STOP Spysheriff Trojans

How to STOP Spysheriff and never comeback to user's PC?
After we delete the spysheriff trojans using Spybot S&D, the icons are already cleaned. But after couple of weeks, the shadow of icons will comeback & if you scan it again using that program, it'll be detected again you need to delete it again.
So the question is, how to STOP that Trojan for coming back?
Stiebel EltronAsked:
Who is Participating?
 
rpggamergirlCommented:
You have 2 antivirus?
You only need one antivirus and one firewall, having 2 will not give you better protection infact it will just cause conflicts and inefficient protection.


Run combofix again using this script.
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\windows\_id.dat
c:\windows\adobe.bat
c:\windows\system32\bdod.bin

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a924e04-f8a6-11dd-8ea2-e44ae81cb512}]
------------------------------------------------------------------------
3. Save the above as CFScript.txt in the same location as Combofix.exe.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.


Did Spybot gives you what reg key or the location of the Spysheriff?
There is one entry there that I haven't got any info about.
0
 
David-HowardCommented:
This can be removed with the SmitFraud removal tool. Directions and the tool are located here.
http://www.bleepingcomputer.com/forums/topic22402.html
0
 
AllamzCommented:
Hello stiebel,

Please Download MalwareBytes, update it and try to run a full system scan in safe mode.

Best Regards,

Mohamed Allam
Senior Software Developer
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Stiebel EltronAuthor Commented:
My response to David-Howard & Allamz,
I'll test first both your advise & get back to you soon for the result.

Thanks a lot!

Regards,
Dan
0
 
Stiebel EltronAuthor Commented:
My response for David-Howard:
- I've test it already, scan in Safe Mode, but didn't help to fix/delete the malwares, spies, & other Trojans.

My response for Allamz:
- I've test it as well, found some Object Infected, around 1-3 items only, mostly in registry values. But didn't help fix/delete the other malwares, spywares, specially the spysheriff trojan.

Both suggestions, I've tested it on PC's that are infected with Malwares, Spywares, & other Trojans.

Any other suggestions?

Regards,
0
 
rpggamergirlCommented:
Smtfraudfix should have taken care of it, wonder why it didn't.
Try Combofix, we need to see the log afterwards to make sure it's clean.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
0
 
Stiebel EltronAuthor Commented:
My response to rpggamergirl:

Kindly check the attached file for the logfile of my PC after scanning ComboFix program.
I scan it already using Smitfraud & Malwarebytes as well.

So let me know for you feedback.

Regards,
log.txt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.