This attack could pose a moderate security threat. It does not require immediate action.
This signature detects activities of the misleading application AdwareSheriff.
AdwareSheriff is a security risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.
When AdwareSheriff is installed, it performs the following actions:
1. Creates the following files:
* C:\Documents and Settings\All Users\Start Menu\Programs\AdwareSheriff\AdwareSheriff on the Web.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\AdwareSheriff\AdwareSheriff.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\AdwareSheriff\Uninstall AdwareSheriff.lnk
* %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdwareSheriff Antispyware.lnk
* %UserProfile%\Local Settings\Application Data\AdwareSheriff\DB - This folder contains numerous files.
* %UserProfile%\Local Settings\Application Data\AdwareSheriff\Logs - This folder contains numerous [Random].log files
* %UserProfile%\Local Settings\Application Data\AdwareSheriff\Quarantine - This folder contains items that are Quarantined by the risk.
* %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
2. Creates the following registry subkeys:
3. Gives exaggerated reports of threats present on the computer. The user is then prompted to purchase a registered version of the software in order to remove the reported threats
- Windows 2000
- Windows 95
- Windows 98
- Windows Me
- Windows NT
- Windows Server 2003
- Windows XP
The following instructions pertain to all Symantec antivirus products that support security risk detection.
1. Update the definitions.
2. Run a full system scan.
3. Delete any values added to the registry.
4. Delete the files and folders created by the risk.