Joe said:
I recently had a computer that was infected with the spyware "Spy Sheriff".
I removed it, or I'm pretty sure I did, but I am still getting this annoying
pop-up every
5-10 seconds. It is the windows update icon (the world) down in the lower
left hand corner by the time and blicks from the world to the red "x". It
says that the computer is infected with Malware and to click here to remove
it. When I click on the bubble the message dissapears, nothing happens, and
then it reappears 5 seconds later. Get's really annoying. I'm pretty sure
the PC is clean, now how do I get rid of this warning. Thanks!
SpySheriff is especially tough to get rid of. Here is a (lengthy)
procedure posted by David H. Lipman to
microsoft.public.windowsxp.general on 30 Dec 2005 that has worked for
me:
******
Perform Part 1 then perform Part 2.
It is suggested that you execute each tool in Normal Mode then in Safe
Mode.
If you are using any version of Sun Java that is prior to JRE Version
5.0, then
you are are strongly urged to remove any/all versions that are prior
to JRE
Version 5.0. There are vulnerabilities in them and they are actively
being exploited.
It is possible that is how you got infected with malware.
Therefore, it is highly suggested that if there are any prior versions
of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version
5.0 Update 6
be installed ASAP.
http://www.java.com/en/download/manual.jsp
Use the alternate if the first two parts are ineffective...
Note: Alternate only for Win2K, WinXP and Win2003 Server
Part 1
-----------
Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1
http://www.bleepingcomputer.com/forums/topic36868.html
Part 2
-----------
Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe
Execute; SmitFraud.exe { Note: You must accept the default of
C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow WGET.EXE
to go through your
FireWall to enable WGET.EXE to download the needed McAfee related
files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be
generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox
or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before
performing another scan.
Alternate:
Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal
tool.
http://secured2k.home.comcast.net/tools/AntiPuper.exe
http://forums.mcafeehelp.com/viewtopic.php?t=65072
*****
Good luck
Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca
"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."
