How to Remove AntiSpyLab (Spyware Sheriff)
AntiSpyLab (spyware sheriff) is a fake anti-spyware program (very closely related to SpyFalcon) that is designed to fool users into paying for a full version of the program in order to remove a supposed infection which the ‘free version’ put there in the first place. We had done a case study on AntiSpyLab.com about 2 weeks ago, now here are the removal instructions.
This infection displays a message that is designed to look like it is part of the inbuilt Windows XP Security Center. Up the top it has the Internet Explorer security warning bar which says “Warning: possible Spyware or Adware infection! Click here to scan your computer for Spyware and Adware…â€Â
View Full Size
It also pops up fake Windows security alerts:
How To Remove AntiSpyLab/Spy Sheriff
- First you will need to print out these instructions as you will be required to close all windows in order to do the fix.
- Now, download SmitFraudFix.zip and save it to your desktop. Once it has downloaded, double click on it which will extract it. Do not run the actual program yet as it must be done in safe mode.
- Load into Windows Safe mode by restarting the computer and just before the Windows XP screen comes up, press F8 and choose safemode.
Once in Safemode:
- Close all open windows and open the SmitFraudFix folder which is on your desktop and double click the SmitFraudFix.cmd file which will start the removal process. This whole cleanup process can take a few hours depending on your computer so please be patient.
- You will see a blue screen with white text with a series of options, Press number 2 on your keyboard and press Enter key which will choose the “Clean (Safe mode recommended)” Option.
- The program will go though a series of processes to clean your computer including the disappearance of your desktop icons for a split second. One it is finished it will open up the Disk Cleanup program. This will clean up all Temporary Internet Files, Temp folders and other files which may have been left over by the infection. When it is finished it should close automatically.
- When Disk Cleanup is complete you will be given the option “Do you want to clean the registry? Y or N”. Press the Y button on your keyboard and press the Enter Key
- When the registry cleanup is finished you will get a red screen which will say “Computer will reboot now, Close all Applications”. Press Spacebar and let it restart the computer. Once rebooted you will be shown a log file with a list of all the files that were removed. Close this.
- You should now have succesfully removed the Antispylab / Spyware Sheriff Infection
- Be sure to visit the Windows Update site at http://windowsupdate.microsoft.com and get all critical updates to minimise your chances of getting this again.
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
Hi.
Cool guide to remove it, the only one on the internet that i can see.
Anyway I recently got my dads old computer, and after about a week i deceiced to do a spybot system check.
Well lets say even though it was installed, my dad never seemed to use it (Funny since he scans every file he gets) and at the end of the spybot scan, there must have been hundreds of adware! So I delete all then restart my comp, and thats when this problem came up:
It seems by doing a computer clean, i had unraveled 2 adware programs, netadv, and this one. It seems McFee had been blocking them, but never deleting them, and attack by spybot had started the programs up. Now I’ve managed to remove the advnet, but this adware is harder to remove.
Now I never got any of the bigger problems
shown here (homepage change, background change ect ect.) but i still got the bar that pops up from the top randomly (Not every time). The files you talked about no longer exsist (I used SmitfraudFix.exe to remove them) but the problem is still there.
I have a feeling it is just a webpage somewhere that needs deleting, but i can’t find the things you mentioned with HiJackThis.
Screenshot of the problem
HiJackThis log
It isn’t a huge problem, but really anoying. Would really sppresiate a little help with this
BTW: Thanks for just getting me this far :D
Normac
OR you can send me a message on my youtube profile.
this is the link:
http://www.youtube.com/profile?user=jorge9307262nd
i do all this stuff but i still got the bar that pops up from the top randomly
PLEASE helpppppppppppppppppppppppppppppppp!
please if you had something please dont send me a message to my email because this spyware dont let me go check my email..can you please post it here…plase!!!!
SAME GOES FOR ME.I KEEP GETTING MESSAGES.
Yay I fixed it!!
It is very easy to miss, and the guide above could do with updating with the following results.
1: Download HijackThis. (do a google search)
2: Run option 2 (Do system scan only)
3: You should find the following results:
O2 – BHO: MSVPS System – {05F79890-CFA6-4D53-87BC-2F390DA6645E} – C:\WINDOWS\bndsrsvk.dll
If any of the following exist
C:\WINDOWS\bndsrpfn.dll
C:\WINDOWS\bndsrmnf.dll
C:\WINDOWS\bndsrkfq.dll
Delete them too.
These files are the ones causing the problems. Just tick them then click Fix Selected Problems.
Enjoy hope this helps you :D
I had this problem when I downloaded a video update, I got this toolbar on my browser called The netadv toolbar (netadv.dll) I used SmitFraudFix to delete the netadv.dll on my pc but I still get the message “Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware…” on my Browser. Does anyone know how to get rid of this?
Hi,
I had this problem and tried everything but then I found Normacs update to the article in the top – and that fixed it!
THANKS!
I just did as Normac said but I cannot see the file ‘O2 – BHO: MSVPS System – {05F79890-CFA6-4D53-87BC-2F390DA6645E} – C:\WINDOWS\bndsrsvk.dll’
Should it be this file exactly?
Thanks Normac – worked like a charm!!
Frispark, the numbers in the {} are different on every computer. I deleted mine and everythign works and no toolbar!!!
O2 – BHO: MSVPS System – {05F79890-CFA6-4D53-87BC-2F390DA6645E} – C:\WINDOWS\bndsrsvk.dll
Normac rules! :D
Just did his approach, and all gone.
thank your for the precious tip.
I have the same problem on Vista Business and SmitFroudFix doesn’t work on Vista. Any suggestions?
Yeah same i have it on vista home and I can’t find anything to help me.
My email is jonniboy91@yahoo.ca email me if you have any suggestions or any ways that might work.
I tried the HijackThis, and after running scan option2, I getan error message that says
“An unexpected error has occured at procedure:
modMain_CheckOther1Item()
Error #75 – path/File access error”
After that error, I still get all the files scanned by HijackThis, but the only file I see that is similar to the one that must be deleted is O2-BHO: MSVPS System – {3C332400 etc etc} – C:\Windows\ipwyptfg.dll
I deleted that file anyways, and still get the pop-up!
(NOTE – Im running Vista)
i have windiws vista, and the program you tell me to download only works with XP. What do I do
i have the same problem, windows vista and smidfradfix only works with XP. Can anyone help me?
Can someone PLEASE help us vista users? come on… someones gotta have something to fix it!
that step above fixed mine….smitfraudfix. no more pops, but i still have the toolbar name in View/Toolbars does anyone know how to take that out?
there are 2 dlls which affects this. both of them are in c:\windows (WINXP)..
end task your explorer, use taskmanager go to run: browse to your c:\windows find the 2 dlls which doesnot sound normal or meaningless. just delete it.
in run type explorer again.. it shud not appear again.
I dont have enough words to thank you
How To Remove AntiSpyLab/Spy Sheriff with this artilcle i was able to remove the virus and now my computer is working faster than before thanks a lot you are great. please write me at least two line waiting for your reply eagerly
desh
Some help for Vista users would be good.
I appreciate your site anyways, but these instructions wont do jack for a Vista user
FYI if you are having trouble getting rid of this thing, try also going to your browser addins and deleting something called drnpfdxlwin.dll (aka GNX Bingo)
Try drnpfdxlwn.dll (aka GNX Bingo)
That is the thing which puts most of the browser popups in.
Hi. i did everyhhing i could and i work really good. mow i need to remove the like on my tool bar that has romove popus, scan spayware, security test, spam protection. this liks are casing many popup that my computer is infectdet.
please help some advice on how to remove dose likes thanks
hi. i did the first three steps under the heading “how to remove Antispylab/Spy sheriff”…afetr restarting my computer i tried to run SmitFraudFix.cnd file….except a red screen appeared saying that Process.exe is missing and that i should unzip the archives (except i have no i idea how to do that)…it then says press any key to continue, but nothing happens after that…help!
At Sam. Right click on the zip folder and click extract all, then extract the files to any folder on the drive.
Hi all, I also had the problem of the bar popping up at the top of IE(no other effects)…followed the steps in SmithFraud & HiJackThis(didnt find the dll’s spoken about) to remove but to no avail.
I went into IE…clicked on Tools >> Manage Add-Ons. In “Add-Ons currently loaded in internet explorer” i had one called “Research”, disabled it and no more bar!
Hope it can help some of you…
Alright, I have the same problem as everyone else, the three icons and the “windows has detected an internet attack attempt….” pop up. Says Worm.win32.netbooster was detected. It also tries to send me to “www.safewebnavigate2008.com” and I’m sure these fixes would work great HOWEVER it won’t allow me to access the internet. I tried to get some of the help downloaded to a USB drive and it doesn’t accept them. I got Norton and it wouldn’t let me use it, I finally got a scan to run and it didn’t find any corrupt files, safe mode or regular mode. I guess I have to delete it manually or something… any help would be appreciated, thanks.
If you have 3 icons and are redirected to safewebnavigate.com and have a changed desktop screen and get frequent pop ups and have a “virus alert ” near the system time display and have task manager disabled, it is a very deadly virus . It makes the pc dead slow. I have scanned this file using 14 antivirus softwares online , but none of them could detect it . I finally formated my pc.
Also, the c drive icon vanishes from the explorer and the icons in start menu are missing . I could not find any solution for this problem on the internet. It is a latest virus. If you try to repair your pc in safe mode , then when you reboot again in normal mode , all your repairs would have vanished. You will continue getting all the problems mentioned above.
Well, here it is 2008 and they are still at it! I just got infected and it was from using a link from a “good” website to download a free microsoft photo editor. Turned out to be our above mentioned villains instead. It has taken over the whole laptop. It changed the desktop, removed all over my recovery points in system recovery, removed my control panel and my computer links + the C:/ drive access, and will not uninstall. It is now redirecting to: safewebnavigate2008.com and also uses the domain: 2008antivirusxp.com. This is a damaging virus and adware attack. It has just devastated me both financially and emotionally. I was just getting everything switched over to my laptop as I will be moving and have the desktop in storage for a time. I work on the Internet and cannot afford this right now. My disc drive has a broken belt, which has been a pain, but I have still been able to use the laptop without issue. Now I cannot even reformat without buying a new disk drive and my laptop is hardly worth buying one for. I’m feeling pretty down right now and I sure hope these people are happy that they just took a single woman that has barely a roof over her head and put her out of commission. Bravo! How gallant of them.
Hi,
I have the same problem. All the three pop up, virus alert, navigating to safeweb2008. task manager disabled. Half of the things in the Start menu is not there.
Please help
any pointers woudl be appreciated.
I would definitely say screen and keyboard are the most important buying decision for me as the specs are fairly standard across brands anyway.