We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Rogue:Win32/SpySheriff
Aliases: Win32.TrojanDownloader.IEDefender (Ad-Aware) MagicAntiSpy (Sunbelt Software) Adware.SpySheriff (Symantec) SpyShredder (Symantec) IEDefender (other) Malware Destructor (other) SpySheriff (other) SpyShredder (other) Zinaps7 (other) Zinaps 2008 (other) BraveSentry (other) DiaRemover (other) MalwareAlarm (other) Mr. Antispy (other) PestTrap (other) PestWiper (other) SpyTrooper (other) SpyDemolisher (other) SpyMarshal (other)
Summary
SpySheriff may be installed without user consent, and may then display a dialog box suggesting malware has been found, and prompting the user to buy software to remove the malware that doesn't exist. SpySheriff may download and install program updates without notifying the user.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
