SpySheriff

Sa pamamagitan ng Domesticus sa Rogue Anti-Spyware Program

Isalin To:

Banta ng Scorecard

Popularity Rank:	16,709
Antas ng Banta:	70 % (Mataas)
Mga Infected na Computer:	97

Unang Nakita:	July 24, 2009
Huling nakita:	August 24, 2025
Apektado ang (mga) OS:	Windows

Ang SpySheriff ay isang mapanlinlang na anti-spyware na application na idinisenyo ng mga mapanlinlang na hacker upang kumita mula sa mga mapagkakatiwalaang gumagamit ng computer. Ang SpySheriff ay maaaring dalhin sa iyong computer ng isang Trojan sa pamamagitan ng browser security crack, o maaaring direktang i-download mula sa www.spysheriff.com. May kakayahan ang SpySheriff na bumuo ng mga maling mensahe ng babala na lumalabas sa iyong taskbar. Ang mga pekeng mensaheng ito ay ginawa pagkatapos ng "scan" na ginagaya ng SpySheriff upang mapataas ang kredibilidad nito. Pagkatapos "makita" ng SpySheriff ang mga parasito sa iyong computer, patuloy itong mag-aalok sa iyo na bilhin ang buong bersyon ng programa, upang itapon ang mga hindi umiiral na banta. Ang agarang pag-alis ng SpySheriff ay mahigpit na inirerekomenda.

Talaan ng mga Nilalaman

Mga alias

Na-flag ng 15 security vendor ang file na ito bilang nakakahamak.

Antivirus Vendor	Pagtuklas
TrendMicro	PAK_Generic.001
Symantec	Downloader
Sunbelt	Trojan-Downloader.Gen
Sophos	Troj/Dropper-MG
Panda	Adware/MediaTickets
NOD32	Win32/Adware.MediaTickets.A
Microsoft	Adware:Win32/PurityScan.dr
McAfee-GW-Edition	Trojan.Crypt.XPACK.Gen
McAfee	potentially unwanted program Adware-PurityScan
K7AntiVirus	not-a-virus:AdWare.Win32.PurityScan
Ikarus	not-a-virus:AdWare.Win32.PurityScan.u
Fortinet	Adware/Purityscan
F-Secure	W32/Malware
eTrust-Vet	Win32/Secdrop.NA
eSafe	Win32.Downloader

Nakikita at Tinatanggal ng SpyHunter ang SpySheriff

Mga Detalye ng File System

SpySheriff ay maaaring lumikha ng sumusunod na (mga) file:

Palawakin Lahat | I-collapse Lahat

#	Pangalan ng File	MD5	Mga pagtuklas Mga Detection: Ang bilang ng mga nakumpirma at pinaghihinalaang kaso ng isang partikular na banta na nakita sa mga nahawaang computer gaya ng iniulat ng SpyHunter.
1.	heur002.dll	ee21fd7fa9a45453ed55ccb7ce7b9aaa	12
Pangalan: heur002.dll MD5: ee21fd7fa9a45453ed55ccb7ce7b9aaa Sukat: 119.8 KB (119808 byte) Mga pagtuklas: 12 Uri: Dynamic link library Path: C:\Documents and Settings\<username>\Desktop\Programming\rogueware\SpySheriff - Program Files\heur002.dll pangkat: Malware file Huling Na-update: August 12, 2025
2.	heur000.dll	ca4822789da674e2ae4658ee4250adb5	12
Pangalan: heur000.dll MD5: ca4822789da674e2ae4658ee4250adb5 Sukat: 127.48 KB (127488 byte) Mga pagtuklas: 12 Uri: Dynamic link library Path: C:\Documents and Settings\<username>\Desktop\Programming\rogueware\SpySheriff - Program Files\heur000.dll pangkat: Malware file Huling Na-update: August 12, 2025
3.	heur003.dll	bb06f2c0d34812d455aecc790aab74d4	12
Pangalan: heur003.dll MD5: bb06f2c0d34812d455aecc790aab74d4 Sukat: 120.83 KB (120832 byte) Mga pagtuklas: 12 Uri: Dynamic link library Path: C:\Documents and Settings\<username>\Desktop\Programming\rogueware\SpySheriff - Program Files\heur003.dll pangkat: Malware file Huling Na-update: August 12, 2025
4.	heur001.dll	840c8e9d2aaccc87d6dad1d409e45a10	10
Pangalan: heur001.dll MD5: 840c8e9d2aaccc87d6dad1d409e45a10 Sukat: 127.48 KB (127488 byte) Mga pagtuklas: 10 Uri: Dynamic link library Path: C:\Documents and Settings\<username>\Desktop\Programming\rogueware\SpySheriff - Program Files\heur001.dll pangkat: Malware file Huling Na-update: August 12, 2025
5.	hcafnqkc.exe	564aabe45a3f7e71483a1ad2b1d31722	1
Pangalan: hcafnqkc.exe MD5: 564aabe45a3f7e71483a1ad2b1d31722 Sukat: 20.99 KB (20992 byte) Mga pagtuklas: 1 Uri: Executable File pangkat: Malware file Huling Na-update: January 10, 2022
6.	anr10049.exe, Tempwn10049.exe, us10049[1].exe	4c636e4d39efb85c84831973f8134bc9	0
Pangalan: anr10049.exe, Tempwn10049.exe, us10049[1].exe MD5: 4c636e4d39efb85c84831973f8134bc9 Sukat: 16.89 KB (16896 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009
7.	anr10077.exe, Tempwn10077.exe	5353b1a6165776cd500f1ceb8080e4fe	0
Pangalan: anr10077.exe, Tempwn10077.exe MD5: 5353b1a6165776cd500f1ceb8080e4fe Sukat: 16.89 KB (16896 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009
8.	anr0129.exe, winstall.exe, wn0129.exe, us0129[1].exe	eb790be93afb8481cfc43515b00976ab	0
Pangalan: anr0129.exe, winstall.exe, wn0129.exe, us0129[1].exe MD5: eb790be93afb8481cfc43515b00976ab Sukat: 16.89 KB (16896 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009
9.	wancp.dll	aa86aa134fbfdc57ceda90d506315ea8	0
Pangalan: wancp.dll MD5: aa86aa134fbfdc57ceda90d506315ea8 Sukat: 44.51 KB (44516 byte) Mga pagtuklas: 0 Uri: Dynamic link library pangkat: Malware file Huling Na-update: December 11, 2009
10.	Installer.exe	242a20bae9cf9cb816a447150378c02d	0
Pangalan: Installer.exe MD5: 242a20bae9cf9cb816a447150378c02d Sukat: 578.56 KB (578560 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009
11.	SpySheriff.exe	0a75149998278734106f2a6f59ba965a	0
Pangalan: SpySheriff.exe MD5: 0a75149998278734106f2a6f59ba965a Sukat: 415.74 KB (415744 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009
12.	winstall.exe, webinstall[1].exe	e3e03c8bdfd1f9c7dc9f2103689c5018	0
Pangalan: winstall.exe, webinstall[1].exe MD5: e3e03c8bdfd1f9c7dc9f2103689c5018 Sukat: 122.88 KB (122880 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009
13.	winstall.exe	b917ffe96edb3ae8cac14d4a19787706	0
Pangalan: winstall.exe MD5: b917ffe96edb3ae8cac14d4a19787706 Sukat: 29.18 KB (29184 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009
14.	z16.exe	2c66bd64d7780183a36da8e3e8394712	0
Pangalan: z16.exe MD5: 2c66bd64d7780183a36da8e3e8394712 Sukat: 393B (393 byte) Mga pagtuklas: 0 Uri: Executable File pangkat: Malware file Huling Na-update: December 11, 2009

Higit pang mga file

Mga Detalye ng Rehistro

Maaaring lumikha ang SpySheriff ng sumusunod na registry entry o registry entries:

File name without path

SpySheriff.lnk

Run keys

Windows installer

Mga direktoryo

Maaaring lumikha ang SpySheriff ng sumusunod na direktoryo o mga direktoryo:

%ProgramFiles%\SpySheriff

Pagtatasa ng ulat

Pangkalahatang Impormasyon

Family Name:	SpySheriff
Signature status:	No Signature

Known Samples

MD5: dd3b589ce72f193e5a986acf80ccee34

SHA1: df6d8103ed4f4fac46f05654cc0ef34259c25298

SHA256: 5C683512DA68087720CFF4B6CBAE6E0B1F84E0E689E0E3265A9EB5979077646B

Laki ng File: 459.78 KB, 459776 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

.adata
00 section
2+ executable sections
HighEntropy
No Version Info
x86

Block Information

Total Blocks:	14
Potentially Malicious Blocks:	0
Whitelisted Blocks:	8
Unknown Blocks:	6

Visual Map

0 0 0 0 0 0 ? 0 ? 0 ? ? ? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\pesttrap.lnk	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\pesttrap\pesttrap.lnk	Synchronize,Write Data
c:\users\user\desktop\pesttrap.lnk	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value	Data	API Name
HKLM\software\classes\.key::		RegNtPreCreateKey
HKLM\software\classes\.key::	regfile	RegNtPreCreateKey
HKCU\software\pesttrap::scanonstartup		RegNtPreCreateKey
HKCU\software\pesttrap::playsounds		RegNtPreCreateKey
HKCU\software\pesttrap::scheduledscan		RegNtPreCreateKey
HKCU\software\pesttrap::scheduledscanhour		RegNtPreCreateKey
HKCU\software\pesttrap::scheduledscanmin		RegNtPreCreateKey
HKCU\software\pesttrap::securitylevel		RegNtPreCreateKey
HKCU\software\pesttrap::uninstall	c:\users\user\downloads	RegNtPreCreateKey
HKCU\software\pesttrap\ie security::blockiframetags		RegNtPreCreateKey

HKCU\software\pesttrap\ie security::blockjavascripts		RegNtPreCreateKey
HKCU\software\pesttrap\ie security::blocklocations		RegNtPreCreateKey
HKCU\software\pesttrap\ie security::blockpopupwindows		RegNtPreCreateKey
HKCU\software\pesttrap\ie security::blocktags		RegNtPreCreateKey
HKCU\software\pesttrap\ie security::protecthomepage		RegNtPreCreateKey
HKCU\software\pesttrap\process security\policies::active policy		RegNtPreCreateKey
HKCU\software\pesttrap\process security\policies::process security		RegNtPreCreateKey
HKCU\software\pesttrap\scan::deletefoundthreats		RegNtPreCreateKey
HKCU\software\pesttrap\system security::protectactivedesktop		RegNtPreCreateKey
HKCU\software\pesttrap\system security::protectautorun		RegNtPreCreateKey
HKCU\software\pesttrap\system security::protecthosts		RegNtPreCreateKey
HKCU\software\pesttrap\process security\policies\allowed::c:\users\user\downloads\pesttrap.exe		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::pesttrap	c:\users\user\downloads\PestTrap.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\pesttrap::displayicon	c:\users\user\downloads\PestTrap.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\pesttrap::displayname	PestTrap	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\pesttrap::urlinfoabout	http://www.pesttrap.com/	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\pesttrap::helplink	http://www.pesttrap.com/	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\pesttrap::uninstallstring	c:\users\user\downloads\Uninstall.exe	RegNtPreCreateKey
HKCU\software\pesttrap::security	낙௬ǜ	RegNtPreCreateKey
HKCU\software\pesttrap::securitylevel		RegNtPreCreateKey

Ang Payment Processor ng EnigmaSoft na Digital River GmbH na Pag-file para sa Pagkalugi ay Hindi Nakakaapekto sa Proteksyon ng Anti-Malware ng Mga Customer ng SpyHunter

Paghahanap

Baguhin ang Rehiyon

SpySheriff

Banta ng Scorecard

EnigmaSoft Threat Scorecard

Mga alias

Nakikita at Tinatanggal ng SpyHunter ang SpySheriff

Mga Detalye ng File System

Mga Detalye ng Rehistro

Mga direktoryo

Pagtatasa ng ulat

Pangkalahatang Impormasyon

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Magsumite ng Komento

Trending

Auggiver.co.in

Cleancaptcha.top

Ang Bersyon ng Iyong Mailbox ay Ihihinto ang Scam

Pinaka Nanood

Malware

'Geek Squad' Email Scam

Fuq.com