|
Posted by Max Wachtel on January 2, 2006, 2:55 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> I've now had two friends get nailed with this Spy Sheriff rogue
> anti-spyware app. While I've managed to clean up the infections (and
> there are several resources on that out there on the net to help with
> that) for these folks, but what I'm most interested in is:
>
> "Where/how are people getting this?"
>
> Both are XP SP2 users. What's concerning is that this second buddy of
> mine is a person that's generally careful and does all the stuff yer
> supposed to do to use windows semi safely (not use IE or OE, he uses
> Mozilla v1.7.8 to surf and read email, has XP sp2 w/ windows updates
> enabled, knows not to click on things in emails, keep the antivirus
> scanner updated religiously, periodically scan with ad aware se, etc),
> yet he STILL got infected. The only thing he does that I don't
> recommend is that he does have an AOL account and runs their stuff
> periodically to connect to them. Software is AOL 9.0 AOL
> 16.4184.5300.
>
> So does anyone happen to know the vulnerability/sites where folks are
> picking this up?
>
> For those who haven't seen it, it's a tricky friggin program
> apparently. It somehow gets installed, and then pops up telling you
> it's detected all sorts of malware and offers to clean it up, but then
> stonewalls the (typical) user from doing anything else with their
> computer until they register the software and pony up their money.
>
> As in:
> http://elamb.blogharbor.com/hacked/removespysheriff.htm
>
> Helpful in cleanup:
> http://www.bullguard.com/forum/12/Spy-Sheriff-got-me-Please-help_25398
> .html
>
>
> Best Regards,
******************Reply Separator*************************
You did not mention any real-time scanning, anti-spyware programs that
your friend uses.
I have written some pages to help you.
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Specific Fixes: http://home.neo.rr.com/manna4u/fixes.html
Forums for HiJackThis Logs:
http://home.neo.rr.com/manna4u/forums_for_hijackthis_logs.html
max
--
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236
| 
XML site map