Anything Forums

YES---LUCKY ME!

I have been infected by Spy Sheriff

It puts a big flashing red circle in your taskbar & keeps poping up-

YOU HAVE BEEN INFECTED-----------------click here to order

ITS THE WORSE YET!!

I hade to run a gazzillion antispy programs to clean it-a local PC Tech said usually you have to reformat.

Even after my programs said it was gone, I'd be idle on the internet & my activity lite on my DSL modem was going insane..

The firewall kept saying 'system' wants to access the internet.

It turns out that this spyware puts 2 .exe programs in the C: folder----

Sysevent.evt & Secevent.evt

So, even in safe mode if you delete these another couple of files called appevent.evt & country.exe in Systems folder reinstalls them on the next reboot.

You can't delete them in Windows without shutting the processes down 1 by 1 & then try to delete them.

TERRIBLE---JUST TERRIBLE!!


LOOK HERE FOR MORE INFO

Archived topic from Iceteks, old topic ID:4263, old post ID:34430

lol and how did you manage to get that on your PC?

Archived topic from Iceteks, old topic ID:4263, old post ID:34431

Red Squirrel wrote: lol and how did you manage to get that on your PC?

cRACK SITES

Spysheriff Clones

The company that developed Spysheriff has known that people have become more aware of Spysheriff being malware and has created several Spysheriff clones that have different names and styles than Spysheriff, but share the same interface and similar behaviors of Spysheriff. Below is a list of names of Spysheriff clones.

* Pest Trap
* SpywareNo
* SpyDemolisher
* SpyFalcon
* BraveSentry

also Smit.fraud.c THIS IS WHAT I HAD ALONG WITH Spy Sheriff

PLUS you have to manually edit the registry.

Now I'm running 3 spyware programs (as they each find something the other 1 didn't ) plus antivirus

Archived topic from Iceteks, old topic ID:4263, old post ID:34432

Ooooh that's nasty when they re-activate on reboot because you've overlooked a file. I'll have to keep my eye out for that one.

Archived topic from Iceteks, old topic ID:4263, old post ID:34435

From working on customer PCs I've seen it all, the worse are the 2 process ones, where if you terminate 1 process, the other reactivates it AND re-adds all the info in the registry. So the only way to kill it is to deactivate BOTH processes at the SAME time, remove BOTH from starting up (usually very hidden, not nesesarily set at system startup, perhaps browser startup or some kind of script action for a menu). Usually ends up safe mode is only way. a bad nt "feature" is the ability for processes to tell you "access denied" if you try to terminate them, which of course is usually the case with these nasties.

Archived topic from Iceteks, old topic ID:4263, old post ID:34437

Heres a list of files it can install:

EXE Files
crack.exe
install.exe
kernels8.exe
netst32.exe
netstat2.exe
netstat32.exe
runapl[1].exe
spysheriff.exe
spysheriff.exe-06c9bfd9.pf
spytrooper.exe
spywareno.exe
ss_setup.exe
startguard.exe
tool2.exe
tool4.exe
tool5.exe
uninstall.exe
us.exe
vxh8jkdq2.exe
winctrl32.exe
winstall.exe

DLL Files

access98.dll
dcom_14.dll
dxfi32.dll
heur000.dll
heur001.dll
heur002.dll
heur003.dll
iesecurity.dll
lbxfm32.dll
mpatrol.dll
procmon.dll
toolbar.dll
wmeayl32.dll

Other Files

3a6.tmp
base.avd
base001.avd
base002.avd
c.tmp
found.wav
notfound.wav
removed.wav
spysheriff.dvm
spysheriff.lnk

MORE INFO

Archived topic from Iceteks, old topic ID:4263, old post ID:34451

Oh that's evil


Archived topic from Iceteks, old topic ID:4263, old post ID:34452

Yep, sometimes it's easier to do a reinstall than try to find all the junk and get rid of it.

Archived topic from Iceteks, old topic ID:4263, old post ID:34453

i have the same problem!! but i don't know what to do!!
i had tryed to install spy doctor and doesn't work!!! then i had installed pest trap, but i can't find the crack for activate the programme and remore all the viruses!!!!! if someone could help... it would be very cool!!!...
thanks
cya

Archived topic from Iceteks, old topic ID:4263, old post ID:34896

click

Archived topic from Iceteks, old topic ID:4263, old post ID:34928