Rabu, 20 Agustus 2008

Remove Virus " Antivirus XP 2008 "

Not all anti-virus program today will help eliminate the virus from their problem, in this case antivirus XP 2008 is spyware that try to make your computer as spam zombie. Be careful when opening e-mails from someone you do not know, especially daily Top 10 to CNN.com Press Top 10 this message which asks you to update your flash player but in reality this file is the virus.




If you've downloaded and run this file becomes master of viruses and files downloaded from the Internet automatically then run it.




C:\WINDOWS\system32\CbEvtSvc.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe

C:\WINDOWS\system32\lphc7nvj0e52e.exe

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\blphc7nvj0e52e.scr

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\windows\system32\drivers\xxx.sys

C:\Documents and Settings\LocalService\Application Data\584289103.exe

C:\Program Files\rhc3nvj0e52e

C:\Windows\system32\pphc7nvj0e52e.exe

C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e

C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008

C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk




This virus will also make your registry changes :



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc

DisplayName = CbEvtSvc

ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc

DisplayName = CbEvtSvc

ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CbEvtSvc

DisplayName = CbEvtSvc

ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6127a5e3

ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6127a5e3

ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6127a5e3

ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

lphc7nvj0e52e = C:\WINDOWS\system32\lphc7nvj0e52e.exe

SMrhc3nvj0e52e = C:\Program Files\rhc3nvj0e52e\rhc3nvj0e52e.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\software notifier

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e

DisplayName = AntivirXP08

UninstallString = “C:\Program Files\rhc3nvj0e52e\uninstall.exe”

HKEY_LOCAL_MACHINE\software\rhc3nvj0e52e

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion

rhc3nvj0e52e = 8b 6e 99 48 (bynary)

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform

AntivirXP08 = AntiVirXP08 SV1



This virus also will remove your “screen saver” and “desktop” tab on display properties and change your desktop with file %systemroot%\system32\phc7nvj0e52e.bmp and change your screensaver with executed file %systemroot%\\system32\blphc7nvj0e52e.scr to make you panic by showing fake blue screen of death (BSOD) on your screen.


Then this steps to remove virus " Antivirus XP 2008 " :

1. Run computer on "safe Mode"

2. Start --> run --> services.msc ( to stop activity virus )



3. Fine CbEvtSvc then Disable it.

4. Just Copy this code and save as repair.inf, then right click
intall.



[Version]

Signature=”$Chicago$”

Provider=nobody

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”

HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0,
“Explorer.exe”

HKCU, Control Panel\Desktop, ConvertedWallpaper,0, “”

HKCU, Control Panel\Desktop, OriginalWallpaper,0, “”

HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, “”

HKCU, Control Panel\Desktop, Wallpaper,0, “”

HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0,
“”

HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, “”

[del]

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52e

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, services

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52e

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exe

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,
NoDispBackgroundPage

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,
NoDispScrSavPage

HKLM, SYSTEM\CurrentControlSet\Services\6127a5e3

HKLM, SYSTEM\ControlSet002\Services\6127a5e3

HKLM, SYSTEM\ControlSet001\Services\6127a5e3

HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc

HKLM, SYSTEM\ControlSet002\Services\CbEvtSvc

HKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvc

HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc

HKLM, SYSTEM\CControlSet002\Services\CbEvtSvc

HKLM, SOFTWARE\Microsoft\software notifier

HKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e

HKLM, software\rhc3nvj0e52e

HKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52e

HKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User
Agent\Post Platform

HKLM, SOFTWARE\Microsoft\Software Notifier

HKLM, SYSTEM\ControlSet001\Services\125c1fb5

HKLM, SYSTEM\ControlSet002\Services\125c1fb5

HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5



5. Delete the file list like :



C:\WINDOWS\system32\CbEvtSvc.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs
(xx=random).

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe

C:\WINDOWS\system32\lphc7nvj0e52e.exe

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\blphc7nvj0e52e.scr

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\windows\system32\drivers\xxx.sys (xxx random with size 108 KB)

C:\Documents and Settings\LocalService\Application Data\584289103.exe

C:\Program Files\rhc3nvj0e52e

C:\Windows\system32\pphc7nvj0e52e.exe

C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e

C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008

C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet
Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk


6. Don`t forget to intall antivirus up to date recommended like kaspersky, avg, mcafee etc.

7. I hope that is help you.
Diposting oleh di
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)