STOP Spysheriff Trojans

Posted on 2009-04-24
Last Modified: 2013-11-22
How to STOP Spysheriff and never comeback to user's PC?
After we delete the spysheriff trojans using Spybot S&D, the icons are already cleaned. But after couple of weeks, the shadow of icons will comeback & if you scan it again using that program, it'll be detected again you need to delete it again.
So the question is, how to STOP that Trojan for coming back?
Question by:Stiebel Eltron
    LVL 27

    Expert Comment

    This can be removed with the SmitFraud removal tool. Directions and the tool are located here.
    LVL 6

    Expert Comment

    Hello stiebel,

    Please Download MalwareBytes, update it and try to run a full system scan in safe mode.

    Best Regards,

    Mohamed Allam
    Senior Software Developer

    Author Comment

    by:Stiebel Eltron
    My response to David-Howard & Allamz,
    I'll test first both your advise & get back to you soon for the result.

    Thanks a lot!


    Author Comment

    by:Stiebel Eltron
    My response for David-Howard:
    - I've test it already, scan in Safe Mode, but didn't help to fix/delete the malwares, spies, & other Trojans.

    My response for Allamz:
    - I've test it as well, found some Object Infected, around 1-3 items only, mostly in registry values. But didn't help fix/delete the other malwares, spywares, specially the spysheriff trojan.

    Both suggestions, I've tested it on PC's that are infected with Malwares, Spywares, & other Trojans.

    Any other suggestions?

    LVL 47

    Expert Comment

    Smtfraudfix should have taken care of it, wonder why it didn't.
    Try Combofix, we need to see the log afterwards to make sure it's clean.

    Please download ComboFix by sUBs:

    You must download it to and run it from your Desktop
    Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    Double click combofix.exe & follow the prompts.
    When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
    Re-enable all the programs that were disabled during the running of ComboFix..

    Do not mouse-click combofix's window while it is running. That may cause it to stall.
    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:

    Author Comment

    by:Stiebel Eltron
    My response to rpggamergirl:

    Kindly check the attached file for the logfile of my PC after scanning ComboFix program.
    I scan it already using Smitfraud & Malwarebytes as well.

    So let me know for you feedback.

    LVL 47

    Accepted Solution

    You have 2 antivirus?
    You only need one antivirus and one firewall, having 2 will not give you better protection infact it will just cause conflicts and inefficient protection.

    Run combofix again using this script.
    1. Open Notepad.
    2. Now copy/paste the text between the lines below into the Notepad window:

    3. Save the above as CFScript.txt in the same location as Combofix.exe.
    4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

    Did Spybot gives you what reg key or the location of the Spysheriff?
    There is one entry there that I haven't got any info about.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now