SpySheriff

[Guest]

Hi.

I was recently hiit by SpySheriff. What a nightmare. I got most of it off,
but the Regitry values for my Mircosoft Antispyware are now screwed up.

HKEY_CURRENT_USER\Software\GIANTCompany\AntiSpyware\Alerts\D0F862AF-6278-4B4F-974F-B33289

has the values for both "Filepath" and "RegistryValue" set to "c:\program
files\spysheriff\spysheriff.exe"

What should the proper values be???

 

[Guest]

Hi Bernard;
Please join or follow the thread "Spy Sheriff " started by PG
9/8/2005 on microsoft.private.security.spyware.GENERAL

Subject: Re: Smitfraud
From: "plun" Sent: 10/1/2005
General forum

http://www.bleepingcomputer.com/for...Sheriff_Winstallexe_Spysheriffexe-t22402.html

Engel

 

[Guest]

My apologies. I clicked that the post did NOT answer my wuestion when in
fact it did.

Also of note, Ewido has a little function (Under Analysis - Startup) that
showed my computer trying to run "Kernels64.exe", which has been another
problem I was trying to deal with.


Cheers,
Gregory

 

[Guest]

Hi again,

This is what I found in the Virus Encyclopedia:

"Kernels64.exe"

Trojan-Downloader.Win32.Tibs.aw

This Trojan program downloads files via the Internet without the user's
knowledge or consent. The Trojan itself is a Windows PE EXE file
approximately 6KB in size, packed using FSG. The unpacked file is
approximately 49KB in size. Once launched the Trojan creates a file named
"kernels64.exe"

I sugesste tu run
Kaspersky
http://www.kaspersky.com/virusscanner

Let us know how it works ºut.

Engel