SpySheriff is a rogue anti-spyware application that uses fake alerts and false positives as a goad into scaring you into purchasing their software. This software is usually installed by Trojans that issue fake security alerts in your Windows taskbar stating that you are infected with a variety of malware. When you click on this warning, SpySheriff will be download and installed and start scanning your system. The malware will also change your Windows desktop to a black background with a warning message stating that your computer is in danger. All of these warnings are being issued as a scare tactic used to scam you into purchasing this software. Screenshots of the desktop background, SpySheriff software, and fake taskbar alerts are found below.
Tools Needed for this fix:
SmitFraudFix is a tool that S!Ri created to remove rogue anti-spyware applications that utilize Trojans to issue fake taskbar security alerts or that change your background in order to scare you into purchasing the full commercial version of their software.. These infections are difficult to remove and are usually bundled with so much other malware, that traditional antispyware or antivirus programs have difficult completely cleaning these infections. Due to this a specialized tool was created in order to help a user clean their system of these infections. I do not recommend using the tool without guidance from a qualified malware removal specialist!
Symptoms in a HijackThis
Log:O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exeO4 - HKCU\..\Run: [Windows installer] C:\winstall.exeRevision History
The company that developed SpySheriff, knowing that people have become aware of SpySheriff being malware, has created several SpySheriff clones that have different names and styles than SpySheriff, but share the same interface and similar behaviors of SpySheriff. Adware Sheriff, Pest Trap, SpywareNo, Spylocked, SpywareQuake, SpyTrooper, Spydawn, AntiVirGear, Brave Sentry, "system security", "SpywareStrike", SpyShredder, Alpha Cleaner, SpyMarshal, and "SpyAxe" are the best known of these.
Most commercial anti-spyware programs do not work on these variants.