SpySheriff

From Wikipedia, the free encyclopedia
  (Redirected from Spysheriff)
Jump to: navigation, search
SpySheriff interface.

SpySheriff, also known as Brave Sentry, Pest Trap, SpyTrooper,[1] and SpywareNo,[2] is malware that disguises itself as an anti-spyware program. SpySheriff attempts to mislead a user into buying the program by repeatedly informing them of false threats to their system.[3] SpySheriff is difficult to remove from an infected computer;[4] attempting to remove it using the "Add/Remove Programs" applet in control panel does not remove all components,[5] and SpySheriff's components may be in the System Restore folders.[6] However, SpySheriff can easily be removed using anti-malware tools.[7]

Contents

[edit] Websites

SpySheriff used to be hosted at www.spy-sheriff.com. However, this website is now defunct.[8] Several typosquatted websites also attempted to automatically install SpySheriff, including a version of Google.com (Goggle.com). As of 2007, these sites are no longer active.

[edit] Problems caused by SpySheriff

Another version of SpySheriff.
A fake infection warning pop-up.
  • SpySheriff reports false malware infections and uses poor heuristics to detect real malware infections.[1]
  • Attempts to remove SpySheriff are useless and have been reported to be unsuccessful as it re-installs automatically.
  • The desktop background may be replaced with an image resembling a blue screen of death, or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged.".
  • Going to add/remove causes it to crash, obviously intended to stop any attempt to take out any of Spysheriff's drivers.
  • Any attempt to connect to the internet via a web browser is blocked by Spysheriff, which replaces your desktop background with a menacingly blue warning screen telling you the system has been stopped to protect you from Spyware: an obvious hint of the program's true nature.
  • Perhaps the most dangerous feat of Spysheriff, is that it attempts to stop any attempt to do a system restore by causing the calendar and restore points to not load. This causes the user to be unable to revert their computer to an earlier state. A loop hole has been discovered, however, in that if you undo your last restore operation, the system will successfully restore itself allowing you a chance to be rid of Spysheriff.[5]

[edit] See also

[edit] References

  1. ^ a b "SpySheriff Technical Details". Symantec. http://subsync.symantec.com/security_response/writeup.jsp?docid=2005-122910-4625-99&tabid=2. Retrieved 2009-11-01. 
  2. ^ "SpywareNo!". http://www.spywareguide.com/product_show.php?id=2136. Retrieved 2009-11-11. 
  3. ^ "Spyware tunnels in on Winamp flaw". Joris Evers, CNET News.com, February 6, 2006. http://www.zdnetasia.com/news/security/0,39044215,39310016,00.htm. Retrieved 2009-11-01. 
  4. ^ "Top 10 rogue anti-spyware". Suze Turner, ZDNet, December 19, 2005. http://blogs.zdnet.com/Spyware/?p=727. Retrieved 2009-11-01. 
  5. ^ a b "SpySheriff - CA". CA. http://www.ca.com/securityadvisor/pest/pest.aspx?id=453096400. Retrieved 2009-11-01. 
  6. ^ "Persistent Malware: Microsoft's System Restore Feature". CA. http://community.ca.com/blogs/securityadvisor/archive/2008/11/05/persistent-malware-microsoft-s-system-restore-feature.aspx. Retrieved 2009-11-01. 
  7. ^ "PestTrap removal instructions". spywareremove.com. http://www.spywareremove.com/removePestTrap.html. Retrieved 2009-11-01. 
  8. ^ "SunBelt Security Blog". Sunbelt Security. http://sunbeltblog.blogspot.com/2005/10/sleazy-install-of-week.html. Retrieved 2009-11-01. 

[edit] External links

Retrieved from "http://en.wikipedia.org/w/index.php?title=SpySheriff&oldid=476060907"
Personal tools
Namespaces
Variants
Actions
Navigation
Interaction
Toolbox
Print/export
Languages