SpySheriff, seen briefly in the previous post, during the video clip, is a decidedly nasty piece of malware that can often prove difficult to remove.

Masquerading as an anti-spyware program, it will attempt to dupe a user into purchasing an upgrade to the full edition, by alerting them to a continuous stream of false threats.

SpySheriff is coded in such a way that legitimate anti-spyware software will often overlook it.


A right pain in the a**e

SpySheriff is a real pain once it has installed itself onto your system, either expressly, or surreptitiously –

  • It cannot easily be deleted. Hidden components render removal via Add/Remove programs ineffective. Attempting to do so can often lead to crashed, including the dreaded blue screen of death (BSOD).
  • SpySheriff can disable internet connectivity whilst displaying the helpful message of, “The system has been stopped to protect you from Spyware”.
  • Another sure sign you have this piece of malware installed is the changing of your background screen to something that displays the following message – “SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged.”
  • It denies access to the popular anti-spyware sites, thus making it harder for those infected to find a solution online.
  • It prevents System Restore from working as it should, thereby preventing a user from reverting back to before SpySheriff was installed.

Removing SpySheriff

As previously mentioned, SpySheriff is not easily removed. If you are fortunate, then pressing F8 whilst your computer is booting will allow you to select ‘Safe Mode’ from which you may be able to successfully delete the program via Add/Remove programs.

Failing that, a genuine removal program, such as Adaware or SpyBot Search and Destroy, have been known to have varying degrees of success. If you have some computer knowledge then there are sites, easily found through a search, that will highlight the registry keys that need to be altered to render SpySheriff inoperative.

Attack of the clones

SpySheriff has become so well known a piece of malware that those behind it’s conception have made various clones of it, with different names, in order to reduce the chances of users seeing it for what it is. This includes alterations to the styling and visuals of the interface.

Some of SpySheriff’s other incarnations are known as –

  • SpyAxe
  • SpyShredder
  • Brave Sentry
  • Adware Sheriff
  • Pest Trap
  • SpywareQuake

Avoid it!

Considering the insane annoyance of SpySheriff, and the difficulty in removing it, the best option is to never have it on your system in the first place.

Other than the official site, the next most likely sources of this malware appear to be through clicking on pop-ups or having it installed in association with torrents that have been downloaded.

Be careful what you click on, and carefully read any instructions or user agreements before installing programs you happen to stumble upon across the internet.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind