Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spy Sheriff/smitfraud-c/something Else?


  • Please log in to reply
5 replies to this topic

#1 Tangotango

Tangotango

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 27 January 2006 - 02:12 PM

Somehow I recently acquired Spy Sheriff, along with Smitfraud-C and I've been trying to get rid of them. This is what I've done so far... (It'll probably become pretty obvious that I don't really know what I'm doing as you read this :thumbsup: )

I ran Ad-Aware and Spybot. Spybot picked up 12 entries for Spy Sheriff and a few for Smitfraud. I deleted them and restarted the computer, but the little red circle at the bottom of the screen ("you are infected") was still there, but Spy Sheriff did not open when I clicked on it trying to convince me to pay up. I ran Spybot again, found a few entries for Sheriff and Smitfraud, deleted them and then the backups. I restarted again with pretty much the same results, except Spybot didn't pick up on Sheriff. I found this page - http://www.bleepingcomputer.com/forums/How...-tx17258-0.html - and tried the first method (although I didn't run Ewido as I only have Windows ME). I then tried the second method but nothing seems to be getting rid of the problem. I tried deleting the 'winstall.exe' file with Killbox but that just returned when I restarted the computer. Sheriff doesn't have any noticeable effect any more except the red "you are infected" circle and by appearing in the 'Add/remove programmes' in the control panel.

Is there anything I can do? Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:05 PM

Posted 28 January 2006 - 02:11 PM

Hi Tangotango :thumbsup:

I have read your post and I think it would be wise for you to post a HijackThis log for an expert to review. I've noted that you said that you followed "Method 1" of the tutorial, aso you should have HijackThis installed. Please post your "HijackThis" log in a new topic in the forum found here. Please add your system infomation and also what problems you are having. Please wait for a few days and one of our experts will get onto finding why Spy Sherrif won't be removed from your computer. If you can't find how to save the HijackThis log, just say i can walk you through it :flowers: You may also want to post a link to this topic.

David

Edited by D-Trojanator, 28 January 2006 - 02:13 PM.


#3 Tangotango

Tangotango
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 28 January 2006 - 09:20 PM

Ok, I've posted my HijackThis log here. Thanks for your advice.

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:05 PM

Posted 29 January 2006 - 05:25 AM

Well done, i see the smitfraud infection there.

Someone will be with you in a couple of days.

David :thumbsup:

#5 Tangotango

Tangotango
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 29 January 2006 - 08:21 PM

Glad to know I'll be able to do something about it, thanks a lot. :thumbsup:

#6 smeagol

smeagol

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 31 January 2006 - 02:56 PM

Hi guy's, someone on NT Compatible kindly read a hijack this log of mine and said I had Spy sheriff, I can't try to remove it untill I can find someone with a working 2000 pro system to copy registry subkeys from so that I can get my mouse working in safe mode. I use Firefox as a browser, and the only thing I can see spy sheriff doing is trying to change Internet Explorer components, which I'm blocking with Outpost. (at least I think it's that) What else does the thing do apart from the alert message etc, is the computer safe to use online otherwise ? or would any payments online etc be vulnerable ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users