1. /
  2. Security Response/
  3. AdwareSheriff

AdwareSheriff

Updated:
February 13, 2007 11:50:26 AM
Type:
Misleading Application
Publisher:
adwaresheriff.com
Risk Impact:
Medium
File Names:
asheriff.exe,adwaresheriff_setup.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows CE, Windows NT, Windows Server 2003, Windows XP

When AdwareSheriff is installed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\AdwareSheriff\asheriff.exe
    • %ProgramFiles%\AdwareSheriff\asheriff.url
    • %ProgramFiles%\AdwareSheriff\bz.dll
    • %ProgramFiles%\AdwareSheriff\interface\English.lng
    • %ProgramFiles%\AdwareSheriff\interface\Italiano.lng
    • %ProgramFiles%\AdwareSheriff\pkill.exe
    • %ProgramFiles%\AdwareSheriff\sounds\crit.wav
    • %ProgramFiles%\AdwareSheriff\unins000.dat
    • %ProgramFiles%\AdwareSheriff\unins000.exe
    • C:\Documents and Settings\All Users\Start Menu\Programs\AdwareSheriff\AdwareSheriff on the Web.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\AdwareSheriff\AdwareSheriff.lnk
    • C:\Documents and Settings\All Users\Start Menu\Programs\AdwareSheriff\Uninstall AdwareSheriff.lnk
    • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdwareSheriff Antispyware.lnk
    • %UserProfile%\Desktop\AdwareSheriff.lnk
    • %UserProfile%\Local Settings\Application Data\AdwareSheriff\DB - This folder contains numerous files.
    • %UserProfile%\Local Settings\Application Data\AdwareSheriff\Logs - This folder contains numerous [Random].log files
    • %UserProfile%\Local Settings\Application Data\AdwareSheriff\Quarantine - This folder contains items that are Quarantined by the risk.

      Notes:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwareSheriff_is1
    HKEY_ALL_USERS\Software\ADV
    HKEY_ALL_USERS\Software\
    AdwareSheriff

  3. Gives exaggerated reports of threats present on the computer. The user is then prompted to purchase a registered version of the software in order to remove the reported threats

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver