Barney's Rubble

Spy Hunter

Doug Barney is fed up with spyware, and is determined that something must be done about it infiltrating our computers.

Something must be done about SpySheriff, SurfSidekick, Aurora and all the other foul varieties of spyware out there. Spyware is no longer low-level code that tracks our movements, serves up ads and steals our data. It has gotten even sneakier, embedding itself so deeply that sometimes we have to reformat to rid ourselves of its filth.

Not long ago, I wrote about Microsoft Windows AntiSpyware in a Redmond Report newsletter (sign up at Redmondmag.com). When I first used it, I got so few positives that I couldn't decide whether or not it was working. Just days after that Redmond Report item ran, my 9-year-old son Nick was hit with the most vicious attack I've ever seen.

I heard him complaining about tons of pop-ups, which is strange because the Google toolbar is generally effective. I got worried when Firefox was hit just as bad. When I looked into it, Nick's machine was a mess.

Doug Barney Pop-ups wouldn't stop popping: A legitimate-looking Microsoft error message warned that the machine was infected, and a huge pop-up conveniently offered to fix it with SpySheriff. SpySheriff masquerades as anti-spyware and even has a Web site where you could buy this garbage.

I tried to shut it down, but the Task Manager was disabled. The software had stolen my admin rights! Using Add/Remove took away SpySheriff, which had already installed itself. Seconds later, it was back—along with three or four other nasty new programs. Meanwhile, it installed a dozen or so shortcuts, including some that would make a porn star blush—all this on a 9-year-old's computer.

I loaded Windows AntiSpyware after the infestation and watched it battle. The Microsoft pop-ups telling me there was a problem were covered by the SpySheriff pop-ups, and on it went. I did some research on sites like bleeping computer.com and found removal instructions that asked me to load five more programs, boot into safe mode and manually remove a bunch of files. I took the easy route and did a total reinstall—losing bookmarks, screensavers and more in the process. SpySheriff somehow survived, but Windows Anti-Spyware found it quick enough to finally delete the beast.

Nick has another machine that was hit simultaneously by both SurfSidekick and Aurora, from the official-sounding ABI network. Aurora is almost impossible to excise. It survived a full sweep by four different anti-spyware programs, refused to be deleted by Add/Remove and has a Web-based uninstall that's an .EXE file. My guess is that you're installing something even worse by clicking this link.

These programs are not exactly hiding in the caves of Boro Boro, either. Most have Web sites, so why can't law enforcement track down the authors and prosecute them? If the laws aren't tough enough, make 'em tougher. What are these canal-water sucking spyware writers thinking anyway? Isn't the most effective spyware the most subtle? Thoughts? Send 'em to me at dbarney@redmondmag.com.

About the Author

Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.

comments powered by Disqus

Reader Comments:

Tue, Jan 17, 2006 Chris Mobile, AL.

I have tried to uninstall Winstall but with no luck Can someone tell me what steps to go through or what ever I should do to remove. I am into Ham Radio and use computer only once in a while. This thing has got my taskbar screwed up and pops up advertisment letting me know they have infected my computer and wants me to pay to them to get rid of it. I need help.

Tue, Oct 18, 2005 legacydude NM

linux (at least for the web)

Sun, Oct 16, 2005 Basiclife UK

I´ve just found spy sheriff on a friends computer and it had also disabled his task manager. I cheated by downloading Process Explorer from Sysinternals and having killed it, uninstalled it. Then trawled through the registry to eventaully find the keys it had modified (HKCUsoftwaremicrosoftwindowscurrentversionpolicies)<-- You can pretty much delete anything in there safely, windows will use the defaults. Also you need to delete winstall in c: as it´s set to run (and reinstall spy sheriff) every time the computer boots. No safe mode required though :)

All that aside, do they REALLY think anyone would pay for them to ununstall some software that they´ve forced onto your computer? Not a bloody chance. If this isn´t some form of invasion of privacy (not to mention blackmail) I don´t know what is. Bunch of w*****s :(

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.