Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Disinfection & Removal
Rogue:W32/SpywareSheriff is an rogue antispyware application that uses false and/or misleading scan results and questionable interface design to push the user into purchasing a license. In some cases, Spywaresheriff is advertised by a trojan with a hoax message that the system is unsafe. The trojan, detected as not-virus:Hoax.Win32.VB.l, does not install the antispyware application but simply generates a message that the system is unsafe:
Clicking on the message displayed above will open the computer's web browser to a page from which SpywareSheriff can be downloaded. It is also possible to find, download and install this application without being pushed by a trojan. Search engine results can also lead to the discovery of spywaresheriff.com and a user can decide to install it on their own. The scan results however, will still contain false positives.
Once installed, SpywareSheriff starts automatically during the boot process and performs a scan for spyware. It then displays the fake results of the scan, saying that the system is infected, as seen in the screenshots below:
The message above was generated on a previously clean system image. Note that the third item listed is telnet.exe, a Microsoft application installed with the Windows Operating System. The first and second items listed in this example are the trojan malware referred to above. The only simple way to close the application is to register for the license, and the license is required for any cleaning of supposedly detected malware. The SpywareSheriff antispyware application itself is not necessarily harmful to the user's computer.