6.22.2005
i shot the sheriff!...
yesterday about 3:00 pm i got hit with a nasty spyware related malware virus. it presents istself as a rougue application called "spy sheriff". there really is no such thing as spy sheriff but they want you to think there is. here's what went down. i was on the web when i suddenly received about 18 virus messages from my anti-virus program, telling me i had virus's called troj_delf.dg, troj_delf.hc, troj_delf.nw, troj_harnig.gen, bkdr_haxdoor.bn, etc. this did not fill me with warm fuzzies! at about the same time a "program" popped up on my screen called "spy sheriff" that wanted me to scan my system for spware at once! the progam looked legitimate enough, and if it wasn't for the fact that i sort of know a bogus app when i see one, i could see how a less informed user would have wanted to run it. i closed the app immediately and attempted to remove it via add\remove programs. i was sure that this wouldn't actually remove it and sure enough, it ressurected itself once i rebooted. somewhere along the line, a website dropped me a malicious program and installed it, unbeknownst to me. another thing that happened was that it replaced my exisitng background wallpaper with a black box which read: "System Stopped! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended that you use a spyware removal tool to prevent data loss. DO Not use computer before all spyware is removed". i knew i was screwed at that point becuase i did not recognize this to be any sort of a legitimate windows message. when trying to reset my background i realized that it actually disabled my display property buttons so that you couldn't manaually change it back. even a registry hack would not fix it! this turned out to be a very tricky challenge. i played around with various anti-spyware apps such as lava-soft ad-aware, spybot, trend house-call, etc. (with updated definition files) and nothing would kill it. i came into work last night at about 9:30 and it took me til close to 1 am to get it fixed! i ended up searching the deep, dark, underbelly of the www til i found a forum called "the tech guide forum". here i found someone who had experienced the very same problem, along with a helpful teckkie named vic who outlined about 6 pages of repair instructions. i stuck with it and used programs i had never even heard of before, such as "pocket killbox" from bleeping computer, ewido security suite from ewido.net, cleanup! 4.0, and panda active scan. in the end, with much determination and perserverence, i slew the dragon and am now functioning at 100% capacity. i have since tightened up my spyware software, updated my virus definitions, and gained some anti-spware skills. if this can happen to me, trust me, it can happen to anyone. if you ever have the dreaded spy sherriff, send me an email and i can provide step-by-step removal instructions.
Subscribe to:
Post Comments (Atom)
5 comments:
Nasty stuff man! Hey, btw, curious to know if you were using IE when this happend? If so, think of switching to Firefox. It might help to prevent this from happening to you again. IE will let a web page install just about anything.
i have firefox installed but i don't use it much. i use i.e. 6.0.2800 sp2, mostly out of habit but also because some of our web based programs require i.e.
..congratulations on murdering the sherriff... may he burn in "H E double hockey sticks"!
I've gotten to the point where I don't even use IE unless a website requires it (similar to you, mostly work related web based programs). I flat out don't trust it! Aside from that, tabbed browsing in firefox just rocks!
hi. read abt your experience with spy sherriff. my computer has just been infected. could you email me instructions on the removal pls? my email is trontroy@gmail.com thanks!!! :)
windy
Post a Comment