Remove Virus " Antivirus XP 2008 "Not all anti-virus program today will help eliminate the virus from their problem, in this case antivirus XP 2008 is spyware that try to make your computer as spam zombie. Be careful when opening e-mails from someone you do not know, especially daily Top 10 to CNN.com Press Top 10 this message which asks you to update your flash player but in reality this file is the virus.
If you've downloaded and run this file becomes master of viruses and files downloaded from the Internet automatically then run it.
C:\WINDOWS\system32\CbEvtSvc.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe
C:\WINDOWS\system32\lphc7nvj0e52e.exe
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\blphc7nvj0e52e.scr
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\windows\system32\drivers\xxx.sys
C:\Documents and Settings\LocalService\Application Data\584289103.exe
C:\Program Files\rhc3nvj0e52e
C:\Windows\system32\pphc7nvj0e52e.exe
C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
This virus will also make your registry changes :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc
DisplayName = CbEvtSvc
ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
DisplayName = CbEvtSvc
ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CbEvtSvc
DisplayName = CbEvtSvc
ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6127a5e3
ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6127a5e3
ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6127a5e3
ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
lphc7nvj0e52e = C:\WINDOWS\system32\lphc7nvj0e52e.exe
SMrhc3nvj0e52e = C:\Program Files\rhc3nvj0e52e\rhc3nvj0e52e.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\software notifier
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e
DisplayName = AntivirXP08
UninstallString = “C:\Program Files\rhc3nvj0e52e\uninstall.exe”
HKEY_LOCAL_MACHINE\software\rhc3nvj0e52e
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion
rhc3nvj0e52e = 8b 6e 99 48 (bynary)
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform
AntivirXP08 = AntiVirXP08 SV1
This virus also will remove your “screen saver” and “desktop” tab on display properties and change your desktop with file %systemroot%\system32\phc7nvj0e52e.bmp and change your screensaver with executed file %systemroot%\\system32\blphc7nvj0e52e.scr to make you panic by showing fake blue screen of death (BSOD) on your screen.
Then this steps to remove virus " Antivirus XP 2008 " :
1. Run computer on "safe Mode"
2. Start --> run --> services.msc ( to stop activity virus )
3. Fine CbEvtSvc then Disable it.
4. Just Copy this code and save as repair.inf, then right click
intall.
[Version]
Signature=”$Chicago$”
Provider=nobody
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0,
“Explorer.exe”
HKCU, Control Panel\Desktop, ConvertedWallpaper,0, “”
HKCU, Control Panel\Desktop, OriginalWallpaper,0, “”
HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, “”
HKCU, Control Panel\Desktop, Wallpaper,0, “”
HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0,
“”
HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, “”
[del]
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52e
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, services
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52e
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,
NoDispBackgroundPage
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,
NoDispScrSavPage
HKLM, SYSTEM\CurrentControlSet\Services\6127a5e3
HKLM, SYSTEM\ControlSet002\Services\6127a5e3
HKLM, SYSTEM\ControlSet001\Services\6127a5e3
HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc
HKLM, SYSTEM\ControlSet002\Services\CbEvtSvc
HKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc
HKLM, SYSTEM\CControlSet002\Services\CbEvtSvc
HKLM, SOFTWARE\Microsoft\software notifier
HKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e
HKLM, software\rhc3nvj0e52e
HKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52e
HKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User
Agent\Post Platform
HKLM, SOFTWARE\Microsoft\Software Notifier
HKLM, SYSTEM\ControlSet001\Services\125c1fb5
HKLM, SYSTEM\ControlSet002\Services\125c1fb5
HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5
5. Delete the file list like :
C:\WINDOWS\system32\CbEvtSvc.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs
(xx=random).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe
C:\WINDOWS\system32\lphc7nvj0e52e.exe
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\blphc7nvj0e52e.scr
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\windows\system32\drivers\xxx.sys (xxx random with size 108 KB)
C:\Documents and Settings\LocalService\Application Data\584289103.exe
C:\Program Files\rhc3nvj0e52e
C:\Windows\system32\pphc7nvj0e52e.exe
C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet
Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
6. Don`t forget to intall antivirus up to date recommended like kaspersky, avg, mcafee etc.
7. I hope that is help you.
Source : http://dhuwuh.blogspot.com/2008/08/remove-virus-antivirus-xp-2008.html
![[Valid RSS]](http://i416.photobucket.com/albums/pp244/dhuwuh/valid-rss.png "Validate my RSS feed")
6 comments:
thanks atas ilmunya...
sangat bermanfaat....
hi
thanks for sharing very nice tips for removing virus.
Anti virus scan
Antivirus Software Review
Free Virus Scan
let's remove them..
good arcticel
SeoWaps
Bagi anda yang sedang mencari Peluang Usaha Modal Kecil Silahkan buka link berikut Peluang Usaha Rumahan
Post a Comment
"Using DOFOLLOW System. Pease don`t SPAM!!!"
Thanks To Comment My Articles. God Bless You People.