Sonuvabitch.
So I’m browsing away on the dope this morning, when an alert pops in my systray.
“Warning. Your computer has been infected with spyware. Windows will now automatically download and install anti-spyware software blah blah blee blah”
It looks pretty legit. The popup bubble is the same as my other windows alerts, the white ‘x’ in the red circle is the same one hubby gets when something sets off the windows firewall/spyware program on his computer.
Waitaminit. I’m using XPSP1. I don’t have any XP-based FW/Spyware programs. This ain’t so great.
Run adaware. New definitions, update, scan. Lots of things, but that also includes every cookie in my system. Run Spybot S&D. Something comes up called “Spy Sheriff”, but there’s only 3 entries and Spybot says it’s gone now.
Nope, windows alert keeps popping up. Task mgr showing an odd process, some weird name of a bunch of letters that make no sense. Kill that process. Popups gone now, phew. Try to run Trend Housecall.
Browser crash, hurrah. Download newest version of AVG, install, reboot, scan.
29 objects, mostly trojans. Something called “Spy Sheriff”. Shit on a biscuit. Remove all objects. Run AVG again. Spy Sheriff still coming up in the scan, but nothing else is. And only one file is coming up for Spy Sheriff where there were about half a dozen before. So I wiki, there’s a link to bleepingcomputer.com forums. Firstly I check hijack this - no dice, it thinks the program isn’t on my system. So I download their tool, launch the beast in safe mode and follow their instructions. Their removal tool says the program isn’t in my system either.
Shut down, reboot. The systray popups and strange task mgr process haven’t come back again since I ran Spybot and AVG, so I run AVG again to make sure. It’s still showing this one Spy Sheriff file.
So now, finally, to the GQ - has anyone had any experience with this program before? If the popups and strange task mgr processes have stopped, and it’s only coming up with 1 alert in AVG as opposed to the five or six that it had before, is it likely that the program is removed to the point of not being a threat any more? If not, any ideas on how to remove it when the “official” removal tool doesn’t seem to recognise that it’s still in there?
From the information I’ve found in wiki and the bleepingcomputer forums, Spy Sheriff in and of itself is simply scamware - to try and scare me into buying their bogus “antispyware” program. It’s supposed to lock your IE settings (which mine were and are still fine) and redirect your browser - which hasn’t been happening. Is it known to be associated with any trojans or keyloggers? AVG’s showing me clean of trojans and other rubbish now, and I got hubby to change all of my internet banking passwords and keys from work just to be on the safe side.
Have I done enough, or is there still more to be worried about with this thing?
[ETA]: As much as I dislike the interface, I’m going to start using firefox from now on, I think. I don’t know where this thing came from, because none of my browsing/emails have been out of the ordinary recently but I just wanted to head off any “change your browser” catcalls at the pass.