spysheriff spyware remover?
ryan weihl
since it is running in the background and I can not see
any option to stop it to be able to un-install.
The program installed itself without him asking for it,
he says. Is this a legit program?
Thanks for any info
rw
Beauregard T. Shagnasty
This page has great detail. Google is your friend.
--
-bts
-When motorcycling, never follow a pig truck
David H. Lipman
Download the following tool which removes the SmitFraud Trojan and SpySheriff,
http://www.ik-cs.com/programs/virtools/SmitFraud.exe
On the infected PC...
Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow FTP.EXE to go through your
FireWall to enable FTP.EXE to download the needed McAfee related files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
ryan weihl
thank you David
I had used SpyBot used in the meantime. It showed Smitfraud and
Spysheriff. It wend thru the delete procedure and shows no more entries
found. Biut on the last restart spysheriff was back again and SPYbot
shows both of them again and also a MZS spoolserver32 shows up.
So i will try your procedure now, but there is no McAfee on that laptop
Thank you
rw
David H. Lipman
|
| thank you David
| I had used SpyBot used in the meantime. It showed Smitfraud and
| Spysheriff. It wend thru the delete procedure and shows no more entries
| found. Biut on the last restart spysheriff was back again and SPYbot
| shows both of them again and also a MZS spoolserver32 shows up.
| So i will try your procedure now, but there is no McAfee on that laptop
| Thank you
| rw
Ryan:
McAfee does not have to pre-exist on your PC. The tool will automatically download the
needed McAfee Command Line Scanner. Just make sure that FTP.EXE is allowed to go through
your FireWall and download the needed files.
Al Dykes
David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
>From: "ryan weihl" <rwi...@nospam.net>
>
>
>|
>| thank you David
>| I had used SpyBot used in the meantime. It showed Smitfraud and
>| Spysheriff. It wend thru the delete procedure and shows no more entries
>| found. Biut on the last restart spysheriff was back again and SPYbot
>| shows both of them again and also a MZS spoolserver32 shows up.
>| So i will try your procedure now, but there is no McAfee on that laptop
>| Thank you
>| rw
>
>Ryan:
>
>McAfee does not have to pre-exist on your PC. The tool will automatically download the
>needed McAfee Command Line Scanner. Just make sure that FTP.EXE is allowed to go through
>your FireWall and download the needed files.
>
>
I just cleaned up a pc that was infected with spysheriff. what a
PITA. It seems to be new and the tools haven't come up to speed yet.
I used Lavasoft, then applied all MS patches, then spybotS&D then ran
the latest Trend Micro online scan. I always liked trend and their
online scan is better than ever. I suspect if I had tried it first the
other steps (except for patching) would have been unnecessary.
I hand-deleted c:\winstall and winnt32\system32\desktop.html
There was a process with a weird name qxygh....exe or something like
that. I killed the precess and then found and deleted the file.
--
a d y k e s @ p a n i x . c o m
Don't blame me. I voted for Gore.
ryan weihl
> From: "ryan weihl" <rwi...@nospam.net>
>
>
> >
> > thank you David
> > I had used SpyBot used in the meantime. It showed Smitfraud and
> > Spysheriff. It wend thru the delete procedure and shows no more
> > entries found. Biut on the last restart spysheriff was back again
> > and SPYbot shows both of them again and also a MZS spoolserver32
> > shows up. So i will try your procedure now, but there is no
> > McAfee on that laptop Thank you
> > rw
>
> Ryan:
>
> McAfee does not have to pre-exist on your PC. The tool will
> automatically download the needed McAfee Command Line Scanner. Just
> make sure that FTP.EXE is allowed to go through your FireWall and
> download the needed files.
David:
This Laptop is not on line to anywhere. Its a Dell610. Has no
NIC and the person using it has only a phone line which
I don't have, use NIC only.
Any other way to get those McAfee files?
Thank you
rw
David H. Lipman
| I just cleaned up a pc that was infected with spysheriff. what a
| PITA. It seems to be new and the tools haven't come up to speed yet.
| I used Lavasoft, then applied all MS patches, then spybotS&D then ran
| the latest Trend Micro online scan. I always liked trend and their
| online scan is better than ever. I suspect if I had tried it first the
| other steps (except for patching) would have been unnecessary.
|
| I hand-deleted c:\winstall and winnt32\system32\desktop.html
|
| There was a process with a weird name qxygh....exe or something like
| that. I killed the precess and then found and deleted the file.
|
| --
| a d y k e s @ p a n i x . c o m
|
| Don't blame me. I voted for Gore.
My removal tool will kill all of the below...
iexplore.exe
firefox.exe
mszx23.exe
w32tm.exe
Tibs3.exe
rundll32.exe
wp.exe
bsw.exe
popuper.exe
helper.exe
intmonp.exe
msmsgs.exe
oleadm.exe
ole32vbs.exe
msole32.exe
shnlog.exe
intmon.exe
msmsgs.exe
taskmon.exe
VAUVPMOV.EXE
TFUFB.EXE
w8673492.exe
ZLOADER3.EXE
AntivirusGold.exe
winnook.exe
hookdump.exe
SpySheriff.exe
adwaredelete.exe
winstall.exe
Security iGuard.exe
icsupp95.exe
PSGuard.exe
If you have found another EXE file (or others) associated with it, please post the names and
I will update the tool accordingly.
David H. Lipman
.
|
| David:
| This Laptop is not on line to anywhere. Its a Dell610. Has no
| NIC and the person using it has only a phone line which
| I don't have, use NIC only.
| Any other way to get those McAfee files?
| Thank you
| rw
Hmmm..
Not easily. However, most of the removal is scripted. The McAfee Command Line Scanner is
used to make sure there are no other infectors on the PC.
You can still use the tool, it just won't scan the PC with the McAfee scanner.
Otherwise you can install it on another PC that is connected to the Internet and then run
it. It will download the needed files and the c:\mcafee tree can be copied to the affected
PC.
However, there is ONE drawback. Since it targets the SmitFraud Trojan and the Trojan
modifies the desktop, you will have to re-select the desktop background colour and your
choice of desktop background pictures (BMP or JPEG). You won't see this change until either
you re-logon or reboot the PC.
ryan weihl
David:
just a followup:
as I said I ran spybot which foun Spysheriff and Smitfraud.
When they showd up I used Smitfraud.exe on the infected Laptop without
any outside connection and now it looks clean, no SPYsheriff poping
up. Keep my finger crossed
Thank you
rw
David H. Lipman
|
| David:
| just a followup:
| as I said I ran spybot which foun Spysheriff and Smitfraud.
| When they showd up I used Smitfraud.exe on the infected Laptop without
| any outside connection and now it looks clean, no SPYsheriff poping
| up. Keep my finger crossed
| Thank you
| rw
C O O L !
Thanx for updating the thread !