In the process of installing LimeWire, I also downloaded and installed a Java Plug-in that appears to have a reporting function to a marketing company called RedSheriff.com. I feel very uncomfortable about this. So much so that I uninstalled LimeWire. I cannot get rid if this RedSheriff though. Anyone heard if it or know how to get rid of it.(there was no warning about it prior to install either)[MAD]
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
RedSheriff
- Thread starter IanRob
- Start date
I did a little digging, always curious about new spyware.
The first scary fact that I dug up is that Ad-Aware doesn't detect this one (yet).
RedSheriff seems to plant a java script in the IE cache. Best chances of removing it are to delete the temporary internet files and the cookies. If you stumble across these 2 files, Measure[1].class and SleepThread[1].class, delete them.
Should that not work, you could leave it installed and just block it's internet access with a firewall.
This is advice from Tom Cats Spyware List:
(
We recommend blocking the following IP ranges in your firewall to prevent contact with RedSheriff and their affiliated imrworldwide.com servers:
203.89.243.0-203.89.243.255
203.166.18.0-203.166.18.255
212.187.128.0-212.187.255.255
In addition you can modify the hosts file (found in C:\WINNT\system32\drivers\etc) to stop Redsheriff from reaching its servers.
These are the HOSTS file entries required
# IMRworldwide (Red Sheriff)
127.0.0.1 devfw.imrworldwide.com
127.0.0.1 fe1-au.imrworldwide.com
127.0.0.1 fe1-fi.imrworldwide.com
127.0.0.1 fe1-it.imrworldwide.com
127.0.0.1 fe2-au.imrworldwide.com
127.0.0.1 fe3-au.imrworldwide.com
127.0.0.1 fe3-gc.imrworldwide.com
127.0.0.1 fe3-uk.imrworldwide.com
127.0.0.1 fe4-uk.imrworldwide.com
127.0.0.1 imrworldwide.com
127.0.0.1 ninemsn.imrworldwide.com
127.0.0.1 rc-au.imrworldwide.com
127.0.0.1 redsheriff.com
127.0.0.1 server-au.imrworldwide.com
127.0.0.1 server-br.imrworldwide.com
127.0.0.1 server-ca.imrworldwide.com
127.0.0.1 server-de.imrworldwide.com
127.0.0.1 server-dk.imrworldwide.com
127.0.0.1 server-fi.imrworldwide.com
127.0.0.1 server-fr.imrworldwide.com
127.0.0.1 server-hk.imrworldwide.com
127.0.0.1 server-it.imrworldwide.com
127.0.0.1 server-jp.imrworldwide.com
127.0.0.1 server-no.imrworldwide.com
127.0.0.1 server-nz.imrworldwide.com
127.0.0.1 server-se.imrworldwide.com
127.0.0.1 server-sg.imrworldwide.com
127.0.0.1 server-stockh.imrworldwide.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 server-us.imrworldwide.com
127.0.0.1 telstra.imrworldwide.com
127.0.0.1 127.0.0.1 127.0.0.1
I hope this info helps. For more detailed help, you may want to visit the forums at Gibson Research Corporation or Lavasoft.
![[yinyang]](/data/assets/smilies/yinyang.gif "[yinyang] [yinyang]")
In a world without walls and fences, who needs Windows and Gates?
The first scary fact that I dug up is that Ad-Aware doesn't detect this one (yet).
RedSheriff seems to plant a java script in the IE cache. Best chances of removing it are to delete the temporary internet files and the cookies. If you stumble across these 2 files, Measure[1].class and SleepThread[1].class, delete them.
Should that not work, you could leave it installed and just block it's internet access with a firewall.
This is advice from Tom Cats Spyware List:
(
We recommend blocking the following IP ranges in your firewall to prevent contact with RedSheriff and their affiliated imrworldwide.com servers:
203.89.243.0-203.89.243.255
203.166.18.0-203.166.18.255
212.187.128.0-212.187.255.255
In addition you can modify the hosts file (found in C:\WINNT\system32\drivers\etc) to stop Redsheriff from reaching its servers.
These are the HOSTS file entries required
# IMRworldwide (Red Sheriff)
127.0.0.1 devfw.imrworldwide.com
127.0.0.1 fe1-au.imrworldwide.com
127.0.0.1 fe1-fi.imrworldwide.com
127.0.0.1 fe1-it.imrworldwide.com
127.0.0.1 fe2-au.imrworldwide.com
127.0.0.1 fe3-au.imrworldwide.com
127.0.0.1 fe3-gc.imrworldwide.com
127.0.0.1 fe3-uk.imrworldwide.com
127.0.0.1 fe4-uk.imrworldwide.com
127.0.0.1 imrworldwide.com
127.0.0.1 ninemsn.imrworldwide.com
127.0.0.1 rc-au.imrworldwide.com
127.0.0.1 redsheriff.com
127.0.0.1 server-au.imrworldwide.com
127.0.0.1 server-br.imrworldwide.com
127.0.0.1 server-ca.imrworldwide.com
127.0.0.1 server-de.imrworldwide.com
127.0.0.1 server-dk.imrworldwide.com
127.0.0.1 server-fi.imrworldwide.com
127.0.0.1 server-fr.imrworldwide.com
127.0.0.1 server-hk.imrworldwide.com
127.0.0.1 server-it.imrworldwide.com
127.0.0.1 server-jp.imrworldwide.com
127.0.0.1 server-no.imrworldwide.com
127.0.0.1 server-nz.imrworldwide.com
127.0.0.1 server-se.imrworldwide.com
127.0.0.1 server-sg.imrworldwide.com
127.0.0.1 server-stockh.imrworldwide.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 server-us.imrworldwide.com
127.0.0.1 telstra.imrworldwide.com
127.0.0.1 127.0.0.1 127.0.0.1
I hope this info helps. For more detailed help, you may want to visit the forums at Gibson Research Corporation or Lavasoft.
In a world without walls and fences, who needs Windows and Gates?- Thread starter
- #3
Thanks Tourist, I will follow it up, but for the time being I am disabling Java(Sun) because I do not believe Java(Sun) enhances my "Internet experience" enough to warrant being spied on. I will also encourage others to do so as well.
- Status