Hi im doing a mini project for my course and im testing malware in a virtual machine, so I went to spysheriffs main url and downloaded there program. I expected it to install loads of files in /windows/system32 and other places. However it only installed in program files and when I uninstalled it all traces were removed. whats going on, are spysheriff and other smifraud variants able to detect that theyre being run in a virtual environment? Or are they not malware any more? I would install them on a machine if I had one, but I dont have a spare machine available. So thought id ask the experts!