This site is temporarily down. Please come back. Content-type: text/html; charset=utf-8 Spysheriff blocks my desktop background - how to remove Spysheriff
DelphiFAQ Home Search:

Spysheriff blocks my desktop background - how to remove Spysheriff

 

comments766 comments. Current rating: 5 stars (299 votes). Leave comments and/ or rate it.

Question:

This morning I came to my computer and found an application named Spysheriff running. It supposedly had found a dozen of problems on my computer and demanded a purchase in order to remove them.
It also had changed my desktop background image so that it looked like a error message (see the screenshot):

screenshot of spysheriff


It tries to tell me that my computer is in really bad shape and I am in danger unless I pay them..

I tried to remove that desktop background image using the control panel but it is disabled! What can I do?

Answer:

Spysheriff is malware and should not be used to clean a PC from spyware/ adware/ malware. It's pretty bad e.g. if you try to use System Restore you will find that Spysheriff erased your restore points, so that won't work.
SpySheriff does come with an uninstall program which removes SpySheriff, but it will not undo all the other damage your computer has suffered.


Instead follow these steps:
  1. Open task manager by pressing Ctrl-Alt-Del, and click on the "Processes" tab. Look for Spysheriff there and kill the process if you see it. If you see a process named "winstall" (winstall.exe) then delete this one also.
  2. In the control panel goto "Add/ Remove Programs" and remove the "SpySheriff" program. If it says that it cannot uninstall, then you still have it running. It will uninstall once it's not running.
  3. Your desktop background will not be restored by that uninstall. Go into the registry by starting RegEdit.exe from the start button.
    If your registry editor does not work, read this document "I cannot open the registry editor".
  4. Look for this key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
    It will have about 6 values stored that disable certain things. Delete this whole branch ActiveDesktop - the system will work with default values afterwards.
    Also delete this branch in your registry:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  5. Look in your root directory for a file named winstall.exe. Mine was in c:\ and 24064 Bytes in size.
    This file is scheduled to execute each time you boot and it will re-install Spysheriff.
    Delete that file.
    Update:
    As MG from Ottawa comments below, there may also be additional executable files that were created at the same time as winstall.exe. Those files may be named 'winstall.exe' and 'ibm00001.exe'. You should delete those files as well. If you have this file ibm0001.exe please see the other article regarding ibm0001.exe.
  6. Restart your system.
    Done.

Update:

Some people asked about the company that makes SpySheriff. This is their London address:

Company:         SpySheriff Development Team
Street address:  Tooley 73a 
City:            London 
Zip:             EC1Y 1BL 
Country:         United Kingdom




Content-type: text/html

Comments:

You are on page 4 of 52, other pages: 1 2 3 [4] 5 6 7 49 50 51 52
2005-11-26, 09:02:58
Thanks from United Kingdom  
Top drawer matey. All the very best to you.
2005-11-26, 12:23:52
Kiki from United States  
I am so desperate.... My computer skills are very limited so i have a hard time even understanding what I have been reading. I no nothing of registry keys .... and it all seems so confusing. I got infected with spy sheriff that took away my adm. rights. I cannot acess the task manager or even run the computer in safe mode. i do have adware and spysweeper, but it won't let me run the processes to the end. It freezes before it's done. I am SO DESPERATE!!! Anyone willing to give me a hand in getting rid of spy sheriff for dummies? Thank you so much,
Kiki
2005-11-27, 16:05:39
anonymous from Canada  
rating
get a full version of xoftspy software this works and kill all spysheriff without going into all this ...start the program and it will kill all the spy sheriff stuff

this is the easiest way....
2005-11-28, 10:38:39
kiki from United States  
rating
I was able to delete spysheriff and get rid of the porno pictures and advertising. But it is still there... a blue screen on my desktop! I don't have the red x's anymore and I am scared to use the computer.
Can anyone help me from that point on?
I don't know this xoftspy software and at this point I am scared to use anything. I have years of work on this machine.
Thanks,
Kiki ( I used spysweeper and adaware with no results)
2005-11-28, 10:40:19
kiki from United States  
rating
I forgot to say, my system restore is not working either all restore points have disappeared from the system.
2005-11-28, 11:17:45
kiki from United States  
rating
Okay, I was able to follow the instructions posted above and it worked. I got rid of blue spysheriff desktop. However as I was doing this something else caught my computer which is now running emulated norston system works - scanning email message 1 of 11 - non stop totally covering the desktop and making it almost impossible to try to run anything on it.... The popups come non stop, has anyone heard of that before
2005-11-28, 21:32:05
gus from Australia  
rating
hey all sorts of problems. i ran your instructions to the letter but it didnt do anything for me. all the files kept coming back. i restarted in safemode and was able to do some deleting. the files havent come back. except for the security32.html file which wont leave me alone. also my cpu is permanently running slow with 100% usage now what to do?
2005-11-29, 02:20:38
SOS! from Australia  
in reference HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Pn\Policies\** you need to delete the files inside explorer?
2005-11-29, 09:14:22
Neutrix from Poland  
rating
Well done, man. Well done. THX - God blees you.
2005-11-29, 11:55:18
Valy from Romania  
PLS TEL ME HOW CAN I REMOVE THE STARTUP ERROR MSG ibm00003.exe
not found . i had the ibm00003.exe found it and deleted it then i found another thing , a web page called secure32.html that told me to check out 3 things all 3 links pointed tha same adress to spysheriff (i see what it does glad i did not install it )
2005-11-29, 22:37:30
costello from Canada  
I managed to delete some of the registry items i believe i don't have any of those ones that i see listed....but everytime i start up my internet explore secur32.htm pops up even tho i deleted it and changed the homepage...i have no idea how to get rid of this ive used spyware, antivirus etc...but its not working....any help would be appreciated...davidcostello19@hotmail.com if you wouldn't mind sending it to me
2005-11-30, 00:06:57
anonymous from India  
rating
Thanks a ton for the wonderful tip on removing this piece of crap...spent a sleepless night trying to figure out wtf was goin on...kudos guys...keep it up.....two thumbs up...
2005-11-30, 00:53:23
kaman1980 from Hong Kong  
rating
The removal part is not detail enough. my machine was infected after the installation of that damn spyware. now i still keep looking for solution to get rid of that fxxking spyware/virus problems...

...but the recovery part of changing wallpaper is excellent.
2005-11-30, 16:53:19
anonymous from United States  
rating
i hve the blu screen. i am very computer limited. I read info above about registry keys and regedit but i am still lost. please help... mabye in more simpler terms=)

thanks, anonyomous
2005-11-30, 16:56:43
anonymous from United States  
now i get it i learned from diff site ty anyways=p
You are on page 4 of 52, other pages: 1 2 3 [4] 5 6 7 49 50 51 52

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: