Yesterday, I must have opened up a file that installed the spy sheriff program. It tried to run Spybot to remove the virus but soon after, I found my computer shutting down automatically, and unable to open up the desktop. The computer simply reboots, and will not open up windows xp. If any one has any suggestion on how to remove the virus or how I could stop my windows from shutting down automatically I would really appreciate your advice.
2006-08-18 03:00:04 · 7 answers · asked by mparedesucla 1 in Computers & Internet ➔ Security
if you have antivirus put install or recovery flopy or cd in turn off conp and reboot
2006-08-18 03:05:39 · answer #1 · answered by andrew_perrong 3 · 0⤊ 0⤋
2
2016-08-29 00:20:06 · answer #2 · answered by ? 3 · 0⤊ 0⤋
Follow these instructions carefully & slowly:
How-to remove SpyAxe, SpywareStrike, SpySheriff, Winhound and Smitfraud using noahdfear's smitRem.exe removal tool
SpyAxe:
SpywareStrike:
SpySherriff:
Winhound:
Smitfraud:
Will also remove: PestTrap, Security IGuard, SearchMaid, Antivirus Gold (AVGold), PSGuard, VirtualMaid, SpyTrooper and others in the smitfraud family.
Credit: noahdfear
1. Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
2. Place a shortcut to Panda ActiveScan on your desktop.
3. Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
4. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!
5. Next, please reboot your computer in SafeMode by doing the following:
a.Restart your computer
b.After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
c.Instead of Windows loading as normal, a menu should appear
d.Select the first option, to run Windows in Safe Mode.
6. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
7. Open Ad-aware and do a full scan. Remove all it finds.
8. Run Ewido:
•Click on scanner
•Click on Complete System Scan and the scan will begin.
•While the scan is in progress you will be prompted to clean files, click OK
•When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
•Once the scan has completed, there will be a button located on the bottom of the screen named Save report
•Click Save report.
•Save the report .txt file to your desktop.
Close ewido anti-malware.
9. Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
10. Reboot back into Windows and click the Panda ActiveScan shortcut.
•Once you are on the Panda site click the Scan your PC button.
•A new window will open...click the Check Now button.
oEnter your Country
oEnter your State/Province
oEnter your e-mail address and click send
oSelect either Home User or Company
oClick the big Scan Now button
•If it wants to install an ActiveX component allow it
•It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
•When the download is complete, click on My Computer to start the scan
•When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
If anything suspicious is found, or any problems persist, please post the contents of the Panda scan report, along with a HijackThis Log, the contents of smitfiles.txt and the Ewido Log in our Malware Removal Forum.
Have you've found the smitRem.exe removal tool useful? Please consider a donation to the author: Dave's World (noahdfear).
Notes:
1. For 98/ME, add to the control panel instructions (step 11) as follows: (thanks flrman1 )
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.
2. It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.
3. Windows 98 users may get a sharing violation error and smitRem stops when trying to delete oleadm.dll (oleext.dll). This is because it's hooked by the infected wininet. Pressing F will allow the tool to complete.
2006-08-18 10:39:27 · answer #3 · answered by borderline1311 3 · 0⤊ 0⤋
1. Open task manager by pressing Ctrl-Alt-Del, and click on the "Processes" tab. Look for Spysheriff there and kill the process if you see it. If you see a process named "winstall" (winstall.exe) then delete this one also.
2. In the control panel goto "Add/ Remove Programs" and remove the "SpySheriff" program. If it says that it cannot uninstall, then you still have it running. It will uninstall once it's not running.
3. Your desktop background will not be restored by that uninstall. Go into the registry by starting RegEdit.exe from the start button.
If your registry editor does not work, read this document "I cannot open the registry editor".
4. Look for this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
It will have about 6 values stored that disable certain things. Delete this whole branch ActiveDesktop - the system will work with default values afterwards.
Also delete this branch in your registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
5. Look in your root directory for a file named winstall.exe. Mine was in c:\ and 24064 Bytes in size.
This file is scheduled to execute each time you boot and it will re-install Spysheriff.
Delete that file.
Update:
As MG from Ottawa comments below, there may also be additional executable files that were created at the same time as winstall.exe. Those files may be named 'winstall.exe' and 'ibm00001.exe'. You should delete those files as well. If you have this file ibm0001.exe please see the other article regarding ibm0001.exe.
6. Restart your system.
Done.
2006-08-18 03:08:02 · answer #4 · answered by Eric D 3 · 0⤊ 0⤋
Sorry to hear about your computer. How do you know that your computer has been infected with Spy Sheriff? Did Spybot Search & Destroy detected Spy Sheriff on your computer? Spy Sheriff is pretty notorious. There are step-by-step instructions on how to remove it. But, your immediate problem is to logon to Windows. Try to start in safe mode. During the boot process, press [F8] and your computer will enter in to safe mode. In the safe mode , choose "....with network connection."
Log on to an account with administrative priliveges. Connect to the Internet and go to http://www.bleepingcomputer.com/forums/topic52345.html.
The webpage will give you step-by-step instructions on how to remove Spy Sheriff.
2006-08-18 03:22:03 · answer #5 · answered by What the...?!? 6 · 0⤊ 0⤋
you have a trojan & its (rw) trojan software so even if you go in safe mode and remove the trojan file your self when you come off safe mode and back to the desktop it will just come back this will kill it off and its (rw) software
this will fix it
XoftSpy 4.22 is the Latest and Most Advanced Spyware Detection and
Spyware
W32/Spybot
Browser Hijackers
Adware
Malware
Keyloggers
trojans
virus
worms
back door trojans
Malicious mobile code
MALICIOUS SCRIPTS
toolbar trojans that dont show up
hacking trojans to take your email accout/passwords
screen name account passwords
download xoftspy422 and install it then run it stop the scan and click on scan settings tick every box and click on where it says >> click here to select a folder then tick the (c) thats your hard drive if you have 2 hard drives tick the 2 of them then click ok
then click start when the scan is done click on remove tab
http://www.paretologic.com/products.aspx
ewido anti-spyware 4.0
http://www.grisoft.com/doc/10/lng/us/tpl/tpl01?prd=ews
2006-08-18 03:06:40 · answer #6 · answered by Anonymous · 0⤊ 0⤋
i guess your pc got virus liao.. got a type of virus always shut down pc. it prompt your 20sec to shut down.
i thk your better repair window. repair window will not delete any existing program. it only repair window i386 files.. trust me.. it works...
2006-08-18 03:08:50 · answer #7 · answered by Gary k 1 · 0⤊ 0⤋
I highly recommend you download SUPERantispyware. It will fix that problem. It is VERY VERY effective and it is free.
2006-08-18 05:22:32 · answer #8 · answered by Anonymous · 0⤊ 0⤋