton, RAV, spybot, adaware. I'll try the mru cleaner. That may be it, if not I think I'll give up as everything seems to be working ok.

Jeff

 

Yup, turns out it was an MRU - ran MRUClear. No more virus warning from Panda. I'll leave you to bail some other poor soul out.

Jeff