This site is temporarily down. Please come back. Content-type: text/html; charset=utf-8 Spysheriff blocks my desktop background - how to remove Spysheriff
DelphiFAQ Home Search:

Spysheriff blocks my desktop background - how to remove Spysheriff


comments766 comments. Current rating: 5 stars (299 votes). Leave comments and/ or rate it.


This morning I came to my computer and found an application named Spysheriff running. It supposedly had found a dozen of problems on my computer and demanded a purchase in order to remove them.
It also had changed my desktop background image so that it looked like a error message (see the screenshot):

screenshot of spysheriff

It tries to tell me that my computer is in really bad shape and I am in danger unless I pay them..

I tried to remove that desktop background image using the control panel but it is disabled! What can I do?


Spysheriff is malware and should not be used to clean a PC from spyware/ adware/ malware. It's pretty bad e.g. if you try to use System Restore you will find that Spysheriff erased your restore points, so that won't work.
SpySheriff does come with an uninstall program which removes SpySheriff, but it will not undo all the other damage your computer has suffered.

Instead follow these steps:
  1. Open task manager by pressing Ctrl-Alt-Del, and click on the "Processes" tab. Look for Spysheriff there and kill the process if you see it. If you see a process named "winstall" (winstall.exe) then delete this one also.
  2. In the control panel goto "Add/ Remove Programs" and remove the "SpySheriff" program. If it says that it cannot uninstall, then you still have it running. It will uninstall once it's not running.
  3. Your desktop background will not be restored by that uninstall. Go into the registry by starting RegEdit.exe from the start button.
    If your registry editor does not work, read this document "I cannot open the registry editor".
  4. Look for this key:
    It will have about 6 values stored that disable certain things. Delete this whole branch ActiveDesktop - the system will work with default values afterwards.
    Also delete this branch in your registry:
  5. Look in your root directory for a file named winstall.exe. Mine was in c:\ and 24064 Bytes in size.
    This file is scheduled to execute each time you boot and it will re-install Spysheriff.
    Delete that file.
    As MG from Ottawa comments below, there may also be additional executable files that were created at the same time as winstall.exe. Those files may be named 'winstall.exe' and 'ibm00001.exe'. You should delete those files as well. If you have this file ibm0001.exe please see the other article regarding ibm0001.exe.
  6. Restart your system.


Some people asked about the company that makes SpySheriff. This is their London address:

Company:         SpySheriff Development Team
Street address:  Tooley 73a 
City:            London 
Zip:             EC1Y 1BL 
Country:         United Kingdom

Content-type: text/html


You are on page 3 of 52, other pages: 1 2 [3] 4 5 6 49 50 51 52
2005-11-22, 08:46:52
anonymous from Croatia/Hrvatska  
2005-11-22, 22:51:30
anonymous from Costa Rica  
HEy, MG... that was awesome... thanks to you the $&/&%$'@ was gone...
2005-11-23, 09:50:35
anonymous from United States  
thanks man
2005-11-23, 18:02:23
Raven Stingray from Indonesia  
Thanks alot man , you help me getting back my PC from those 'cyber pirate'...thanks man
2005-11-23, 18:02:54
anonymous from Indonesia  
Thanks alot man , you help me getting back my PC from those 'cyber pirate'...thanks man
2005-11-23, 19:42:06
anonymous from Puerto Rico  
awesome great help !
2005-11-24, 01:53:06
Lou from United States  
Thanks for the tip. I have my desktop back. Those guys who write programs such as that should be shot. Really.
2005-11-24, 08:51:42 from United States  
Embarissingly- I did provide spysheriff with bank information. I didn't know what to do. I tried to remove it through the Operating utilities and after an hour or two gave up and fell victim to their sorry scam. I did file a complaint with the FTC and credit bureau. I sent them an email telling them to remove my name and info from their company and they sent an email back saying I was reimbursed. It was all removed after I paid them, but do not pay any money to spysheriff. I followed the instructions above to remove from my programs and it worked great. really appreciate it. Is there any more info you have for me? Thanks Billy
2005-11-24, 10:22:42
rob- from Canada  
I followed the instructions and was able to remove the spysheriff icon from the desktop and all of the popups. The next day the red circle with the x appeared again and the scrolling banner at the top came back. I tried to do everything again but found that nothing had changed since I did it before. The only file I couldn't find was the ibm0000. How the hell did I get this into my computer?
2005-11-24, 10:30:54
rob- from Canada  
I spoke too soon. Popups happen when I type in spysheriff into the explorer search bar, and try to make me get anti spysheriff software.
2005-11-24, 16:35:47
Mike from United States  
Okay, I need help here. I installed SpySheriff (stupidly) because I had a bunch of viruses on my computer and got desperate. I gave them my credit card info! What exactly do I do now? Is my credit card in danger and how do I get reimbursed and how do I remove SpySheriff?

Yeah, I'm an idiot.

2005-11-25, 04:27:58
anonymous from United States  
i can not delete winstall.exe. what should i do?
2005-11-25, 18:39:13
anonymous from Canada  
i got rid of winstall.exe by changing the name of it to something that I would remember and then turned off the computer and when i turned it on again i was able to delete it.
2005-11-25, 19:48:03
Perriwinkle the Evil from United States  
I'm in the process of removing that dratted piece of crap. I never even installed the durned thing!!! But if you are trying to get rid of winstall.exe, here's what I did...I'm running w98SE but it should work on any Windows system...I went to the task manager (cntl-alt-delete) and then stopped the process winstall.exe. It took a moment, since the system had to tell me it wasn't responding and re-ask me what to do (end the darned thing, duh!!) After that, I could delete it with relish.
2005-11-25, 21:12:09
peenagina from United States  
Thanks for the help I had to google search for a solution. Thank you very much! <3
You are on page 3 of 52, other pages: 1 2 [3] 4 5 6 49 50 51 52



NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: