We have received reports of a rather nasty new variant of SpySheriff... but the reporters formatted their computer (no samples).... any help here would be appreciated... we need reports and samples... so if anyone hears anything... let me know ASAP
//Steve
Lavasoft Research
Quote from: LS SteveJ on September 27, 2005, 07:37:38 AM
We have received reports of a rather nasty new variant of SpySheriff... but the reporters formatted their computer (no samples).... any help here would be appreciated... we need reports and samples... so if anyone hears anything... let me know ASAP
//Steve
Lavasoft Research
The new variant of SpySheriff supposedly deletes Ad-Aware and Spybot (possibly others).
If anyone has a copy of this pest, please attach a copy of the file to an email addressed to Team CCSP (submit_stuff@xs4all.nl) (<-- click on this link)... Tony Klein will make sure it is made available to all of the anti-spyware vendors.
You could also send it to our very own Die Hard (DieHard@malware-research.co.uk) (<-- clickie)
[ LS SteveJ ... as this is not an Ad-Aware Support Forum, all submissions are made available to the entire community, not just one vendor. I trust you will understand ... please continue to ask for things, with the understanding that copies will be made available to others as well ]
The spyware hunters are also searching for copies of these two as yet unknown objects ...
1) O2 - BHO: CTR - {EE86F11E-08FB-4B20-B175-7726C63DF9E9} - C:\WINDOWS\System32\syscr.dll
2) GUID {********-****-****-****-************}
Filename ssf.dll ( random Class ID)
Object Name [full path to file]
Status X BHO
Description Unidentified parasite
Examples:
O2 - BHO: C:\WINDOWS\system32\ssf.dll - {47DDFD1A-F7B5-4AB4-888D-5FC4CA291D35} - C:\WINDOWS\system32\ssf.dll
O2 - BHO: C:\WINDOWS\system32\ssf.dll - {CA31B41F-1B7D-42D2-A4D3-BC4A13341124} - C:\WINDOWS\system32\ssf.dll
O2 - BHO: C:\DOCUME~1\mandy\LOCALS~1\Temp\ssf.dll - {9DE8FF89-CE81-49E7-97B2-A638BBAA26FD} - C:\DOCUME~1\mandy\LOCALS~1\Temp\ssf.dll