14.8.08

The infamous Anti Virus XP 2008

As an IT support, I get to deal with various computer problems that can crack the brain out of me; the usual task I have to deal with is viruses. Personally I would prefer to clean the virus instead of formatting it, since it will save me time for format and configure all the network settings, program installation etc. However, lately I have encounter this particular virus that I will just told my client I need to reformat it, and it look something like this:

antivirusxp2008-screen-shot-image

(Picture source from other website, original source unknown)

Basically, what happen here is this program found lot's of virus, asking you to install and register in order to remove the virus (Don't install it!!!). What make this program so easily infested to so many pc is that it actually use the default windows security icon, in some case it use the windows defender icon, making peoples think that it is from the original Microsoft web site.

In the event when the pc is infested with such virus, you will encounter what we called Blue Screen of Death (BSoD) saying that your computer anti virus is not register and needed to register it to fix the problems. Then after that your computer will just getting slower and slower, and it will also try to install other spyware without you knowing it.

Continue reading if you want some advise to remove this.

In most case, if you search through internet, you should able to get a detail description on how to remove this virus, but base on personal experience, it will vary base on situation. Luckily, this particular virus will not spread to your pen drive or any external storage, so you backup your data at ease.

There are few methods you can try:

1. Use system restore to restore your system to a date that you haven't encounter it. Try find it under Startmenu --> All programs --> Accessory --> System tools --> System restore.

Try do a disk cleanup before you proceed to next methods.

2. Try download anti spyware programs like spybot, malwarebytes, ad-adware; install and update to latest definitions. Boot into safe mode by restarting your computer, press F8 before it goes to window screen. Select safe mode, and run a full scan and remove anythings that it found. Also update your anti virus programs and do a full scan in safe mode.

3. Go to start menu --> run (or press windows+R), type msconfig. Then on the startup tab, look for comment like antivirus xp 2008, or some weirds filename that consist letters + number.exe (example: rhcn7cj0ea59.exe) Take note of the filename.

4. Go to start menu --> run (or press windows+R), type regedit. Backup a copy of registry file if you not sure what you are about to do by select File --> Export. After backup, click edit --> find (ctrl+F) search for the filename (eg: rhcn7cj0ea59.exe, personally i recommend for this case search something like rhcn7cj0ea59 or even cj0ea59 for more complete search) Delete any registry that you found, before that take note of the paths. Example: c:\programs file\rhcn7cj0ea59\rhcn7cj0ea59.exe or c:\windows\system32\rhcn7cj0ea59.exe. Then go look for the file or folder and trash them.

After that, run gpedit.msc by go to startmenu --> run. By the way, some of the home edition might not be able to access this due to OS restriction. Go to User configuration -> Administrative Templates -> Control Panel, Display; right click Remove Display in Control Panel -> properties then disable it. Do the same things for

Hide Desktop Tab
Prevent changing wallpaper
Hide Apperance and Themes tab
Hide Settings tab
Hide Screen Saver tab

If everything run smoothly, you should be safe after you perform method 1 or 2, or else you can try 3 & 4 if you are advance users. Still recommend to do a scan after methods 4 to be safe, if after all this, you still experience problems, then I got no choice but to recommend you to format your pc lia loh.

If you have further questions or assistant either email me or leave a comment lah, I see what I can do to help you.