Related:
- Joke-bluescreen.c and Antivirus XP 2008
- Stinger antivirus - Download - Antivirus
- Windows xp sp3 download - Download - Windows
- Kingsoft antivirus - Download - Antivirus
- Windows xp simulator download - Download - Other
- Eset antivirus download - Download - Antivirus
13 responses
I'm the lead help desk tech for a nationwide advertising magazine, and we just had our entire Exchange Server network hit with the darn AVXP2k8 bug. Here is the fix we use to get it off the computer, and it only takes about 10 mins if you have a clue about what you're doing.
What the virus does:
- It places its core file in C:\Program Files\#randomname# - easy to spot. Usually something like rhcgsbj0elj0
- It removes access to the Desktop and Screen Saver tabs in the Desktop Properties window through registry changes.
- It places a .bmp and a .scr file in C:\Windows\system32 - easy to spot. Once you bring back the Desktop and Screensaver tabs you will see their names and can delete them if antivirus does not catch them first.
To fix quickly:
Use the registry fix I wrote to correct several changes that it makes.
- Brings back the Desktop and Screensaver tabs to desktop properties
- Fixes changes made to wallpaper and screensaver settings (allows the virus to re-propagate if not fixed asap)
Save the following text as a .reg file (you pick the name) and run it.
=--------------------=
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ConvertedWallpaper"="C:\\Windows\\Zapotec.bmp"
"OriginalWallpaper"="C:\\Windows\\Zapotec.bmp"
"SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\sspipes.scr"
"Wallpaper"="C:\\Windows\\Zapotec.bmp"
=--------------------=
Now for some minor hunting ...
Navigate in regedit to HKEY_LOCAL_MACHINE\SOFTWARE\ and look for a random folder name, e.g. rhcgsbj0elj0, and delete the whole thing. The registry keys it holds all show links to the .bmp and .scr and other .exe nasties that the virus tossed out.
Navigate in regedit to --HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-- and look for several random items in there. They have nonsensical names and should be easy to spot. There are usually 3-4.
Examples: SMrhcgsbj0elj0, zjyacadj, lphclsbj0elj0
Once the registry is cleaned out removing the virus is made much easier.
Run Task Manager and find the random named .exe files that are running.
Open --C:\Program Files-- and look for the random folder name that holds the virus, e.g. --rhcgsbj0elj0--. There are 2 files you can delete from it immediately, a .dat and a --license-- file. Make note of the name of the .exe file in the folder so you know which application to end task on first. You will have to end task on the random .exe file in Task Manager, then QUICKLY switch over to the other window to delete the virus file before it can toss out another thread and you get those lovely --cannot delete file because it is already in use-- errors. Once the .exe part of the virus is gone, the folder the rest of it is in can be removed easily and you can end task on the remaining virus files. This usually keeps the virus off permanently.
Once this is done it is highly recommended that you update your anti-virus software and perform a full scan on the computer. If you don't have any try AVG Free from Grisoft. It's pretty good and we use it on folks who have personal computers used for business purposes.
What the virus does:
- It places its core file in C:\Program Files\#randomname# - easy to spot. Usually something like rhcgsbj0elj0
- It removes access to the Desktop and Screen Saver tabs in the Desktop Properties window through registry changes.
- It places a .bmp and a .scr file in C:\Windows\system32 - easy to spot. Once you bring back the Desktop and Screensaver tabs you will see their names and can delete them if antivirus does not catch them first.
To fix quickly:
Use the registry fix I wrote to correct several changes that it makes.
- Brings back the Desktop and Screensaver tabs to desktop properties
- Fixes changes made to wallpaper and screensaver settings (allows the virus to re-propagate if not fixed asap)
Save the following text as a .reg file (you pick the name) and run it.
=--------------------=
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ConvertedWallpaper"="C:\\Windows\\Zapotec.bmp"
"OriginalWallpaper"="C:\\Windows\\Zapotec.bmp"
"SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\sspipes.scr"
"Wallpaper"="C:\\Windows\\Zapotec.bmp"
=--------------------=
Now for some minor hunting ...
Navigate in regedit to HKEY_LOCAL_MACHINE\SOFTWARE\ and look for a random folder name, e.g. rhcgsbj0elj0, and delete the whole thing. The registry keys it holds all show links to the .bmp and .scr and other .exe nasties that the virus tossed out.
Navigate in regedit to --HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-- and look for several random items in there. They have nonsensical names and should be easy to spot. There are usually 3-4.
Examples: SMrhcgsbj0elj0, zjyacadj, lphclsbj0elj0
Once the registry is cleaned out removing the virus is made much easier.
Run Task Manager and find the random named .exe files that are running.
Open --C:\Program Files-- and look for the random folder name that holds the virus, e.g. --rhcgsbj0elj0--. There are 2 files you can delete from it immediately, a .dat and a --license-- file. Make note of the name of the .exe file in the folder so you know which application to end task on first. You will have to end task on the random .exe file in Task Manager, then QUICKLY switch over to the other window to delete the virus file before it can toss out another thread and you get those lovely --cannot delete file because it is already in use-- errors. Once the .exe part of the virus is gone, the folder the rest of it is in can be removed easily and you can end task on the remaining virus files. This usually keeps the virus off permanently.
Once this is done it is highly recommended that you update your anti-virus software and perform a full scan on the computer. If you don't have any try AVG Free from Grisoft. It's pretty good and we use it on folks who have personal computers used for business purposes.
truste1
Posts
15
Registration date
Friday August 8, 2008
Status
Member
Last seen
February 28, 2009
1
Aug 12, 2008 at 06:15 AM
Aug 12, 2008 at 06:15 AM
hi there,
have you tried another antivirus scan on your pc ? if not i would recommend you to use zonealarm its a trial version but will help you for the time being to get rid of those viruses? but im asking myself if its not registry problems also ?
you can download a res=gistry fix have it install and then repair the registry try the two solutions ive given you and if its not good then rewrite here.
thank you
have you tried another antivirus scan on your pc ? if not i would recommend you to use zonealarm its a trial version but will help you for the time being to get rid of those viruses? but im asking myself if its not registry problems also ?
you can download a res=gistry fix have it install and then repair the registry try the two solutions ive given you and if its not good then rewrite here.
thank you
Hi! leeann i am experiences that kind of issue just try to remove ur anti-virus and replace kaspersky but it takes time to scan coz your PC is infected trojan.downloader and make sure disconnect your internet after that re scan on malware-bytes anti-malware in definitely remove malicious code on the registry....
regards,
jovax
regards,
jovax
I use Avast. I sent an email to support@avast.com asking them to tell me how to remove AntiVirus XP 2008. They replied and below is the gist of it. It was not hard to do. I recommend you contact them.
This is what I did as per instructions from Avast:
1. Turn off system restore: Start/Control Panel/System/System Restore and check "Turn off System Restore."
2. Schedule a boot time scan in Avast with the advanced option to move infected items to the chest:
start Avast, right-click in the main window, select Schedule Boot-time Scan, select advanced options and choose "Move to Chest."
3. Restart the computer when prompted. Avast will restart and do a boot-time scan.
After the scan has finished and moved any viruses to the chest, do the following:
4. Turn system restore back on.
5. Download and run the lastest version of AdAware (www.lavasoft.com).
6. Remove any threat it finds.
6. When prompted to create a restore point in AdAware do so.
This should fix your computer. This virus is everywhere. I have picked it up twice in the last week. The people at Avast saved me.</souligne></ital>
This is what I did as per instructions from Avast:
1. Turn off system restore: Start/Control Panel/System/System Restore and check "Turn off System Restore."
2. Schedule a boot time scan in Avast with the advanced option to move infected items to the chest:
start Avast, right-click in the main window, select Schedule Boot-time Scan, select advanced options and choose "Move to Chest."
3. Restart the computer when prompted. Avast will restart and do a boot-time scan.
After the scan has finished and moved any viruses to the chest, do the following:
4. Turn system restore back on.
5. Download and run the lastest version of AdAware (www.lavasoft.com).
6. Remove any threat it finds.
6. When prompted to create a restore point in AdAware do so.
This should fix your computer. This virus is everywhere. I have picked it up twice in the last week. The people at Avast saved me.</souligne></ital>
Didn't find the answer you are looking for?
Ask a question
Hi LeeAnn,
In case you haven't found a workable a solution, here's another one. My son gave me a program called reanimator that can be downloaded from "https://www.greatis.com/security/download.htm" for free. It worked for me!
Best Wishes, Tom
In case you haven't found a workable a solution, here's another one. My son gave me a program called reanimator that can be downloaded from "https://www.greatis.com/security/download.htm" for free. It worked for me!
Best Wishes, Tom
You may want to try setting up your anti-virus software to check the root kit of the PC. I've caught 16 virus' and spyware hidding out thanks to webroot anti-virus/spysweeper. Sure it coast 29 bucks a year for virus updates but usually on one or two traces of virus or adware will make it on to my PC...where it meets up with my friend mr quarantine. :).
use the latest version of maleware bytes... it got rid of 2008 and 2009 that infected my computer after that install and run spybot search and destroy and run that it should get any thing left over... make sure you update them both first.. run full scan with both start with malewarebytes then use spybot... hope this helps!!!
http://www.freepchelp.co.uk/forum/malware-removal-av-firewalls-etc/3344-anti-virus-xp2008.html
this link will clear up problem it worked for me scroll down and follow the instructions
this link will clear up problem it worked for me scroll down and follow the instructions
The fake blue screen log on is not a virus thus rendering your Anti-Virus inept
try using combofix to get rid of this problem and in future be wary of what you download
or even the sites you visit i recommend using kaspersky internet security 2009!
Visit combofix's home here>
https://www.bleepingcomputer.com/combofix/how-to-use-combofix
Its free.
X_Spec
try using combofix to get rid of this problem and in future be wary of what you download
or even the sites you visit i recommend using kaspersky internet security 2009!
Visit combofix's home here>
https://www.bleepingcomputer.com/combofix/how-to-use-combofix
Its free.
X_Spec
Installing more free 'antivirus' software is only going to aggravate your problem.
I'd suggest putting all of your files onto a USB (you said her computer was new, so probably not too much trouble)
Reinstall OS and drivers (It should get rid of all the viruses, even the ones lurking in the system files)
Install Norton or McAfee- stick to the well known.
Always update!!
Hope this helps!
I'd suggest putting all of your files onto a USB (you said her computer was new, so probably not too much trouble)
Reinstall OS and drivers (It should get rid of all the viruses, even the ones lurking in the system files)
Install Norton or McAfee- stick to the well known.
Always update!!
Hope this helps!
Hi,
I can help you. Antivirus 2008 is actually spyware. It is not a real antivirus program. Malwarebytes Antimalware should get rid of it and if id does not, then you may need some other tools I use antimalware and it gets rid of it. I have a business in computers. Let me know if that does not work.
I can help you. Antivirus 2008 is actually spyware. It is not a real antivirus program. Malwarebytes Antimalware should get rid of it and if id does not, then you may need some other tools I use antimalware and it gets rid of it. I have a business in computers. Let me know if that does not work.
Sep 21, 2008 at 01:42 PM
Thanks again - this was a great post and now I have a functional laptop again - woohoo.
Gigi