SpySheriff. How to remove? (Uninstall guide)

removal by Alice Woods - -   Also known as Spy Sheriff | Type: Malware
12

SpySheriff is an extremely dangerous corrupt anti-spyware tool that sabotages a user’s system in order to scare him/her into buying its “full” version. Unlike other rogues, Spy Sheriff does not only display fake threat scan reports, it may also block your access to internet and hijack your web browser.

If you have been infected with SpySheriff, use our manual removal instructions to get rid of it, or download a legitimate spyware remover from our database to do it for you.

Spy Sheriff is intersting parasite because its hard to remember its exact name.. There are plenty of misspelings like: spy sherrif, spysherriff, spysherif, spy sheriff and so on…

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove SpySheriff you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall SpySheriff. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
SpySheriff snapshot
SpySheriff

SpySheriff manual removal:

Kill processes:
spysheriff.exe,winstall.exe

Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunSNInstall

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunSpySheriff

HKEY_CLASSES_ROOTCLSID{202B0EFD-2CB9-039B-2B11-A3579D6D56A3}

HKEY_CLASSES_ROOTCLSID{7C43E35C-A398-7C5F-B1BA-7E87073BE150}

HKEY_CLASSES_ROOTCLSID{9CB4CE93-8CC7-9E03-1037-2DD837E3A52E}

HKEY_CURRENT_USERSoftwareSpySheriff

HKEY_LOCAL_MACHINESOFTWAREMicrosoft WindowsCurrentVersionUninstallSpySheriff

Delete files:
spysheriff.exe,winstall.exe,heur000.dll,heur001.dll,heur002.dll,heur003.dll,iesecurity.dll,procmon.dll,uninstall.exe,desktop.html,wallpaper.html

Delete directories:
C:Program FilesSpySheriff

C:Documents and Settings[Current User]Start MenuProgramsSpySheriff



Delete all the files inside C:WindowsPrefetch or C:WinntPrefetch.

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author


  • Guest

    How do you unlock the background wall paper that has been locked to the spysherif add? The change background option has been locked out, how do I unlock it?

  • Guest

    I am having the same trouble with my display background……how do you unlock it?

  • Guest

    I am having the same trouble with my display background……how do I unlock it?

  • Guest

    I deleted SpySheriff within an hour from my computer but I do not see where I can contact them to get a refund? They claim satisfaction guarenteed money back?
    Natlcondis@aol.com

  • Guest

    I shot the sheriff!!! and it was all thanks to this website and spydoctor, i love u guys at 2-spyware u saved my pc and prevented my nervous breakdown, ure my gods!!!

  • Guest

    To unlock your desktop wallpaper go to the registry folder:
    HKEY_CURRENT_USERSoftwareMicrosoft WindowsCurrentVersionPoliciesActiveDesktop

    The ActiveDesktop folder holds various keys that can lock out desktop settings. Just delete the folder and restart. The values will be recreated to their default state. Which will unlock your wallpaper.

  • Guest

    Microsoft AntiSpyware (WinXP) recognizes and removes most of SpySheriff

    • Guest

      Thats now known as Windows Defender, for XP, Vista and 7. Anyway, time to get back to business…

  • Guest

    just wondering if you guys know anything about getting a refund, or if it actually takes your money??

  • Guest

    Company: SpySheriff Development Team
    Street address: Tooley 73a
    City: London
    Zip: EC1Y 1BL
    Country: United Kingdom
    so far i have found these contact details… i think they should be giving more than just a refund however and deserve to be closed down.

  • Guest

    Tried to unlock my desktop using procedure from Guest on 01/04/2006 suggestion and desktop is still locked. Removed ActiveDesktop Folder as he suggested but it was NOT re-created. Now what do I do ??

  • Guest

    Spysheriff has deactivated my task manager,cannot access it by right click on mouse on the taskbar,pop up banner says it has been deactivated by system administrator.Can access in safe mode but do not know how to activate from there.Can anyone provide a resolution?

    • Hi

      Start the computer in safe mode with networking then go to http://www.filehippo.com/ and download malwarebytes. Spysherriff often disables it so go to start menu find malwarebytes anti malware click on it find a folder icon and click on it and find chamilion and you should be told how to work it and then open it enable free trial do a flash scan then run a threat scan.

  • Guest

    I got rid off the ennoying wallpaperthing!
    Indeed go to the register like guest on 6/01 said,
    go to

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

    and delete the key named “Wallpaper”
    Then you can unlock the things…
    Good luck!

  • Guest

    when i try to open up the the file it says that my memory if full when i know that is not true. this virus if screwing me over. how do i get rid of it.

  • Guest

    I have got rid of all problems you discussed in your article. However, I keep getting messages on desktop (right lower corner) from norton that it is scanning message 1 of 1 repeatably. It seems that spysheriff has done something to outlook express in the send area.

    Jerry Nance

  • Guest

    You need to be careful. I did not buy spysheriff—-visited a site and it was downloaded on me before I knew it. When I went to my desktop– there it was already installed.

    Jerry Nance

  • Guest

    I got hit with the SpySherrif. Thankfully the System Restore saved me.
    Randy

  • Guest

    I was hit by Spy Sherriff and for the first time in my life, got online to see of there is a class action lawsuit against this company. I am not a lawsuit oriented consumer but getting this software off has caused me to lose about six work hours in the past two days. Their intrusion must be illegal. Maureen

  • Guest

    I think i got spysheriff from APACHE WEB SERVER. Please excersise caution when installing this software/service. -flippo

  • Guest

    Spybot can remove most of Spy Sheriff except the part that gives you a bogus warning message on Internet Explorer. You have to delete C:WindowsPrefetch after using Spybot.

  • Guest

    I have the toolbar from Sheriff, does anyone know how I can get rid off it?
    Phil

  • Guest

    Anyone know how to get rid of pesttrap?

  • Guest

    whenever i restart my computer i have a bunch of different popups, i have ran spyware check on atleast 3 programs and they all find it, but still feels like somthing is wrong.the background is still there

  • Guest

    how do i re-activate my task manager?

  • Guest

    Recently, a computer of mine was infected by spysheriff. The task manager was disabled like mentioned in this article. I went to find the wallpaper in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System suggested by Guest. 09/01/2006. There was also a file named disabletaskmgr. I tried deleting it and the task manager was able to start without interference. I restarted the computer and the file was back. I repeated the operation and it was successful. I found out that it has opened many internet tasks behind the desktop which made my computer slow. Why does this file disabletaskmgr keep returning and how can I prevent it returning?

    Also, at the time of infection a few of my desktop icons were mutated and names such as zxczxc and asfds were all that were left of their original names. The picture also turned into a white paper-like background with a screen with other icons on it. Another discovery was that there was a small button in the bottom right hand corner of the system tray which when pressed upon appeared to create spysheriff. It will not leave and it dont know why, but once when disabletaskmg” was deleted it disappeard when my cursor was placed over it.

    Can anyone help me fix my problems?

  • Guest

    I removed most of SpySheriff successfully using the instructions above. The HKEY_CLASSES_ROOT items were not present on my computer though. The wallpaper is still locked so I will try the suggestion below. But now my computer keeps trying to access the internet. Norton Antivirus informs me msmsg.exe, and another couple of Windows executables are trying to connect automatically. They are fairly persistent so I have to keep blocking them with Norton. Any ideas?

  • Guest

    (Same person as 2 spaces below)

    I have scanned my computer with spyware doctor and removed the files with the infections in it. But my background now starts up with the Active desktop recovery. I have deleted the mutated icons. In the tray, the icons volume and safely remove hardware were gone. It also says that the button that was used to install sypsheriff was still there under taskbar/start menu properties. The desktop icons also have a box around their names of the colour desktop display properties.

    How can I fix active desktop recovery for every startup, stop this strange colour around icon names and get rid of the “Your computer is infected” button.

  • Guest

    Before you get spysheriff log off to another user and make a copy of your ntuser.dat file
    if you get spysheriff go back to that user and remove the ntuser.dat file rename copy ntuser.dat to nturser.dat and make a new copy as a backup…
    clean up program filesspy sheriff by using the uninstall spysheriff .exe in the folder
    this will prevent the wallpaper like infected screen from being a problem to remove.

  • Guest

    Thanks guys!!! 😀
    I got infected last night and thanks to your site I am back to normal.

    -Steve

  • Guest

    This is a Very Serious Threat. I tried all of the removal tips on this and several other sites. It just got worse every time, until it crippled my system even in Safe Mode. Had to rebuild it from scratch. These guys should be prosecuted to the fullest extent of the law.

  • Guest

    EEK!! I got it too!
    Windows is crazy!(beyond its normal insanity, I mean)
    When I open the task manager, I see that the cpu usage is ALWAYS at 100%.
    Suddenly an red (X) icon appeared on the system tray, saying that windows has detected infection by spyware, and that I should should click there to get rid of that.
    …and I thought “wow! I never heard that windows had such a detection system! Cool!”
    But then, came that instantaneous html page. saying my ip and browser…
    ——————————————- pirate_sephiroth@hotmail.com ———————————————

  • Guest

    I got tricked into buying it in december, It was wiping me out, I started up the the new windows onecare live set up system last week but that didi not help, then we put in the
    Windows Defender Beta 2 and that took care of my problem,
    Does anyone have an address can cancle my suscription for the spysheriff program I purchaced so the dont take money out of my acout next year . The beta program compleatly dealeated all traces of the sheriff from my computer and I cant find a place to cancle.
    rpappas@frontiernet.net

  • Guest

    Okay, so I took care of all the components of SpySheriff that I could find. Then, the locked desktop properties issues arose (the wallpaper thing that 1/9 was speaking about). I ended up following what a previous comment said by deleting the ActiveDesktop folder in my registry and it did not restore itself. Is this going to be an issue at a later date or should I not worry about it?

  • Guest

    I cannot start my firewall after removing spy sheriff is there something I have missed

  • Guest

    I also got spy sheriff, removed it whit XoftSpy, which was no problem for the great program. But there is one thing i can´t get rid of. I can´t change my desktop bakround, it seames to be locked on my standard backround. Anyone how have sollowd this issue?

  • Guest

    Hey!
    I had a SpySheriff and I've one question.
    Does SpySheriff is entering a concern with huge virus programmers corporations? I mean that SpySheriff is downloaded with hundreds of trojans and viruses from web, from WMF file.
    Thanks, answer on my mail: progg@wp.pl

    Ps. I'm from Poland and I used http://www.translate.pl for translating my problem. Sorry for “new words” :-).

  • Guest

    help me please how to restore my original background!!!!!
    i removed everything and the background still f-cked up.
    thanks!
    bone
    bone@bonenet.hu

  • Guest

    I recently had to recover from a Spysherrif attack
    After I had it removed from my system, I still couldn't change my wallpaper, and Windows Firewall wasn't working. This is what I did to fix it.

    To get your wallpaper back, try this

    Delete the following registry key
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “Wallpaper”=SZ:C:WINDOWSdesktop.html

    Even if the key does not have a value set, remove the key anyway. This worked for me. Make sure to restart your computer after you delete the registry key.

    To get Windows firewall back, go to this site. Worked like a charm for me.
    http://windowsxp.mvps.org/sharedaccess.htm

  • Guest

    Thanks for the help with dealing with this problem. I probably would have spent days trying to fix this. You guys rock!!

  • Guest

    I believe I got this SpySheriff through a hidden executable in MySpace when I tried to delete an email. When I clicked the DELETE button, I was taken to another page… and thus begins my tale. Hidden behind open windows was the .exe running and having a merry time, unnoticed by me until I was getting ready to log my PC off. I am going to try your removal methods as others have failed – I can't even download fixes from my PC right now.. it is blocking internet access, I can't access my System Restore.. everything is locked up tight (just like the #^%$#(%^$# who created this should be!). I am hoping this does it, as I don't want to re-format the hard drive. *sheesh*

  • Guest

    it's disabling me from downloading the automatic removals and i can't modify it in the registry files.

  • Guest

    So, I've been trying everything that is suggested, removing the malicious processes, files, registry values, everything, but it's locked the entire computer up tight! is there anything else I can try?

  • Guest

    Regarding Spysheriff… if it disguises itself as a spyware remover, then how do I know that this isn't just like spysheriff?

  • Guest

    This virus is a real SOB. After you get rid of the files make sure you clean the Registry entries by goingo RUN, regedit, then go to edit and FIND. Type spysheriff, I found mine spysheriff under a folder in the Registry under SearchAgent.

  • Guest

    Heh, SpySheriff's website looks so appealing.

  • Guest

    Search under files and folders for this: heur000/dll. Delete this file also. I used SpyBot to find and fix my spyware issues yesterday.

  • Guest

    how can I remove it from my computer? I try, but that doesn't go away.

  • Guest

    I want to remove this from my computer but that doesn't get out

  • Guest

    kay it's not working for me…
    spysheriff is one step ahead of me.. i dont even have the run… button so i used search and found it and stuff but it just doesn't work AHHH
    i need spy sheriff gone.. are there any other methods?

  • Guest

    I got it yesterday from running an exe file from a warez site..
    It killed my antivirus, the windows firewall and also removed my wallpaper..
    I have eventually removed spy sherif, installed an antispyware and fixed my antivirus.

    But still… the firewal (due to an unknown error windows cannot display the fiwall settings)
    Destop wallpaper also messed up.

    Those are small things, the true problem it caused is diferent. Ever since I got it my pc started to upload data with my full bandwith. I couldn't stop it, more than 600MB uploaded. I tried to kill all processes but the uploading continued.
    I simply reformated my c: drive. Clean now.
    Some people told me my pc was being used to send out ddos or mass spam…

  • Guest

    I can't even start up Windows XP normally!
    WTF!
    I tried going to safe mode and made it and I deleted all the
    SpySheriff files but I need to modify the registry
    BTW I'm typing this on another computer
    HELP!
    chickenultra@gmail.com

  • Guest

    Confused!
    I was doing a casual search for spyware programs and was stunned to see all the warnings about spy sheriff.
    I have been using Spy Sheriff for over a year and have to say that i have never had problems with the program (I thought) My system runs smoothly and Spy Sheriff has always kept spyware off my computer. NOW I AM WORIED! Reading others experiences and removal problems I decided to uninstall it, which I did very easily. It never effected my desktop settings nor my system restore. (I run WIN XP SP2 Zone Alarm, & Fixit Utilities. My Spysheriff program was downloaded from the Spy Sherriff website and is a fully working programme.
    HELP.Am I being naieve? I thought I was reasonably experienced with computers but now I'm confused over the whole issue
    Comments, thoughts anyone?

  • Guest

    I sucessfully removed spysheriff from my computer by system restore.

  • Guest

    Please help me. I have this stupid SpySheriff and it will not let me on the internet period. So I cannot use any of these great sounding “removal downloads”. How do I get rid of it without downloading something? Is there something I could buy at a store? Thank you for any help.

  • Guest

    hi! I would like to be a spy
    i wish i was a spykids
    you don't know me because i am not english people i am thai people
    my name is phleung noppawan satnawet
    you can call me phleung
    i went to be a spy

    • Guest

      This is a conversation about SpySheriff, not a conversation bout wanting to be a spy.

  • Guest

    hello ! sorry for my delay to reply to you ! because now i am in
    guangzhou fair ,so some information is not detailed afther next week i will go back
    and will contact with you !
    best rgs
    grace

  • Guest

    How To Remover Hu ~~ can help newbie