SpySheriff

Description:	Adware
Risk Level:	High
Date of First Occurence:	Wednesday, April 16, 2008
Software Developer:	SS Development
Brief Info:	SpySheriff is part of a strain of adwares and spywares that have recently been identified that all have one thing in common: they install through the ByteVerify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc.
Removal:	This threat can be removed using "Spyware Terminator"

REMOVER SPYWARE »

Geographical Distribution of Threat "SpySheriff"

Threat Info

View All

Detected Items

Detected Files: %SYSDIR%\kernels64.exe MD5: 9F3483DE3F08110B88DBDE3E58E182F1 Size:22272 MD5: D6B2350F1891ED5992BF10AE26E78AA3 Size:12800 MD5: 1C18123572A21E23D724D9A9B7987B06 Size:7855 MD5: 3B94723180CEB94DFA85364D49594259 Size:29184 MD5: C6E7B913101FCABB6119807C5E848612 Size:30464 %SYSDIR%\msupdate32.dll MD5: 1CC848C5D6A4CFD449B3ACA39A3F4B3F Size:488582 MD5: B5927DBC34E2E3B510BE2AB7786D607B Size:59904 MD5: 4022668057C25DB60B107C9D6C0AB2DA Size:476672 %SYSDIR%\winrkp32.dll MD5: DB10C1107A4B9C8CD656CA6278DFFD87 Size:39424 MD5: DE8200448C85B46F7BB32C954B78D275 Size:32256 MD5: 29181E5B9980F42DF565F7A004ABA5B2 Size:25088 MD5: 868FE0F60864F1350ACA242C3918BA22 Size:32768 MD5: 814B3C26B0710D6A5DFDF66CBF8FCC2C Size:32256 MD5: 86FE8B1C2EA6AC054BAE231A7A9B6A7E Size:32768 MD5: 1A114515629879A14B6A9F363C7F9D75 Size:34304 MD5: B7F49DABC0D0C47191667EBBA682F482 Size:33280 MD5: 864A491419403B690EAE2D2A85E20723 Size:33792 MD5: 4FCD0940467E74694D0A91774E762140 Size:32256 MD5: 8BE74A81488305CF380139AB8570916F Size:33792 MD5: 9C6425993A4C8C96291587343A523500 Size:32768 and more.... d:\winstall.exe MD5: 6F0254184B76F90D22AEB8999EFA233B Size:44928 MD5: E4AB52570C1868B2FFDDBE573628E34D Size:10000 %PROGRAMFILES%\spysheriff\uninstall.exe MD5: FA8BBA129D657865C37E0F6188460AF9 Size:115200 MD5: 40895338DB8C25289D8BE0E2B4BD9BF4 Size:115200 MD5: 2494B9328B088D42863BC06BC9B6284B Size:40960 MD5: F7D4E2A836D6BDC0EA7FBA3C8695783E Size:36864 MD5: CEEA028F27A1283B99BF2E9CFB5E1CC5 Size:36864 MD5: A846E764E1B11EDDA7B233EED37B60F3 Size:36864 %PROGRAMFILES%\spysheriff\spysheriff.exe MD5: 95269D2D23F63A48BF6BDA62610B6474 Size:415232 MD5: 066CC164AA8E01065D9D562BC5CC3577 Size:415232 MD5: 20BCB6702B03AAF67CFFB86486969C78 Size:464896 MD5: EF14F4E471E1EBAD39671851BB1F3FCC Size:415232 MD5: C4507ADBA36BDC43BD314CB1EF8FFB08 Size:284160 %SYSDIR%\kernels8.exe MD5: CF929F3166ECA29A9E85271E72053D16 Size:8973 MD5: 06BC0F2EFDA4878B8AAD210310872434 Size:7792 %SYSDIR%\kernels32.exe MD5: 7CCFB92A4F9F1F2D209E082924F0A9DB Size:11226 MD5: B489867CFAAC8C8F2994E55A9151B6E7 Size:11394 MD5: 4127B60CB3D7202E4B7A98E21F514CB4 Size:10192 MD5: 8FD8462E4CEB28252143C75850319F0E Size:11093 %PROGRAMFILES%\spysheriff\ProcMon.dll MD5: 90E91D823F0A30178E76BACA5575C604 Size:32768 MD5: BD9172427AB0C6B0327A2DAF322DE4E2 Size:32768 MD5: 894745B78819BFE885A068B5412DD192 Size:32768 %PROGRAMFILES%\spysheriff\IESecurity.dll MD5: 1FA175CFDA0B37155EAAAEF909B2CEE3 Size:42496 MD5: 04EA7F07722C9C03CF932876A841183A Size:42496 MD5: B80DEC9F5A9CD9691C783DB42CA838C8 Size:42496 %PROGRAMFILES%\spysheriff\heur003.dll MD5: 2046BFFBEDD984DDCDB7E10A592F446C Size:36864 MD5: 90EF70862C1ED43303F1D1EBC8DE04EE Size:36864 MD5: 0E9FBC59BE9FA8B1BA619D56D33684D7 Size:40960 %PROGRAMFILES%\spysheriff\heur002.dll MD5: CF436C57CC76BFDBE8EBFBD6249B889A Size:36864 MD5: BC16ED652C213CF017247971DF829FF3 Size:36864 MD5: 09B9B4B1B3EE2133DE0A5EA5004FEBFD Size:36864 %PROGRAMFILES%\spysheriff\heur001.dll MD5: 10B3C3C9E7EDFEC401A7AA100BCDD314 Size:40960 MD5: 9D186D82C96095A15172685C1BD852B0 Size:40960 MD5: DADB19A479D815B02C29A034E79BB13E Size:45056 %PROGRAMFILES%\spysheriff\heur000.dll MD5: 9187753B9AA5F26261EB945559EAAAF1 Size:53248 MD5: 2CE95F4926B525451AEB3D13B6F35B4A Size:57344 MD5: FB2D9138A801EC0372C126F7D30BB9BD Size:57344 %SYSDIR%\winrkp32.dll MD5: 8C47C091DDE35BF14C41678674772522 Size:32768 MD5: C39E6C0B24DD68CA97511ADFA016C8C4 Size:32768 MD5: B27DFEC949A8490BB82901D4F4223EE6 Size:32256 MD5: 84BF8C47195CF5D8ED1D32553E7BA19C Size:32768 MD5: EAF5E0C1269BBDAFD5DEDB6A9FE6F8E9 Size:31232 MD5: 44CECC24C84CEAD372F932D01AFEEA12 Size:26624 MD5: 0455FD802344F2783A27C4AD245EE271 Size:25600 %SYSDIR%\z11.exe MD5: 52814B5DE01F7DB543C62497BA4ACBC4 Size:32256 %PROGRAMFILES%\SpySheriff\SpySheriff.exe MD5: 4FA88FA3979340D1B4C42F8D60471EE6 Size:415232
Detected Files with variable Filenames: MD5: 2494B9328B088D42863BC06BC9B6284B Size: 40960 %PROGRAMFILES%\spysheriff\uninstall.exe %PROGRAMFILES%\spysheriff\uninstall.exe.ren MD5: 066CC164AA8E01065D9D562BC5CC3577 Size: 415232 %PROGRAMFILES%\spysheriff\spysheriff.exe %PROGRAMFILES%\spysheriff\spysheriff.exe.ren MD5: 5D5AEBBBFCDF7B3C1C807F73F94744B4 Size: 119808 %PROGRAMFILES%\spysheriff\heur002.dll %PROGRAMFILES%\spysheriff\heur002.dll.ren MD5: DC222E58A2A69D78256BD6D0E3EA3BEC Size: 127488 %PROGRAMFILES%\spysheriff\heur001.dll %PROGRAMFILES%\spysheriff\heur001.dll.ren MD5: FA9BB31FECA954A33860AAF40997AC5A Size: 427 %SYSDIR%\z16.exe %SYSDIR%\z15.exe %SYSDIR%\z14.exe %SYSDIR%\z12.exe %SYSDIR%\z13.exe %SYSDIR%\z11.exe

Detecting items list:

Files by Name %programfiles%\spysheriff\heur000.dll %programfiles%\spysheriff\heur001.dll %programfiles%\spysheriff\heur002.dll %programfiles%\spysheriff\heur003.dll %programfiles%\spysheriff\IESecurity.dll %programfiles%\spysheriff\spysheriff.exe %programfiles%\spysheriff\uninstall.exe %sysdir%\kernels32.exe %sysdir%\kernels64.exe %sysdir%\kernels8.exe %sysdir%\msupdate32.dll %ProgramFiles%\SpywareNo\SpywareNo.exe %SystemDiskRoot%\winstall.exe d:\winstall.exe %systemdiskroot%\winstall.exe %programfiles%\spysheriff\procmon.dll %windir%\desktop.html %windir%\adsldpbc.dll %sysdir%\DFLNL.EXE %sysdir%\sndmixex.dll %windir%\sndmixex.dll %windir%\winrkp32.dll %sysdir%\winrkp32.dll %sysdir%\z11.exe %sysdir%\z13.exe %sysdir%\z12.exe %sysdir%\z14.exe %sysdir%\z15.exe %sysdir%\z16.exe %START_PROGRAMS%\SpySheriff\SpySheriff.lnk %DESKTOP%\SpySheriff.lnk %TEMP%\us0046.exe
Files by MD5 MD5: 55155CD6E87C9E8098BB3429EBF26365 Size: 49664 MD5: 8B2FABAD839A13F996D9D21E8230AF2B Size: 29184
Files by Directories %programfiles%\spysheriff %START_PROGRAMS%\SpySheriff
Registry Keys HKCU\Software\SpySheriff HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpySheriff HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spy-Sheriff
Registry Values HKCU\Software\Microsoft\Windows\CurrentVersion\Run ValueName=Windows installer Value=%SystemDiskRoot%\winstall.exe

« Go to Software Database

Pesquisar em nosso banco de dados de software

Navegar pelo Banco de dados

Últimas notícias sobre Malware

23. Setembro 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notícias anteriores sobre malware »