Threat Description

SpywareSheriff

Details

Aliases: AdwareSheriff
Category: Riskware
Type: Rogue
Platform: W32

Summary



SpywareSheriff is an rogue antispyware application that uses false and/or misleading scan results and questionable interface design to push the user into purchasing a license.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Once installed, SpywareSheriff starts automatically during the boot process and performs a scan for spyware. The only simple way to close the application is to register for the license, and the license is required for any cleaning of supposedly detected malware.

In some cases, Spywaresheriff is advertised by a trojan with a hoax message that the system is unsafe. The trojan malware does not install the antispyware application. If the user clicks on the warning message, they are directed to a website from which the user can download and install SpywareSheriff.

Please note: it is possible to find, download and install this application without being pushed by a trojan. Search engine results can also lead to the discovery of spywaresheriff.com and a user can decide to install it on their own. The scan results however, will still contain false positives. See below for further details.

The SpywareSheriff antispyware application itself is not necessarily harmful to the user's computer.

Screenshot of trojan malware, detected as not-virus:Hoax.Win32.VB.l, generating a message that the system is unsafe:

Clicking on the message displayed above will open the computer's web browser to a page from which SpywareSheriff can be downloaded.

Screenshots of SpywareSheriff presenting a false detection:

The message above was generated on a previously clean system image. Note that the third item listed is telnet.exe, a Microsoft application installed with the Windows Operating System. The first and second items listed in this example are the trojan malware referred to above.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More