SpySheriff


SpySheriff is malware that disguises itself as an anti-spyware program, in order to trick the owner of the infected computer to buy the program, by repeatedly informing them of false threats to their system.[1] SpySheriff often goes unnoticed by actual anti-spyware programs, and is difficult to remove from an infected computer.[2]


The Website That Promotes SpySheriff

The typosquatted version of Google.com (Goggle.com) are always redirected to SpySheriff's Website and download the malware to the computer without consent. Toggle.com is another well known infected site


Problems Caused by SpySheriff

* SpySheriff cannot be simply deleted, as it reinstalls itself through hidden components on the computer. Trying to remove it with the Add/Remove programs feature has similar results, or may result in a system crash. A blue screen of death may occur.
* The program will stop the computer from connecting to the internet or a limited internet connection, and will display an error message reading "The system has been stopped to protect you from Spyware."

* The desktop background can also be replaced with a blue screen of death, or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."

* SpySheriff has been known to create one or more administrator accounts, to block access to programs and utilities for other users. If logged in as an administrator, it is sometimes possible to delete the SpySheriff account(s).

* It also acts to stop any attempt to do a System restore by preventing the calendar and restore points from loading. This prevents the user from being able to revert their computer to an earlier usable state. A System restore is however often possible after booting in Safe mode.

* It blocks several websites, including the ones that have downloadable anti-spyware software, locks the user's Internet Explorer options, and It has also been implemented in pirated versions of Norton AntiVirus.

* It will likely create the need for the use of a recovery disk in order to restore original factory specs.


SpySheriff clones

The company that developed SpySheriff, knowing that people have become aware of SpySheriff being malware, has created several SpySheriff clones that have different names and styles than SpySheriff, but share the same interface and similar behaviors of SpySheriff. Adware Sheriff, Pest Trap, SpywareNo, Spylocked, SpywareQuake, SpyTrooper, Spydawn, AntiVirGear, Brave Sentry, "system security", "SpywareStrike", SpyShredder, Alpha Cleaner, SpyMarshal, and "SpyAxe" are the best known of these.


Removal

SpySheriff is very sophisticated and it is very difficult to remove directly. Attempting to remove it using the "Add/Remove Programs" control panel may sometimes work, but it is highly unlikely. However, SpySheriff has a tendency to reinstall itself due to hidden components in files on your computer. The simplest solution is to try genuine spyware removal tools in the hopes that it can be cleaned, but there are also possibilities for manual removal. Since System Restore is locked by SpySheriff, it is very hard to remove it through it; however, using System Restore in Safe Mode might work, but there is a possible chance that the SpySheriff's components may be inside the System Restore folders. Tools called SmitFraudFix and SmitRem are said to get rid of SpySheriff; they work by deleting all of SpySheriff's components and if the desktop wallpaper had been changed, the removal tool replaces it with a plain blue screen. Ad-Aware and Vundo-Fix can remove SpySheriff components by removing trojans associated with the program. HijackThis is sometimes recommended to remove registry entries by SpySheriff. Sometimes the only way to completely remove the virus is by saving all documents on a hard drive and re-installing Windows/reformatting if the above removal solutions do not seem to work. Using programs such as AVG, Avast!, Spyware Doctor and McAfee Security Center, and Ad-Aware or Spybot-Search & Destroy can prevent this infection from entering the computer.

Source