请输入您要查询的百科知识:

 

词条 SpySheriff
释义

  1. Websites

  2. Known symptoms caused by SpySheriff

  3. See also

  4. References

  5. External links

SpySheriff, also known as BraveSentry, SpyDawn, SpywareBot, SpyAxe, SpywareSheriff, Pest Trap, SpyTrooper,[1] Spywareno, and MalwareAlarm,[1] is malware that disguises itself as an anti-spyware program, which attempts to mislead a user into buying the program by repeatedly informing them of false threats to their system.[2] The software is particularly difficult to remove from machines,[3] since it nests its components in System Restore folders, and also blocks some system management tools. Compared to most rogue antiviruses, SpySheriff prompts the user to register when an attempt to "Remove found threats" is made. However, SpySheriff can be removed if the user already has anti-malware tools on the machine, or, if not sufficient, owns a rescue disk.

Websites

SpySheriff was formerly hosted at www.spy-sheriff.com, which operated from 2005 until it was shut down in 2008.[4] Several typosquatted websites have also attempted to automatically install SpySheriff, including a fake version of Google.com (called Goggle .com), or spysherrif.com. Also, websites named after the alternative names of Spysheriff also hosted it before they too were shut down. As of 2015, Goggle.com, which had changed ownership due to a lawsuit by Google, was a survey scam. The website displayed links to Amazon.com items but as of 2017 the domain is no longer accessible as there is nothing on its HTML data other than the word "goggle". At the beginning of 2018, the site redirected to the scam site tango-deg.com, but as of October of 2018, it has a simple HTML markup with a top-level heading written "Goggle.com Inc."

Known symptoms caused by SpySheriff

  • SpySheriff reports fake malware infections and impersonates itself to detect real malware infections.[5][6]
  • Attempts to remove SpySheriff have been reported to be unsuccessful as SpySheriff will reinstall itself.
  • The desktop background may be replaced with an image resembling a Blue Screen of Death, or a notice reading, "SPYWARE INFECTION! Your system is infected with spyware. Windows recommends that you use a spyware removal tool to prevent loss of data. Using this PC before having it cleaned of spyware threats is highly discouraged."
  • Attempts to remove SpySheriff via the Add or Remove Programs control panel either causes the computer to restart unexpectedly or does not remove all components.[8]
  • Attempts to connect to the Internet in any web browser is blocked by SpySheriff, which replaces the user's desktop background with a blue warning screen saying that the system has been stopped to protect the user from spyware. Spy-Sheriff.com is the only accessible website that can be opened through the program's control panel.
  • Attempt to remove SpySheriff via a System Restore is blocked, via causing the calendar and restore points to not load. Because of this, users cannot restore their system to an earlier state. However, a loophole has been discovered, in that if the user undoes the last restore operation, the system will restore itself, allowing a chance to remove SpySheriff.[7]
  • SpySheriff can detect certain antispyware and antivirus programs running on the machine, and disable them by ending their processes as soon as it detects them, thus preventing its detection and removal by these programs as long as it is active on the system.
  • SpySheriff can disable the Task Manager and Registry Editor tools to keep the user from ending its active process or removing its registry entries from Windows. Renaming the 'regedit' and 'taskmgr' executables will fool it, however.

See also

  • Rogue security software
  • Trojan horse (computing)

References

1. ^{{cite web|url=http://www.spywareguide.com/product_show.php?id=2136|title=SpywareNo!|accessdate=2009-11-11}}
2. ^{{cite web|url=http://www.zdnetasia.com/news/security/0,39044215,39310016,00.htm|title=Spyware tunnels in on Winamp flaw|publisher=Joris Evers, CNET News.com, February 6, 2006|accessdate=2009-11-01}}
3. ^{{cite web|url=http://blogs.zdnet.com/Spyware/?p=727|title=Top 10 rogue anti-spyware|publisher=Suze Turner, ZDNet, December 19, 2005|accessdate=2009-11-01}}
4. ^{{cite web|url=http://sunbeltblog.blogspot.com/2005/10/sleazy-install-of-week.html|title=SunBelt Security Blog|publisher=Sunbelt Security|accessdate=2009-11-01}}
5. ^{{cite web|url=http://subsync.symantec.com/security_response/writeup.jsp?docid=2005-122910-4625-99&tabid=2|title=SpySheriff Technical Details|publisher=Symantec|accessdate=2009-11-01}}
6. ^{{cite news |url= http://www.spywareloop.com/infections/s/spysheriff-exe |archive-url= https://web.archive.org/web/20160118154901/http://www.spywareloop.com/infections/s/spysheriff-exe |dead-url= yes |archive-date= 2016-01-18 |title=spysheriff.exe in SpyWareLoop.com|author= Vincentas |newspaper=Spyware Loop |date=18 October 2012 |accessdate=27 July 2013}}
7. ^{{cite web|url=http://www.ca.com/securityadvisor/pest/pest.aspx?id=453096400 |title=SpySheriff - CA |publisher=CA |accessdate=2009-11-01 |deadurl=yes |archiveurl=https://web.archive.org/web/20070405133332/http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453096400 |archivedate=April 5, 2007 }}

External links

  • {{webarchive |url=https://web.archive.org/web//http://spy-sheriff.com/ |date= |title=Spy Sheriff Website }}
  • http://www.bleepingcomputer.com/forums/topic22402.html
  • https://web.archive.org/web/20120401221555/http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Program%3AWin32%2FSpySheriff
{{DEFAULTSORT:Spysheriff}}

5 : Rogue software|Windows trojans|Scareware|Spyware|Malware
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/22 4:11:10