Databases (73)
Linux (41)
Outside the Cube (4640)
Programming (679)
Web publishing (65)
Windows (431)
Apache (6)
File Types (33)
Internet Explorer (6)
Network (11)
Passwords (6)
Printing
Processes (13)
Programming (318)
Exchange Links
About this site
| |
 |
New related comments
Number of comments in the last 48 hours
How to get into Windows when you lost the Administrator password
1 new comments
Spysheriff blocks my desktop background - how to remove Spysheriff
765 comments. Current rating: 
(299 votes). Leave comments and/ or rate it.
Question:
This morning I came to my computer and found an application named Spysheriff running. It supposedly had found a dozen of problems on my computer and demanded a purchase in order to remove them.It also had changed my desktop background image so that it looked like a error message (see the screenshot):
It tries to tell me that my computer is in really bad shape and I am in danger unless I pay them..
I tried to remove that desktop background image using the control panel but it is disabled! What can I do?
Answer:
|
Spysheriff is malware and should not be used to clean a PC from spyware/ adware/ malware. It's pretty bad e.g. if you try to use System Restore you will find that Spysheriff erased your restore points, so that won't work. SpySheriff does come with an uninstall program which removes SpySheriff, but it will not undo all the other damage your computer has suffered. |
Instead follow these steps:
- Open task manager by pressing Ctrl-Alt-Del, and click on the "Processes" tab. Look for Spysheriff there and kill the process if you see it. If you see a process named "winstall" (winstall.exe) then delete this one also.
- In the control panel goto "Add/ Remove Programs" and remove the "SpySheriff" program. If it says that it cannot uninstall, then you still have it running. It will uninstall once it's not running.
- Your desktop background will not be restored by that uninstall. Go into the registry by starting RegEdit.exe from the start button.
If your registry editor does not work, read this document "I cannot open the registry editor". - Look for this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
It will have about 6 values stored that disable certain things. Delete this whole branch ActiveDesktop - the system will work with default values afterwards.
Also delete this branch in your registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System - Look in your root directory for a file named winstall.exe. Mine was in c:\ and 24064 Bytes in size.
This file is scheduled to execute each time you boot and it will re-install Spysheriff.
Delete that file.
Update:
As MG from Ottawa comments below, there may also be additional executable files that were created at the same time as winstall.exe. Those files may be named 'winstall.exe' and 'ibm00001.exe'. You should delete those files as well. If you have this file ibm0001.exe please see the other article regarding ibm0001.exe. - Restart your system.
Done.
Some people asked about the company that makes SpySheriff. This is their London address:
Company: SpySheriff Development Team Street address: Tooley 73a City: London Zip: EC1Y 1BL Country: United Kingdom |
|
||||||||
Comments:
| You are on page 4 of 51, other pages: 1 2 3 [4] 5 6 7 48 49 50 51 | ||
| ||
|
Top drawer matey. All the very best to you.
| ||
| ||
|
I am so desperate.... My computer skills are very limited so i have a hard time even understanding what I have been reading. I no nothing of registry keys .... and it all seems so confusing. I got infected with spy sheriff that took away my adm. rights. I cannot acess the task manager or even run the computer in safe mode. i do have adware and spysweeper, but it won't let me run the processes to the end. It freezes before it's done. I am SO DESPERATE!!! Anyone willing to give me a hand in getting rid of spy sheriff for dummies? Thank you so much,
Kiki | ||
| ||
|
get a full version of xoftspy software this works and kill all spysheriff without going into all this ...start the program and it will kill all the spy sheriff stuff
this is the easiest way.... | ||
| ||
|
I was able to delete spysheriff and get rid of the porno pictures and advertising. But it is still there... a blue screen on my desktop! I don't have the red x's anymore and I am scared to use the computer.
Can anyone help me from that point on? I don't know this xoftspy software and at this point I am scared to use anything. I have years of work on this machine. Thanks, Kiki ( I used spysweeper and adaware with no results) | ||
| ||
|
I forgot to say, my system restore is not working either all restore points have disappeared from the system.
| ||
| ||
|
Okay, I was able to follow the instructions posted above and it worked. I got rid of blue spysheriff desktop. However as I was doing this something else caught my computer which is now running emulated norston system works - scanning email message 1 of 11 - non stop totally covering the desktop and making it almost impossible to try to run anything on it.... The popups come non stop, has anyone heard of that before
| ||
| ||
|
hey all sorts of problems. i ran your instructions to the letter but it didnt do anything for me. all the files kept coming back. i restarted in safemode and was able to do some deleting. the files havent come back. except for the security32.html file which wont leave me alone. also my cpu is permanently running slow with 100% usage now what to do?
| ||
| ||
|
in reference HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Pn\Policies\** you need to delete the files inside explorer?
| ||
| ||
|
Well done, man. Well done. THX - God blees you.
| ||
| ||
|
PLS TEL ME HOW CAN I REMOVE THE STARTUP ERROR MSG ibm00003.exe
not found . i had the ibm00003.exe found it and deleted it then i found another thing , a web page called secure32.html that told me to check out 3 things all 3 links pointed tha same adress to spysheriff (i see what it does glad i did not install it ) | ||
| ||
|
I managed to delete some of the registry items i believe i don't have any of those ones that i see listed....but everytime i start up my internet explore secur32.htm pops up even tho i deleted it and changed the homepage...i have no idea how to get rid of this ive used spyware, antivirus etc...but its not working....any help would be appreciated...davidcostello19@hotmail.com if you wouldn't mind sending it to me
| ||
| ||
|
Thanks a ton for the wonderful tip on removing this piece of crap...spent a sleepless night trying to figure out wtf was goin on...kudos guys...keep it up.....two thumbs up...
| ||
| ||
|
The removal part is not detail enough. my machine was infected after the installation of that damn spyware. now i still keep looking for solution to get rid of that fxxking spyware/virus problems...
...but the recovery part of changing wallpaper is excellent. | ||
| ||
|
i hve the blu screen. i am very computer limited. I read info above about registry keys and regedit but i am still lost. please help... mabye in more simpler terms=)
thanks, anonyomous | ||
| ||
|
now i get it i learned from diff site ty anyways=p
| ||
| You are on page 4 of 51, other pages: 1 2 3 [4] 5 6 7 48 49 50 51 |
