Jump to content

SpySheriff: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Adding reference about SpySheriff
Line 8: Line 8:
[[Image:Spysheriff1.png|right|thumb|300px|Another version of SpySheriff.]]
[[Image:Spysheriff1.png|right|thumb|300px|Another version of SpySheriff.]]
[[Image:SpySheriffPopUp.png|right|thumb|300px|A fake infection warning pop-up.]]
[[Image:SpySheriffPopUp.png|right|thumb|300px|A fake infection warning pop-up.]]
* SpySheriff reports false malware infections and pretends to detect real malware infections.<ref name="SymantecTech">{{cite web|url=http://subsync.symantec.com/security_response/writeup.jsp?docid=2005-122910-4625-99&tabid=2|title=SpySheriff Technical Details|publisher=Symantec|accessdate=2009-11-01}}</ref>
* SpySheriff reports false malware infections and pretends to detect real malware infections.<ref name=AAA>{{cite news |url= http://www.spywareloop.com/infections/s/spysheriff-exe |title=spysheriff.exe in SpyWareLoop.com|author= Vincentas |newspaper=''Spyware Loop'' |date=18 October 2012 |accessdate=27 July 2013}}</ref><ref name="SymantecTech">{{cite web|url=http://subsync.symantec.com/security_response/writeup.jsp?docid=2005-122910-4625-99&tabid=2|title=SpySheriff Technical Details|publisher=Symantec|accessdate=2009-11-01}}</ref>
* Attempts to remove SpySheriff are useless and have been reported to be unsuccessful as it re-installs automatically.
* Attempts to remove SpySheriff are useless and have been reported to be unsuccessful as it re-installs automatically.
* The desktop background may be replaced with an image resembling a [[blue screen of death]], or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."
* The desktop background may be replaced with an image resembling a [[blue screen of death]], or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."

Revision as of 18:09, 27 July 2013

SpySheriff interface.

SpySheriff, also known as Brave Sentry, Pest Trap, SpyTrooper,[1], Spywareno, and MalwareAlarm.[2] is malware that disguises itself as an anti-spyware program. SpySheriff attempts to mislead a user into buying the program by repeatedly informing them of false threats to their system.[3] It is virtually impossible to remove SpySheriff from an infected computer[4] as SpySheriff's components may be in the System Restore folders.[5] However, SpySheriff can easily be removed using anti-malware tools.

Websites

SpySheriff used to be hosted at www.spy-sheriff.com. However, this website is now defunct.[6] Several typosquatted websites also attempted to automatically install SpySheriff, including a version of Google.com (Goggle.com). As of 2007, these sites are no longer active.

Problems caused by SpySheriff

File:Spysheriff1.png
Another version of SpySheriff.
File:SpySheriffPopUp.png
A fake infection warning pop-up.
  • SpySheriff reports false malware infections and pretends to detect real malware infections.[7][1]
  • Attempts to remove SpySheriff are useless and have been reported to be unsuccessful as it re-installs automatically.
  • The desktop background may be replaced with an image resembling a blue screen of death, or a notice reading: "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."
  • Going to add/remove programs to remove SpySheriff either causes the computer to crash or does not remove all components.[8]
  • Any attempt to connect to the Internet via a web browser is blocked by Spysheriff, which replaces the user's desktop background with a blue warning screen saying that the system has been stopped to protect the user from spyware.
  • SpySheriff stops any attempt to do a system restore by causing the calendar and restore points to not load. This causes the user to be unable to revert their computer to an earlier state. A loop hole has been discovered, in that if the user undoes the last restore operation, the system will restore itself, allowing a chance to be rid of SpySheriff.[8]

See also

References

  1. ^ a b "SpySheriff Technical Details". Symantec. Retrieved 2009-11-01.
  2. ^ "SpywareNo!". Retrieved 2009-11-11.
  3. ^ "Spyware tunnels in on Winamp flaw". Joris Evers, CNET News.com, February 6, 2006. Retrieved 2009-11-01.
  4. ^ "Top 10 rogue anti-spyware". Suze Turner, ZDNet, December 19, 2005. Retrieved 2009-11-01.
  5. ^ "Persistent Malware: Microsoft's System Restore Feature". CA. Retrieved 2009-11-01.
  6. ^ "SunBelt Security Blog". Sunbelt Security. Retrieved 2009-11-01.
  7. ^ Vincentas (18 October 2012). "spysheriff.exe in SpyWareLoop.com". Spyware Loop. Retrieved 27 July 2013. {{cite news}}: Italic or bold markup not allowed in: |newspaper= (help)
  8. ^ a b "SpySheriff - CA". CA. Retrieved 2009-11-01.[dead link]
Retrieved from "https://en.wikipedia.org/w/index.php?title=SpySheriff&oldid=566047892"