SpySheriff explained

Fullname:SpySheriff
Common Name:SpySheriff
Technical Name:
  • SpySheriff Variant
    • Adware.SpySheriff (Symantec)
    • Rogue:W32/SpySheriff(F-Secure)
    • Adware/SpySheriff.[Letter](Fortiguard)[1]
    • Adware-SpySheriff(McAfee)
    • ADW_SPYSHERIFF.[Letter] (Trend Micro)
    • DOWNLOADER_SPYSHERIFF (Trend Micro)
    • FREELOADER_SPYSHERIFF (Trend Micro)
  • BraveSentry Variant
    • Rogue:W32/BraveSentry (F-Secure)[2]
    • VBS_SENTRY.[Letter] (Trend Micro)
    • ADW_BRAVESEN.[Letter] (Trend Micro)
  • Pest Trap Variant
Aliases:
  • SpyDawn Variant
  • Alpha Cleaner Variant
    • Program:Win32/AlfaCleaner (Microsoft)
  • SpyBouncer Variant
    • Trojan:Win32/Spybouncer (Microsoft)
Type:Malware
Subtype:Rogue Software
Author:Innovagest 2000
Oses:Windows
Discontinued:2008

SpySheriff (also known as BraveSentry 2.0 among other names) is malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program.[4] Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove,[5] since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.

Websites

SpySheriff was hosted at both www.spysheriff.com and www.spy-sheriff.com,[6] which operated from 2005 until their shutdown in 2008. Both domains are now parked. Several other similarly-named websites also hosted the program but have all been shut down.

Features of a SpySheriff infection

See also

External links

Notes and References

  1. Web site: Fortiguard. 2005-09-21. https://web.archive.org/web/20220819193925/https://www.fortiguard.com/encyclopedia/virus/68579. 2022-08-19. live. 2023-08-17.
  2. Web site: Rogue:W32/BraveSentry Description. F-Secure Labs. https://web.archive.org/web/20230521120408/https://www.f-secure.com/sw-desc/rogue_w32_bravesentry.shtml. 2023-05-21. live. 2023-08-17.
  3. Web site: SpyDawn - Adware and PUAs. sophos.com. https://web.archive.org/web/20210828111114/https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/SpyDawn.aspx. 2021-08-28. live. 2023-08-17.
  4. Web site: Spyware tunnels in on Winamp flaw. Joris Evers, CNET News.com, February 6, 2006. 2009-11-01.
  5. Web site: Top 10 rogue anti-spyware. Suze Turner, ZDNet, December 19, 2005. 2009-11-01 . https://web.archive.org/web/20060119000827/http://blogs.zdnet.com/Spyware/?p=727 . 19 January 2006 . dead.
  6. Web site: SunBelt Security Blog. https://web.archive.org/web/20120308121146/http://www.gfi.com/blog/sleazy-install-of-the-week-2/. dead. 2012-03-08. Sunbelt Security. 2009-11-01.
  7. Web site: SpySheriff Technical Details. Symantec. 2009-11-01 . https://web.archive.org/web/20110806061609/http://www.symantec.com/security_response/writeup.jsp?docid=2005-122910-4625-99&tabid=2 . 6 August 2011 . dead.
  8. News: spysheriff.exe in SpyWareLoop.com. https://web.archive.org/web/20160118154901/http://www.spywareloop.com/infections/s/spysheriff-exe . dead . 2016-01-18 . Vincentas . Spyware Loop . 18 October 2012 . 27 July 2013.
  9. Web site: SpySheriff – CA . CA . 2009-11-01 . dead . https://web.archive.org/web/20070405133332/http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453096400 . April 5, 2007 .