Hello

I was attempting to download a crack for PSCS, and ended up downloading this virus called SpySheriff. What it does is makes that "Windows has done an illegal operation and will shut down" message pop up constantly. Spy Sheriff runs at start up. I looked at a website and a guy talked about how to get rid of it. Apparently it's simple enough, just disable it from the Task Manager to prevent from running at start up, then just remove it from add/remove programs in the control panel.

How do I unlock my Task Manager? When I go to shut down my comp, it gives options of Logg Off, Cancel, Lock Computer, and Task Manager, only task manager isn't selectible! How do I make Task Manager selectible so I can disable the virus from starting up at start up?

Here's the forum of the guy who explains how he got rid of it on his comp.
http://www.maxforums.org/thread.aspx?TID=315240&P=1

Please help me! This is pissing me off!

Thanks guys >:|

I was attempting to download a crack for PSCS

That was your first mistake...

Safe Mode in Win2000

Backdate OS Configuration in XP

http://www.winpatrol.com
Download that and install it, regardless. I don't care about your excuses, do it.

Last resort: re-format.

p/s: next time be careful when downloading cracks lol. Dont you have any anti-spyware/virus in your pc?

MOP: Get off your high horse and stop moralizing to me. As if anyone on this forum has a legit copy of PS.

Noserider: I'm not very savvy at this stuff. How do I go into Safe Mode?

Hariz: I sure did learn my lesson. Next time I'm going to use cracks that have ALREADY been downloaded!!!! :upset:

damn this SpySheriff asshat!

did u try using lavasoft's "Ad-aware"? helps get rid of most spywares and stuff. its free too.

and honestly... im using my friend's copy of a cracked PS. sharing is caring! :^^:

MOP: Get off your high horse and stop moralizing to me. As if anyone on this forum has a legit copy of PS.
Hariz: I sure did learn my lesson. Next time I'm going to use cracks that have been downloaded!!!! :upset:

Well...I have a legal Copy...(Elements2.0..more PS isn`t needet to be happy...)
I think you`ve got what you deserved...

If you want to learn how you can get in SafeMode maybe you should read Windows Helptexts or a Manuel if you have one...i use Win2000 so don`t ask me how things are working on XP

Edit= Lavasofts Adaware is a great deal..and your PC should be clean from anything if you additionaly use thins like Kerio Firewall and AntiVirXP

Kevin: My internet connection dosen't work because the spyware constantly tries to upload it's website, and that "illegal operations" message pops up non-stop. Also, according to that forum where the guy DID get spysheiriff off his computer, Ad-aware dosen't work! :nohope:

Corkey: Okay, whatever. I deserve it. Punish me!

But, how do I unlock my task manager? The guy said the virus could be disabled from the task manager, to stop it from running. Then simply removed from the add/remove in the control panel.

Ctrl+Alt+Delete and then you kick the damn thing from your Process-List.

Cork:

Really? Okay I'll try that tonight. If it works, you're the man :yayca:

I'm sure many people here have legal versions of Photoshop. If you don't have a legal version - don't tell anyone. Period. I can't see why mentioning that you were trying to download a crack is relevant to the discussion of how to get rid of that trojan (or whatever it should be called). With that said...

http://www.lavasoftresearch.com/spywareno.shtml

Removal
- no issues discovered 0.0

Once the SpywareNo! And SpySherifff applications are installed, they can be uninstalled using the add/remove programs feature in Windows and the uninstallers work correctly. Further installations of the applications (as reported) are not initiated by these applications, but through the original application dropper (Win32.TrojanDownloader.Small.awa) that first installed them if it is not removed properly.

Thanks for the help guys.

When I try to remove through add/remove in the control panel, it says "Could Not Remove because application is in use." It automatically runs by itself, even if you close it, it'll just pop up again and start running that pop-up "Error reported" window.

Someone said I could open up Task Manager, and take SpySheriff of the process list. So when I re-start my computer, it won't automatically run it. When I tried ctrl+alt+del, Task Manager is an option but it isn't selectible because it's been disabled.

When I enabled it, it still says it's "disabled" and can't open Task Manager.

My only problem is to some how open up Task Manager. Anyone know how I can do that? I've enabled it, but the computer says it's "disabled" and won't open.

Angry >:{Angry >:{Angry >:{Angry >:{Angry >:{

http://www.winpatrol.com

Did you think I was kidding you? Download it NOW!!

Read what it does.

http://soho.sygate.com/free/default.php
http://www.grisoft.com/doc/71/lng/us/tpl/tpl01
Download those and install too.

Noserider:

I didn't contradict you. I didn't say I did not believe you. I'm sure those things work wonderfully if I can get to the freakin' link on my computer.

However, like I mentioned earlier, I CAN'T access the internet from my computer because of f**kin virus won't let me. All it does is make that "Windows has encounted a problem..." message pop up constantly. I have no access to internet to download the links you provided.

I got the task manager to work and removed the SpySheriff from the process list, as well as removed it from the add/remove control panel. However, it's still affecting my computer!!!! :upset: :upset: :upset: :upset: :upset:

If you can't access the internet with your computer, download the files to someone else's computer, and put whatever downloads on a usb or cd or something, and stick it in your comp, then install.

and I own legit copies of all my software. Lots of people do. It's not cool to start calling everyone pirates.

Squipy:
Yep, I just spent the past hour trying that too. I saved them to my USB drive, then transfered them on my comp and tried to install em. It just aint working.

I got so close...

I got ad aware from another computer, put it on my USB, then plugged into my computer. The virus makes the computer restart/refresh all windows every 5 seconds. So I had to go from desktop>start menu>my computer>USB drive>Ad Ware (click & drag to desktop), in 5 seconds. It took me about half an hour worth of tries, but I finally got it on my desktop and began to install it.

It detected the virus, and right when I was going to click "remove critical objects," my f***in AOL instant messanger popped up and froze the computer! >:{ >:{

However, like I mentioned earlier, I CAN'T access the internet from my computer because of f**kin virus won't let me. All it does is make that "Windows has encounted a problem..." message pop up constantly. I have no access to internet to download the links you provided.

Detect HOSTS file changes.
http://www.winpatrol.com

Your host file was changed, I know from first hand experiences.


WINNT\system32\drivers\etc\hosts
Open up your 'hosts' file with wordpad. It should look like this:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

127.0.0.1 localhost: if you see anything besides that, the trojan is locking you out of the internet.

Go to start menu, click on Run, then type msconfig

A window will pop up, go to the last tab on that window, look for the virus, and uncheck it, so it wont be loaded in start up.
Take a note of the file name and location of the virus (it should be shown in the msconfig window). Go to that location and manually delete the file.

Next, do a search on the same file name, if there's anything with same file name come up, delete it. (if you aren't sure if they are important files, make a back up copy on a floppy or something).

Then, go to start menu again, click on Run, type regedit. The registry editing window will show up, and do a search on "spysherrif" or whichever the file name you obtained earlier in the msconfig window. Delete the registry contain info with that software, and do a search again, until your registry is completely free of it.

Hope that helps.

12:00pm: I just started re-installing all those downloaded programs: Max, Maya, Photoshop, Flash, Dreamweaver, Premier, AfterEffects, Vegas, all that illegal shit.


:^^;: :x


:^^:

Denart:

All those programs were provided to me by the art school I was attending. They provide educational versions for all their students to be able to work on their own.

That's pretty generous, UK schools tend to have Edu versions in the computer rooms but in my experience they don't buy licences for students to use at home.

Then again they don't charge 80-100k in fees either I suppose.

All those programs were provided to me by the art school I was attending. They provide educational versions for all their students to be able to work on their own.
then forgive my jab :nohope:

SteveO: That sucks man. The instructors here practically install them on your computers for you (if you bring in a laptop). Plus, the educational versions of those programs have watermarks that identify them from legit copies, so they can't be used to sell anything you make on them. That's too bad. :^^;:

Den: No probem. :wink: