Spysheriff solution? Seriously . . .

Spysheriff solution? Seriously . . .
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Spysheriff solution? Seriously . . . Paul Zak 01-09-2007
Posted by Paul Zak on January 9, 2007, 2:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I do volunteer work for the local small town senior citizen's retirement
home, and they were recently infected with a nasty known as "Spysheriff".
According to my research, this is not a new infection, but one that seems to
now be eluding ALL of the currently available "protection" software
(antivirus, antimalware, antiadware, antitrojan, etc etc). I am reasonably
certain that I must not be the first person to have run into this nasty
little bugger recently (given the sheer number of windows computers/users,
and given my reading the history of this & other related NG's); is it
possible that the bad guys have finally figured out how to dupe the best of
the protection software writers? Surely someone has a sure-fire solution,
no?



Posted by =?Utf-8?B?UGFuZGFfbWFu?= on January 9, 2007, 3:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
"Paul Zak" wrote:

> I do volunteer work for the local small town senior citizen's retirement
> home, and they were recently infected with a nasty known as "Spysheriff".
> According to my research, this is not a new infection, but one that seems to
> now be eluding ALL of the currently available "protection" software
> (antivirus, antimalware, antiadware, antitrojan, etc etc). I am reasonably
> certain that I must not be the first person to have run into this nasty
> little bugger recently (given the sheer number of windows computers/users,
> and given my reading the history of this & other related NG's); is it
> possible that the bad guys have finally figured out how to dupe the best of
> the protection software writers? Surely someone has a sure-fire solution,
> no?
>


Hello . SpySheriff is nasty , really and quite annoying . But it isn't the
most difficult from the Smithfraud crap .

You are welcome to try these Malware Removal Instructions on my site
http://pandaman.my.contact.bg

Another useful tools to use when dealing with malware\

David Lipman's Multi_AV :
http://www.ik-cs.com/multi-av.htm
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

MS Rootkit revealer
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

MS Process Explorer
http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.mspx

MS AutoRuns
http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx


Regards!
--
Panda_man
Silver level Contributor

Posted by Malke on January 9, 2007, 3:44 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Paul Zak wrote:

> I do volunteer work for the local small town senior citizen's retirement
> home, and they were recently infected with a nasty known as "Spysheriff".
> According to my research, this is not a new infection, but one that seems
> to now be eluding ALL of the currently available "protection" software
> (antivirus, antimalware, antiadware, antitrojan, etc etc). I am reasonably
> certain that I must not be the first person to have run into this nasty
> little bugger recently (given the sheer number of windows computers/users,
> and given my reading the history of this & other related NG's); is it
> possible that the bad guys have finally figured out how to dupe the best
> of
> the protection software writers? Surely someone has a sure-fire solution,
> no?

Wow, haven't seen that one for a while. Here are removal instructions:

http://www.bleepingcomputer.com/forums/forum55.html

Just scroll down the page.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by David H. Lipman on January 9, 2007, 4:09 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| I do volunteer work for the local small town senior citizen's retirement
| home, and they were recently infected with a nasty known as "Spysheriff".
| According to my research, this is not a new infection, but one that seems to
| now be eluding ALL of the currently available "protection" software
| (antivirus, antimalware, antiadware, antitrojan, etc etc). I am reasonably
| certain that I must not be the first person to have run into this nasty
| little bugger recently (given the sheer number of windows computers/users,
| and given my reading the history of this & other related NG's); is it
| possible that the bad guys have finally figured out how to dupe the best of
| the protection software writers? Surely someone has a sure-fire solution,
| no?
|



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool --
SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it
will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if
you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have
to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in
your bowser
but your PC will automatically be shutdown. It is suggested that you move the
report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of
the HTML
report for each session.


ALTERNATE:

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php



Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
spysheriff December 27, 2006, 7:57 am
Remaining problems after SpySheriff infection December 30, 2005, 10:41 am
Anti-spy solution October 31, 2006, 6:12 am
Security solution for LCS March 20, 2007, 9:45 am
VIRUS PROBLEM?? HERE IS THE SOLUTION January 8, 2007, 10:44 am
Youtube Geyser 1st Video Traffic Marketing Solution www.youtubegeyser.com November 28, 2008, 11:18 pm

The site map in XML format XML site map

Contact Us | Privacy Policy