DelphiFAQ Home Search:

Spysheriff blocks my desktop background - how to remove Spysheriff

 

comments774 comments. Current rating: 5 stars (299 votes). Leave comments and/ or rate it.

Question:

This morning I came to my computer and found an application named Spysheriff running. It supposedly had found a dozen of problems on my computer and demanded a purchase in order to remove them.
It also had changed my desktop background image so that it looked like a error message (see the screenshot):

screenshot of spysheriff


It tries to tell me that my computer is in really bad shape and I am in danger unless I pay them..

I tried to remove that desktop background image using the control panel but it is disabled! What can I do?

Answer:

Spysheriff is malware and should not be used to clean a PC from spyware/ adware/ malware. It's pretty bad e.g. if you try to use System Restore you will find that Spysheriff erased your restore points, so that won't work.
SpySheriff does come with an uninstall program which removes SpySheriff, but it will not undo all the other damage your computer has suffered.


Instead follow these steps:
  1. Open task manager by pressing Ctrl-Alt-Del, and click on the "Processes" tab. Look for Spysheriff there and kill the process if you see it. If you see a process named "winstall" (winstall.exe) then delete this one also.
  2. In the control panel goto "Add/ Remove Programs" and remove the "SpySheriff" program. If it says that it cannot uninstall, then you still have it running. It will uninstall once it's not running.
  3. Your desktop background will not be restored by that uninstall. Go into the registry by starting RegEdit.exe from the start button.
    If your registry editor does not work, read this document "I cannot open the registry editor".
  4. Look for this key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
    It will have about 6 values stored that disable certain things. Delete this whole branch ActiveDesktop - the system will work with default values afterwards.
    Also delete this branch in your registry:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  5. Look in your root directory for a file named winstall.exe. Mine was in c:\ and 24064 Bytes in size.
    This file is scheduled to execute each time you boot and it will re-install Spysheriff.
    Delete that file.
    Update:
    As MG from Ottawa comments below, there may also be additional executable files that were created at the same time as winstall.exe. Those files may be named 'winstall.exe' and 'ibm00001.exe'. You should delete those files as well. If you have this file ibm0001.exe please see the other article regarding ibm0001.exe.
  6. Restart your system.
    Done.

Update:

Some people asked about the company that makes SpySheriff. This is their London address:

Company:         SpySheriff Development Team
Street address:  Tooley 73a 
City:            London 
Zip:             EC1Y 1BL 
Country:         United Kingdom




Content-type: text/html

Comments:

You are on page 50 of 52, other pages: 1 2 3 47 48 49 [50] 51 52
2007-02-24, 13:59:33
anonymous  
rating
Very Helpfull piece of advice i was not sure at all when i started hunting for stuff in google.

but reading this found out that this was exact same problem that i had experienced few hrs ago. i am glad i didnt purchase there software. and used my antivirus programme to remove it.
since then everything was back except my desktop which did appear initially however did disappear everytime the icons came on the desktop.
tried the display settings but the background option was frozen and i couldnot use it at all.

but following this advise i was able to fix the problem

Thanks a lot.
2007-03-07, 17:02:44
anonymous from United States  
Where is that SPY SHERIFF building located anyway? Who are the members. The police should perform some kind of inspection on them.
2007-03-08, 09:26:46
anonymous from United States  
SOMEONE SHOULD ARREST THOSE BASTARDS. I HATE YOU SPY SHERIFF!!!!!
WHY DOESN'T ANYONE SHUTDOWN THEIR OFFICE OR HQ!!??
2007-03-13, 13:37:14   (updated: 2007-03-13, 13:42:17)
anonymous from United States  
Yahoo Has This Problem Fixed. I use various antispyware programs and most of them had fixed everything except the wallpaper issue until last week. Yahoo antispy that can be accessed through the yahoo tool bar ( available free through yahoo of course) will fix the problem without any manual editing of the registry. I personally will not do anymore registry editing myself do to the fact I have no idea what I'm doing so if you are like me this is the fix for you. Remember if you mess up your registry be ready to shell out big bucks to get it fixed or just tie a rope to you computer and you can use it as a boat anchor.
http://toolbar.yahoo.com/ You can also remove the toolbar after the problem is fixed if you don't like it.
2007-04-12, 06:24:16
[hidden] from United States  
rating
Great advice! My desktop properties are restored. No other evidence of PestTrap. Sure do appreciate the help.

Chris
2007-04-13, 04:09:45
anonymous from Romania  
rating
It's OK!!! It works. Thank you.
2007-05-05, 23:02:56
fighting_angel22@yahoo.com from Philippines  
im experiencing that problem now but there's no Spysheriff in the task manager or winstall.exe.. help please
2007-05-27, 00:16:10
anonymous from India  
my desktop background show in display properties as just like hide so, i cant't click on this background pict. what is the reason. Please solve it
2007-06-09, 11:16:52
anonymous from United States  
rating
Thank you and more!
Every place I went for help offered nothing that REALLY WORKED. My problem is gone.
Very awesome site.
2007-06-29, 03:14:57
anonymous from Kuwait  
Thanks friend, this really solved the problem, I got through 'Mallware' installataion. It is indeed a great help.
2007-08-16, 11:38:41
anonymous from United States  
there are too many folders under current user
2007-09-06, 21:13:05   (updated: 2007-09-06, 21:15:54)
anonymous from United States  
I was a victum also. I uninstalled what I had called spy-shredder but when I rebooted it reinstalled itself so I tried system restore but did not restore. Norton did detect and correct the issue on its own but I still had the white screen and you can't do anything in the desktop tab in control panle so I reinstalled XP...Praise God it doesn't wipe out your system files or any work you have but I still had the white screen. I emailed them 2 times and threatened to take my computer to a government agency and have them shut down for what they are doing figuring it is a scam. Guess what?...that's right, NO REPLY ! SO I was going to call them. no luck with their co name 'SS Development' so I by chance put in their address and look what I came up with,your website and the answer to my ( ALL ) of our problem. I did a search for winstall exe. but didn't find anywhere but when I went to reboot my screen was back!!! Whoever you are you are a blessing to all of us who found your website. Too bad we can't take them down.
2007-09-21, 13:28:51
sweet_stranger from United States  
rating
i have been trying for weeks to get my desktop back to the way it was and this did it for me. thank you so much.
2007-10-08, 22:05:21
anonymous from United States  
Many thanks! Your solution was a great help and worked perfectly. Awesome time saver. thanks again for taking time to put the solution out there.

2007-10-13, 10:16:57
anonymous from India  
thanks.....It feels nice, now...........
You are on page 50 of 52, other pages: 1 2 3 47 48 49 [50] 51 52

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: