Winamp 5.12, a popular media player, has a critical vulnerability, which can be utilized by the Exploit.winamp.pls exploit. This threat installs widely spread parasites including SpySheriff and a variant of the CoolWebSearch hijacker to the compromised system. The following manual removal instructions should be used in order to eliminate the parasites that Exploit.winamp.pls drops.
addas32.exeatlya32.exef2install.exeiepn32.exejavaee32.exemfcsp32.exenetef32.exenetrl.exentbe.exentxo32.exesdkuk32.exespysheriff.exewinstall.exe[X1]32.exe[X2].tmp.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunSNInstallHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunSpySheriffHKEY_CLASSES_ROOTCLSID{202B0EFD-2CB9-039B-2B11-A3579D6D56A3}HKEY_CLASSES_ROOTCLSID{7C43E35C-A398-7C5F-B1BA-7E87073BE150}HKEY_CLASSES_ROOTCLSID{9CB4CE93-8CC7-9E03-1037-2DD837E3A52E}HKEY_CURRENT_USERSoftwareSpySheriffHKEY_LOCAL_MACHINESOFTWAREMicrosoft WindowsCurrentVersionUninstallSpySheriff