Old 02-12-2007, 09:41 PM
Sierra Indigo Sierra Indigo is offline
Join Date: May 2005
Location: Elizabet' Nort'
Posts: 3,809
Spy Sheriff


So I'm browsing away on the dope this morning, when an alert pops in my systray.

"Warning. Your computer has been infected with spyware. Windows will now automatically download and install anti-spyware software blah blah blee blah"

It looks pretty legit. The popup bubble is the same as my other windows alerts, the white 'x' in the red circle is the same one hubby gets when something sets off the windows firewall/spyware program on his computer.

Waitaminit. I'm using XPSP1. I don't have any XP-based FW/Spyware programs. This ain't so great.

Run adaware. New definitions, update, scan. Lots of things, but that also includes every cookie in my system. Run Spybot S&D. Something comes up called "Spy Sheriff", but there's only 3 entries and Spybot says it's gone now.

Nope, windows alert keeps popping up. Task mgr showing an odd process, some weird name of a bunch of letters that make no sense. Kill that process. Popups gone now, phew. Try to run Trend Housecall.

Browser crash, hurrah. Download newest version of AVG, install, reboot, scan.

29 objects, mostly trojans. Something called "Spy Sheriff". Shit on a biscuit. Remove all objects. Run AVG again. Spy Sheriff still coming up in the scan, but nothing else is. And only one file is coming up for Spy Sheriff where there were about half a dozen before. So I wiki, there's a link to bleepingcomputer.com forums. Firstly I check hijack this - no dice, it thinks the program isn't on my system. So I download their tool, launch the beast in safe mode and follow their instructions. Their removal tool says the program isn't in my system either.

Shut down, reboot. The systray popups and strange task mgr process haven't come back again since I ran Spybot and AVG, so I run AVG again to make sure. It's still showing this one Spy Sheriff file.

So now, finally, to the GQ - has anyone had any experience with this program before? If the popups and strange task mgr processes have stopped, and it's only coming up with 1 alert in AVG as opposed to the five or six that it had before, is it likely that the program is removed to the point of not being a threat any more? If not, any ideas on how to remove it when the "official" removal tool doesn't seem to recognise that it's still in there?

From the information I've found in wiki and the bleepingcomputer forums, Spy Sheriff in and of itself is simply scamware - to try and scare me into buying their bogus "antispyware" program. It's supposed to lock your IE settings (which mine were and are still fine) and redirect your browser - which hasn't been happening. Is it known to be associated with any trojans or keyloggers? AVG's showing me clean of trojans and other rubbish now, and I got hubby to change all of my internet banking passwords and keys from work just to be on the safe side.

Have I done enough, or is there still more to be worried about with this thing?

[ETA]: As much as I dislike the interface, I'm going to start using firefox from now on, I think. I don't know where this thing came from, because none of my browsing/emails have been out of the ordinary recently but I just wanted to head off any "change your browser" catcalls at the pass.

Last edited by Sierra Indigo; 02-12-2007 at 09:43 PM.
Old 02-12-2007, 09:46 PM
astro astro is offline
Join Date: Jul 1999
Location: Taint of creation
Posts: 33,150

Last edited by astro; 02-12-2007 at 09:48 PM.
Old 02-12-2007, 09:48 PM
Sierra Indigo Sierra Indigo is offline
Join Date: May 2005
Location: Elizabet' Nort'
Posts: 3,809
Thanks, bin there. I should have been more specific when I said I'd been to the wiki page. That's where I got that it was scamware, they just seem a bit light on the details of whether it is actually associated with anything else I should be worried about, or what to do when the fixes don't work like they should.
Old 02-13-2007, 06:03 AM
RandomLetterAssortment RandomLetterAssortment is offline
Join Date: Jan 2007
Posts: 24
Well, I have run across Spy Sheriff, but every time the SmitFraud tool has removed it completely for me. So what is the exact file that AVG is reporting?
Old 02-13-2007, 08:00 AM
ZipperJJ ZipperJJ is online now
Just Lovely and Delicious
Charter Member
Join Date: Aug 2001
Location: Northeast Ohio
Posts: 24,219
Have you tried running AVG in safe mode? I see you tried using the removal tool in safe mode, but if AVG is the only thing reporting the software, might want to try that.


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 02:14 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Publishers - interested in subscribing to the Straight Dope?
Write to: sdsubscriptions@chicagoreader.com.

Copyright 2018 STM Reader, LLC.

Copyright © 2017