Fix Blue Desktop - Spyware Infection Message

You are here: HOME > COMPUTER > ANTI SPYWARE

Spy Sheriff

Description:

Spy Sheriff is a fake anti-spyware application that can be installed on computers without users consent. SpySheriff will popup "Spy Sheriff Spyware Protection Status" from taskbar.

 

Symptoms:

Desktop Blue Screen with message Spyware Infection

Technical Name:

SpySheriff

Threat Level:

Medium

Type:

Malware

Systems Affected:

Windows All

 

SpySheriff removal procedures requires technical know-how on  computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer if modifications on Services and Registry have to be done.
 

MANUAL REMOVAL:

1. Download and install the CleanUp tool.

2. After successful installation run the software and "Check" the options below to customized your settings.
Cleanup all user profiles
Delete prefetch files
Empty the recycle bins.
3. Push CleanUp button
4. When Cleanup is done, it will prompt to reboot your computer. Please do so.

5. Download and Run Hijackthis and mark similar things below. Be sure to close your Web Browser.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKCU\..\Run: [PayTime] F:\WINDOWS\System32\paytime.exe
O20 - Winlogon Notify: SMDEn - F:\WINDOWS\system32\en46l1hs1.dll (file missing)
 

O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe

6. Click "Fix"

 

7. Reboot your computer in "Safe Mode" (Press F8 during startup)

8. Look and delete the following files and folders in bold characters:

c:\secure32.html
c:\WINDOWS\System32\paytime.exe

 

c:\Documents and Settings\user account\Start Menu\Programs\SpySheriff <-whole folder
c:\Documents and Settings\user account\Application Data\Install.dat
c:\Program Files\SpySheriff <-whole folder
c:\Windows\Desktop.html
c:\winstall.exe
c:\Program Files\Daily Weather Forecast\

  FREE ON-LINE VIRUS SCANNER:   

Click here to proceed

 

  SPYWARE REMOVAL TOOLS:

Download and run any of these Anti-Spyware

Home | Computer | PDA | Mobile Phone | Links & Resources | Contact Us

Copyright 2005-2009 PRECISESECURITYdotCOM
All Rights Reserved