From Wikipedia, the free encyclopedia
Jump to: navigation, search
SpySheriff interface.

SpySheriff, also known as Brave Sentry, Pest Trap, SpyTrooper,[1] Spywareno, and MalwareAlarm,[2] is malware that disguises itself as an anti-spyware program. SpySheriff attempts to mislead a user into buying the program by repeatedly informing them of false threats to their system.[3] It is very difficult to remove SpySheriff from machines,[4] since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed if the user has anti-malware tools on the machine, or owns a rescue disk.


SpySheriff used to be hosted at www.spy-sheriff.com from 2005 to late 2008 and is now defunct. [5] Several typosquatted websites have also attempted to automatically install SpySheriff, including a version of Google.com (Goggle.com), and MCreator, a program used to make mods for Minecraft. As of 2007, these sites are no longer active.

Problems caused by SpySheriff[edit]

Another version of SpySheriff.
A fake infection warning pop-up.
  • SpySheriff reports false malware infections and pretends to detect real malware infections.[1][6]
  • Attempts to remove SpySheriff have been reported to be unsuccessful as SpySheriff will reinstall itself.
  • The desktop background may be replaced with an image resembling a blue screen of death, or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."
  • Going to add/remove programs to remove SpySheriff either causes the computer to crash or does not remove all components.[7]
  • Any attempt to connect to the Internet via a web browser is blocked by SpySheriff, which replaces the user's desktop background with a blue warning screen saying that the system has been stopped to protect the user from spyware.
  • SpySheriff stops any attempt to do a system restore by causing the calendar and restore points to not load. This causes the user to be unable to revert their computer to an earlier state. A loop hole has been discovered, in that if the user undoes the last restore operation, the system will restore itself, allowing a chance to remove SpySheriff.[7]

See also[edit]


  1. ^ a b "SpySheriff Technical Details". Symantec. Retrieved 2009-11-01. 
  2. ^ "SpywareNo!". Retrieved 2009-11-11. 
  3. ^ "Spyware tunnels in on Winamp flaw". Joris Evers, CNET News.com, February 6, 2006. Retrieved 2009-11-01. 
  4. ^ "Top 10 rogue anti-spyware". Suze Turner, ZDNet, December 19, 2005. Retrieved 2009-11-01. 
  5. ^ "SunBelt Security Blog". Sunbelt Security. Retrieved 2009-11-01. 
  6. ^ Vincentas (18 October 2012). "spysheriff.exe in SpyWareLoop.com". Spyware Loop. Retrieved 27 July 2013. 
  7. ^ a b "SpySheriff - CA". CA. Retrieved 2009-11-01. [dead link]

External links[edit]