sherif antispyware problems

  sype 12:39 30 Dec 05
Locked

my mate has had a problem with sherif antispyware which installed itself and then demanded his credit card number to get rid off all the trojons it had detected.we have removed the program using microsoft antispyware but he is left with a desktop background picture which warnes him his computer is infected. this picture is stuck it can not be changed in the desktop properties or by right clicking on a photo and clickiing set as desktop background. any ideas on how to get rid of this desktop background?
windows xp home

  Fruit Bat /\0/\ 12:55 30 Dec 05

Spysheriff
is malware and should not be used to clean a PC from spyware/ adware/ malware.

It's pretty bad e.g. if you try to use System Restore you will find that Spysheriff erased your restore points, so that won't work.

Instead follow these steps:

1. Open task manager by pressing Ctrl-Alt-Del, and click on the "Processes" tab. Look for Spysheriff there and kill the process if you see it. If you see a process named "winstall" (winstall.exe) then delete this one also.

2. In the control panel goto "Add/ Remove Programs" and remove the "SpySheriff" program. If it says that it cannot uninstall, then you still have it running. It will uninstall once it's not running.

3. Your desktop background will not be restored by that uninstall. Go into the registry by starting RegEdit.exe from the start button

4. Look for this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

It will have about 6 values stored that disable certain things. Delete this whole branch ActiveDesktop - the system will work with default values afterwards.
Also delete this branch in your registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

5. Look in your root directory for a file named winstall.exe. Mine was in c:\ and 24064 Bytes in size.
This file is scheduled to execute each time you boot and it will re-install Spysheriff.
Delete that file.
Update:
there may also be additional executable files that were created at the same time as winstall.exe. T
those files may be named 'winstall.exe' and 'ibm00001.exe'.
You should delete those files as well.
If you have this file ibm0001.exe please see the other article regarding ibm0001.exe. at click here

6. Restart your system.

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

The Pantone Colour of the Year 2017 is Green

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…