Spyware Database, Removal Instructions

Spy Sheriff removal
Spyware Spy Sheriff Information
Name: Spy Sheriff
Category: Trojan
Date: 2005-08-19
Dangerous: Yes

SpySheriff is rogue anti-spyware software that acts like a trojan horse. SpySheriff hijacks the desktop, changes the wallpaper to a warning message to lure the user into using the antispyware software [which fixes nothing] it installs.
Spy Sheriff description by publisher:
(Not True) SpySheriff an award-winning spyware removal tool will help you fighting all kinds of spyware & adware including key loggers, trojan horses, password thieves & on. With new & unique protection module once cleaned your machine will not get infected ever again.
This Trojan is also known as:
• spysheriff
• spy sherrif
• adware sherrif

Below listed processes registry entries files directories are part of this spyware. To manually get rid of it, follow these instructions (at your own risk).
Spy Sheriff Removal Instructions
Kill the following processes
1950.exe , newdial.exe , spysheriff.exe , uninstall.exe , winstall.exe
Delete these registry entries
SOFTWARE\spysheriff
SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\spysheriff
Remove the following files
1950.exe , Desktop.html , newdial.exe , spysheriff.exe , uninstall.exe , winstall.exe .
SpySheriff.lnk in Desktop\
Remove the following directories
Program Files\spysheriff

AntivirusGold removal
Spyware AntivirusGold Information
Name: AntivirusGold
Category: Trojan
Date: 2005-06-01
Dangerous: Yes

AntivirusGold is an adware application. Antivirus Gold is installed by some trojans without asking for user permission. The deskop wallpaper is modified & advertisement is displayed uring the user to buy Antivirus Gold. Upon clicking on the message, a web explorer is opened to point to www.AntiVirus-Gold.com. The purpose of this trojan is to install itself & pretend that only AntiVirus Gold can remove it.

AntivirusGold Removal Instructions
Kill the following processes
antivirusgold.exe, ongi.exe, uninst.exe
Delete these registry entries
HKEY_CLASSES_ROOT\clsid\{020b1227-417d-4682-9ac3-61f43cb5b6b1}
HKEY_CLASSES_ROOT\clsid\{125494b2-acad-414c-98b9-452f3ef7703a}
HKEY_CLASSES_ROOT\clsid\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}
HKEY_CLASSES_ROOT\clsid\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}
HKEY_CLASSES_ROOT\clsid\{408f660a-9465-44a3-b557-8709dfd992bc}
HKEY_CLASSES_ROOT\clsid\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}
HKEY_CLASSES_ROOT\clsid\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}
HKEY_CLASSES_ROOT\clsid\{8ee6bf73-b370-4d13-9126-eb0071178f2e}
HKEY_CLASSES_ROOT\clsid\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}
HKEY_CLASSES_ROOT\clsid\{9bb7e700-4e48-476d-b75c-6f47606be988}
HKEY_CLASSES_ROOT\clsid\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}
HKEY_CLASSES_ROOT\clsid\{d6d64cdf-0363-4261-b723-29a3af365e1d}
HKEY_LOCAL_MACHINE\software\antivirusgold
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antivirusgold.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antivirusgold
Remove the following files
aglanguage.ini, antivirusgold.exe, antivirusgold.lnk, ongi.exe, shortcut to antivirusgold.lnk, uninst.exe.
antivirusgold 2.0.lnk in Documents and Settings\UserName\administrator\start menu\
Remove the following directories
Documents and Settings\UserName\administrator\start menu\programs\antivirusgold
Program Files\antivirusgold

Elite toolbar removal
Spyware Elite toolbar Information
Name: Elite toolbar
Category: Toolbar
Date: 2005-07-26
Dangerous: Yes

Elite Toolbar (Elitebar) performs malicious actions towards user. It installs adware, spyware and launches other unwanted processes that disturbs your work and wastes your time.
This Toolbar is also known as:
EliteBar.
Below listed processes dlls registry entries files directories are part of this spyware. To manually get rid of it, follow these instructions (at your own risk).

Elite toolbar Removal Instructions
Kill the following processes
elite toolbar.exe, suicidetb.exe, silent_install.exe, protas.exe, protopro.exe, sideb.exe, silent53.exe, elitefmj32.exe, elitekck32.exe, elitexdx32.exe
Unregister the following DLLs and reboot
81635062.dll, elitetoolbar version 60.dll.
elitesidebar 08.dll in Windows\elitesidebar\
elitetoolbar version 59.dll in Windows\elitetoolbar\
Delete these registry entries
HKEY_CLASSES_ROOT\clsid\{0a1d22c3-37be-470c-9c29-e3074ee0574b}
HKEY_CLASSES_ROOT\clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}
HKEY_CLASSES_ROOT\clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}
HKEY_CLASSES_ROOT\clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{825cf5bd-8862-4430-b771-0c15c5ca8def}
HKEY_LOCAL_MACHINE\software\elitum
HKEY_LOCAL_MACHINE\software\elitum\elitetoolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{825cf5bd-8862-4430-b771-0c15c5ca8def}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\antiware
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
HKEY_LOCAL_MACHINE\software\ohbbackup
Remove the following files
81635062.dll, elite toolbar.exe, elitetoolbar version 60.dll, protas.exe, protopro.exe, sideb.exe, silent53.exe, www.gamefly[1].com.
silent_install.exe in Documents and Settings\UserName\local settings\temporary internet files\
suicidetb.exe in Documents and Settings\UserName\local settings\temp\
elitesidebar 08.dll in Windows\elitesidebar\
elitetoolbar version 59.dll in Windows\elitetoolbar\
elitefmj32.exe, elitekck32.exe, elitexdx32.exe in Windows\system32\
Remove the following directories
Windows\elitetoolbar