Author Topic: New variant of SpySheriff on the loose....  (Read 3136 times)

0 Members and 1 Guest are viewing this topic.

Offline LS SteveJ

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
New variant of SpySheriff on the loose....
« on: September 27, 2005, 06:37:38 AM »
We have received reports of a rather nasty new variant of SpySheriff... but the reporters formatted their computer (no samples).... any help here would be appreciated... we need reports and samples... so if anyone hears anything... let me know ASAP

//Steve
Lavasoft Research

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7203
  • Liverpool FC - YNWA
    • View Profile
Re: New variant of SpySheriff on the loose....
« Reply #1 on: September 27, 2005, 11:30:44 AM »
We have received reports of a rather nasty new variant of SpySheriff... but the reporters formatted their computer (no samples).... any help here would be appreciated... we need reports and samples... so if anyone hears anything... let me know ASAP

//Steve
Lavasoft Research

The new variant of SpySheriff supposedly deletes Ad-Aware and Spybot (possibly others).

If anyone has a copy of this pest, please attach a copy of the file to an email addressed to Team CCSP (<-- click on this link)... Tony Klein will make sure it is made available to all of the anti-spyware vendors.

You could also send it to our very own Die Hard (<-- clickie)


[ LS SteveJ ... as this is not an Ad-Aware Support Forum, all submissions are made available to the entire community, not just one vendor.  I trust you will understand ... please continue to ask for things, with the understanding that copies will be made available to others as well ]
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7203
  • Liverpool FC - YNWA
    • View Profile
Re: New variant of SpySheriff on the loose....
« Reply #2 on: September 27, 2005, 11:35:08 AM »
The spyware hunters are also searching for copies of these two as yet unknown objects ...


1) O2 - BHO: CTR - {EE86F11E-08FB-4B20-B175-7726C63DF9E9} - C:\WINDOWS\System32\syscr.dll


2) GUID {********-****-****-****-************}
Filename ssf.dll ( random Class ID)
Object Name [full path to file]
Status X BHO
Description Unidentified parasite

Examples:

O2 - BHO: C:\WINDOWS\system32\ssf.dll - {47DDFD1A-F7B5-4AB4-888D-5FC4CA291D35} - C:\WINDOWS\system32\ssf.dll
O2 - BHO: C:\WINDOWS\system32\ssf.dll - {CA31B41F-1B7D-42D2-A4D3-BC4A13341124} - C:\WINDOWS\system32\ssf.dll
O2 - BHO: C:\DOCUME~1\mandy\LOCALS~1\Temp\ssf.dll - {9DE8FF89-CE81-49E7-97B2-A638BBAA26FD} - C:\DOCUME~1\mandy\LOCALS~1\Temp\ssf.dll


Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member