Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Spy Sheriff Residuals

  • Please log in to reply
1 reply to this topic

#1 Jim D

Jim D

  • Members
  • 2 posts
  • Local time:02:46 AM

Posted 23 March 2006 - 11:10 PM

Howdy....I am trying to clear up whats left of spy sheriff. I came here from Annoyances.org. "Carol" helped me clear must of it including two downloaders, delf.aeu and msits.exe delf.aeu She suggested I come here for more help, especially looking at my hijack log to see if something else remained.

I first ran Panda and it said I had a trojen downloaded.hof. I tried Symantec corp ver 10...no success, Adaware, Spybot, spy blaster and V cleaner. No luck. During this time someone from some university was loading code into my computer via notepad. I saw it but didnt know how to stop it. I ran cmd.exe netstat and found two connected addresses that were foreign. Carol recommended your cure for removing spy sheriff with ewido, clean up, kill box and smitfraud,reg and I followed the instructions. It appears to have worked but that code that was entered is still there.

It looks like in every folder I open there is a shadowed icon that looks like a service icon...a gear. It is titled desk top.ini. It warns me not to delete the icon in the folders as it is part of the operating system. I delete it anyway and nothing happens. However, it always comes back. I did a search on my hard drive for desk top .ini and it returned 36 entries, all except 5 on notepad.

The color of the tool bar at the bottom of all of my folders has turned gray, including my desk top and and the start menue. My Yahoo pages are scrunched up at the top border. I dont know what else this thing is doing so far but there a number of these icons in my inet temp folders as well. I dont know if I'm sending or recieving or both..I would love to get my OS back to original status. The code indicates these ini files are in system 32...but I cant find them and if I did I would probably make it worse.

So, what I would like to know is if theres anyone willing to look at my hijack log, advise me and ito find out if I have to have permission to print it here...dont want to violate any protocol.

Next I want to get rid of those desk top.ini things in my folders and last I want to be able to go back to my original config...color ect...

I think that pretty much satisfies the rules for posting a problem.

Anyone? Carol?? a little guidence please...thanks :thumbsup: oops..I'm running XP Pro

Edited by Jim D, 23 March 2006 - 11:12 PM.

BC AdBot (Login to Remove)


#2 Herk


  • Members
  • 1,609 posts
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:03:46 AM

Posted 24 March 2006 - 12:29 AM

Hijack logs need to be posted in the HijackThis folder. Read the pinned post Preparation Guide for use before posting a HijackThis Log first. I'm thinking that deleting those gear-like files was a mistake. Do you have "show hidden files and folders" and "show hidden system files" enabled in your Folder Options? (Tools ->Folder Options ->View tab) That's why you're seeing the stuff that's supposed to be hidden.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users