• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › Tutorials - HowTo › How to remove Spyware Sheriff and Antispylab

How to remove Spyware Sheriff and Antispylab

Myantispyware team May 18, 2006     No Comment    

Spyware Sheriff is an rogue antispyware application that uses Trojans and other malware into tricking or scaring you into purchasing it. If you are infected with this malware, your Internet Explorer home page will be reset to about:blank and display a fake Windows Security Center alert stating that you are possibly infected.

When you click on the button on this page it will bring you to the site antispylab.com which attempts to sell you either Spyware Sheriff, Adware Sheriff, or Regfreeze Antispy.This program will also create fake security alerts in the Windows taskbar stating that there are various security risks with your computer ranging from spam and hack attempts to Trojan infections. When you click on these alerts they will bring you to the antispylab.com site as well. There have also been reports of this infection crashing the legitimate Microsoft process lsass.exe.

lsass

When this process crashes, your computer will begin a countdown which at the end will shutdown your computer.

Read more about Spyware Sheriff: New rogue antispyware – SpywareSheriff

As your first step, please download HijackThis.

Important: Create a specific folder on your hard drive called HijackThis to keep its backups.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HijackThis.
Download HijackThis.exe into this folder.

Print out these instructions as we will need to close every window that is open later in the fix.
Download SmitfraudFix. Extract the content (a folder named SmitfraudFix) to your Desktop.

Download and unzip Avenger to your desktop.

Download CCleaner. Double click on the file for install.

Next, Download, install, and update the free version of Ewido security suite:

1. When installing, under “Additional Options” uncheck “Install background guard” and “Install scan via context menu”.
2. Run Ewido.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display “Update successful”)
5. Exit Ewido. DO NOT scan yet.

Reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Reboot again your computer in Safe Mode.

Start up Avenger.
Check the ‘Input script manually’ option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste the following bold text:

Files to delete:
C:\WINDOWS\system32\winapi32.dll

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Reboot your PC again in Safe mode.

Run HijackThis, Choose “Do a system scan only” and checkmark the box next to the following entries:

O2 – BHO: winapi32.MyBHO – {26C43C19-A1CE-456E-9CBF-77FFB9E92681} – C:\WINDOWS\system32\winapi32.dll (file missing)
O2 – BHO: (no name) – {77701e16-9bfe-4b63-a5b4-7bd156758a37} – (no file)

close all other windows and browsers, then click “Fix Checked”.

Reboot your computer .

Run Ewido

1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
2. If Ewido finds anything, it will pop up a notification. Please select “clean” and check the boxes “Perform action with all infections” and “Create encrypted backup” before clicking on OK.
3. When the scan finishes, click on “Save Report“. This will create a text file. Make sure you know where to find this file again.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

Restart your computer in normal mode.

Run the Panda online virus scan.

– Once you are on the Panda site click the Scan your PC button
– A new window will open…click the Check Now button
– Enter your Country
– Enter your State/Province
– Enter your e-mail address and click send
– Select either Home User or Company
– Click the big Scan Now button
– If it wants to install an ActiveX component allow it
– It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
– When download is complete, click on Local Disks to start the scan
– When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Your computer should now be free of the Spyware Sheriff and Antispylab.com infection.

If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below:

Spyware removal – Read Before Posting

Last update: 06/15/06

Rogue Anti Spyware Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Showtaggers.com Scam Netflix Tag Career
Showtaggers.com Scam Netflix Video Tagger
Topadvshop.com Click Allow Scam
Topadvshop.com Virus Removal Guide
Qtumcoin Bitcoin Payment Successfull Email Scam
Qtumcoin.net Bitcoin Payment Successfull Email Scam
Popup Blocker Gold adware
Popup Blocker Gold Chrome extension (Virus removal guide)
Globaldispadvertising.com Click Allow Scam
Globaldispadvertising.com Virus Removal Guide

Follow Us

Search

Useful Guides

DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
How to reset Google Chrome settings to default
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Posts

How to remove Spyware Soft Stop
New rogue antispyware – SpywareSheriff
New ransomware found
Internet Explorer “object” Tag Vulnerability
How to remove Look2Me – free removal tool

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.