SpySheriff, also known as Brave Sentry, Pest Trap, SpyTrooper, Spywareno, and MalwareAlarm, is malware that disguises itself as an anti-spyware program. SpySheriff attempts to mislead a user into buying the program by repeatedly informing them of false threats to their system. It is virtually impossible to remove SpySheriff from an infected computer as SpySheriff's components may be in the System Restore folders. However, SpySheriff can easily be removed using anti-malware tools.
SpySheriff used to be hosted at www.spy-sheriff.com. However, this website is now defunct. Several typosquatted websites also attempted to automatically install SpySheriff, including a version of Google.com (Goggle.com). As of 2007, these sites are no longer active.
Problems caused by SpySheriff
- SpySheriff reports false malware infections and pretends to detect real malware infections.
- Attempts to remove SpySheriff are useless and have been reported to be unsuccessful as it re-installs automatically.
- The desktop background may be replaced with an image resembling a blue screen of death, or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."
- Going to add/remove programs to remove SpySheriff either causes the computer to crash or does not remove all components.
- Any attempt to connect to the Internet via a web browser is blocked by Spysheriff, which replaces the user's desktop background with a blue warning screen saying that the system has been stopped to protect the user from spyware.
- SpySheriff stops any attempt to do a system restore by causing the calendar and restore points to not load. This causes the user to be unable to revert their computer to an earlier state. A loop hole has been discovered, in that if the user undoes the last restore operation, the system will restore itself, allowing a chance to be rid of SpySheriff.
- "SpySheriff Technical Details". Symantec. Retrieved 2009-11-01.
- "SpywareNo!". Retrieved 2009-11-11.
- "Spyware tunnels in on Winamp flaw". Joris Evers, CNET News.com, February 6, 2006. Retrieved 2009-11-01.
- "Top 10 rogue anti-spyware". Suze Turner, ZDNet, December 19, 2005. Retrieved 2009-11-01.
- "Persistent Malware: Microsoft's System Restore Feature". CA. Retrieved 2009-11-01.
- "SunBelt Security Blog". Sunbelt Security. Retrieved 2009-11-01.
- Vincentas (18 October 2012). "spysheriff.exe in SpyWareLoop.com". Spyware Loop. Retrieved 27 July 2013.
- "SpySheriff - CA". CA. Retrieved 2009-11-01.[dead link]