warning nasty program called spy sherriff
 

well fuck I got it turns your desktop BG all blue hijacks your browser - fuckin bastards

Sounds something like a nasty infection I had called "Home Search Assistent." I downloaded several free spyware programs and ran them all in safe mode. For the most part that did the trick except that IE crashes everytime I load it. Probably because something is still trying to hijack that browser. So for now I'm using Firefox. Doesn't crash that.

cosmiccat: if you still have a "crashing" program, then assume your machine is still infected. I wouldn't go any further until you get rid of it. Otherwise you are possibly getting key tracked and other.

Alex

yeah my pc is all fucked up got rid of the shit spy sherriff but in the proccess shit got damaged, after I got rid of it, I couldnt even change my desktop BG the tabs were disabled, had to add files to patch the registery and that fixed that, but now I got errors after errors..

also now I cant even get a spyware program to scan with locking up my pc, I even did the widows explorer repair through the run to check files and folders, I'll probably reclone my drive and use my xp disc and try a repair instead of a full reformat

http://www.bullguard.com/forum/12/Sp...ase_17363.html

Read a lot of it and seems like very good advice

That shit also got me. My (home) PC keeps crashing before I can get rid of it. Seems like a format C: is in place :(

man am I happy, got my shit back and is better than before.. I did the tools and methods that were on the net at first and it only took out some of it. and had other stuff with it, 2 solid days of trying about 10 spyware and clean programs, safe mode and a whole bunch of other shit... I could kick myself in the ass not being better guarded from this shit, now I got another HD to clean, but atleast I know what works and what methods to take... |viking|

just be careful or you could nab it again easy to catch and hard as hell to get rid of the guy who wrote that are they by any chance based in florida? muahahahah lol had to say it ;)

THAT would definitely be justifiable homicide!

The cocksmokers that do this shit need to be drawn and quartered |angry|

Man I took a chance and deleted stuff out of my registery - I got rid of the spy sherriff shit over last weekend after speeding 3 days running scans trying differnet spyware programs ran a repair on xp pro, and really my pc worked pretty good so I thought everything was clean by reading my hijack this file scans, and searching the geek boards for info on exe files for left over scum,...

so then while reviewing I noticed when checking a pay site tour ATK cash site would redirect to some search porn tgp BS and I read the page source and seen all the differnet urls in this network of cheats, so then I thought I'll get it all out when I get more time and info.. So then I click on dirty daughter submit page to sub a gallery and nothing blank so I try another url to there main page and get that fuckin redirect....

so I ran so many spyware and virus programs and they found really nothing aside from getting out the spy sherriff stuff last week,, So then I ran somemore hijack this scans and found some strange ips so I ran a whois on them and then it really is fishy - take a look at the crooks and cheats that put shit on my PC,

Also I found no info in google for this stuff other than the normal stuff nothing on this redirect problem and those ips

O17 - HKLM\System\CCS\Services\Tcpip\..\{01E9D82D-E656-44EA-9217-8B6978807CB5}: NameServer = 85.255.113.140,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{88386A05-38E0-4C6A-BC9C-2AF67A3360D2}: NameServer = 85.255.113.140,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEEE9155-F410-4B79-9539-88DD64DCAE3B}: NameServer = 85.255.113.140,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9F72E5-5A58-4E85-BBFB-7E6EDE414856}: NameServer = 85.255.113.140,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7B85EDE-0843-4A00-BD41-742512B94D6F}: NameServer = 85.255.113.140,85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5301E5-818E-4595-8C3C-130FC298BC88}: NameServer = 85.255.113.140,85.255.112.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{01E9D82D-E656-44EA-9217-8B6978807CB5}: NameServer = 85.255.113.140,85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{01E9D82D-E656-44EA-9217-8B6978807CB5}: NameServer = 85.255.113.140,85.255.112.10

so I backed up my registery and deleted those entries and no more redirects - and you can see if you want who owns those ips, its the same guy for a range of them

Fuckin bastards I wonder how much traffic they stolen off of surfers and sites and programs.. now I am gonna run cleanup and go to bed.. well one good thing is I learned a lot about exe files and spyware and other geek things |thumb

I feel your pain :)
It took me 2 days deleting stuff out of my registery and doing all kind of scans. The tech girl of the spyware removal board told me my HijackThis log looked really bad but that we could give it a try anyway. It seems to have worked out ok :)