Home � Antispyware , Antivirus , Protection , Security , Tips � Fake IE7 Download Mails - Beware!

Fake IE7 Download Mails - Beware!

sparksspace | Friday, August 08, 2008 | 0 comments

There seem to be quite a few of these in circulation over the past day or so. I have got this one.

This mail pretends to come from Microsoft, but it's not. There are many different links being used for the download. Microsoft don't send out EMails asking you to download files from random, non-Microsoft websites.

If you click the link and install the file, then it downloads/installs the rogue security software Antivirus XP 2008 and its related files.A fake antivirus program appear on your desktop.

By the time you see this, its probably too late. This threat also known to send the user fake infected alerts to provoke the victim into buying the product. It also utilizes the Sysinterals fake Blue Screen of Death Screen Saver to scare the victim.

AntivirusXP 2008, also known as also known as XP Antivirus 2008, Antivirus 2008 XP or AntiVirXP08, is a rogue anti-spyware program that performs fake system scans and displays warning messages to lure you to purchase AntivirusXP 2008's full version. AntivirusXP 2008 is usually downloaded and installed via a trojan called Zlob found on a media codecs that are downloaded from adult websites. AntivirusXP 2008 prompts users with warning messages and popups that state that you are infected with spyware in an attempt to get you to buy AntivirusXP 2008's commercial version. Another attempt used by AntivirusXP 2008 is to perform system scans that show false positives. AntivirusXP 2008 is not a legitimate spyware removal tool. AntivirusXP 2008 is clone of Xp Antivirus, XPAntivirus2008 and Antivirus 2008

Symptoms of Antivirus XP 2008

Pop up balloon warning messages claiming that your PC is infected.

"Critical System Error",
"Your computer is infected",
Hijacked homepage to obscure webpage.
Flashing icons appear on your system tray (Near of your system clock).

Antivirus XP 2008 Manual Removal Instructions:

Go to Start > Search > All Files or Folders.

In the "All or part of the the file name" section, type in "Antivirus XP 2008" file name(s).

To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.

When Windows finishes your search, hover over the "In Folder" of "Antivirus XP 2008", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Antivirus XP 2008 in the following manual removal steps.

"Antivirus XP 2008" files can be found in the directory path(s):

%ProgramFiles%\rhcn7cj0ea59
%AppData%\rhcn7cj0ea59
%AllUsersProfile%\Start Menu\Programs\Antivirus XP 2008

Step 2 : Use Windows Task Manager to Remove Antivirus XP 2008 Processes

To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for "Antivirus XP 2008" process by name.
Select the "Antivirus XP 2008" process and click on the "End Process" button to kill it.
Remove the "Antivirus XP 2008" processes files

c:\WINDOWS\system32\pphcjkrj0etfg.exe
c:\Program Files\rhcnkrj0etfg\Uninstall.exe
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
rhcn7cj0ea59.exe
lphcj7cj0ea59.exe
pphcj7cj0ea59.exe

Step 3 : Use Registry Editor to Remove Antivirus XP 2008 Registry Values

To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Antivirus XP 2008" value, right-click on it and select the "Delete" option.
Locate and delete "Antivirus XP 2008" registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "AntivirXP08"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SMrhcnkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "rhcnkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfg
rhcn7cj0ea59
SOFTWARE\Microsoft\Windows\CurrentVersion\rhcn7cj0ea59
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008

Step 4 : Use Windows Command Prompt to Unregister Antivirus XP 2008 DLL Files

To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Antivirus XP 2008 DLL file is located and press the "Enter" button on your keyboard. If you don't know where Antivirus XP 2008 DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Antivirus XP 2008" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Antivirus XP 2008.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Antivirus XP 2008" DLL files:

C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfgSkin.dll
c:\Program Files\rhcnkrj0etfg\msvcr71.dll
c:\Program Files\rhcnkrj0etfg\msvcp71.dll
c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
c:\Program Files\rhcnkrj0etfg\MFC71.dll

Step 5 : Detect and Delete Other Antivirus XP 2008 Files

To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Antivirus XP 2008" process and click on the "End Process" button to kill it.
Remove the "Antivirus XP 2008" processes files:

c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Packages
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllUsers
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurrentUser
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine
%UserProfile%\Application Data\rhcnkrj0etfg
c:\WINDOWS\system32\pphcjkrj0etfg.exe
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
c:\Program Files\rhcnkrj0etfg\Uninstall.exe
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfgSkin.dll
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
c:\Program Files\rhcnkrj0etfg\msvcr71.dll
c:\Program Files\rhcnkrj0etfg\msvcp71.dll
c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
c:\Program Files\rhcnkrj0etfg\MFC71.dll
c:\Program Files\rhcnkrj0etfg\database.dat
c:\Program Files\rhcnkrj0etfg\license.txt
c:\Program Files\rhcnkrj0etfg
rhcn7cj0ea59.exe
lphcj7cj0ea59.exe
pphcj7cj0ea59.exe
SMrhcn7cj0ea59
Register Antivirus XP 2008.lnk
How to Register Antivirus XP 2008.lnk
Antivirus XP 2008.lnk

Tools to remove Antivirus XP 2008

Download - Removal Tool for Antivirus XP 2008 or

Download Antivirus XP 2008 Removal Tool or

Download AntivirusXP2008 scanner

Category: Antispyware, Antivirus, Protection, Security, Tips

Welcome to SparksSpace . This blog launched on Dec 2007 with a focus on Technology.You can find latest Computer Software, Tutorials, Tricks,Tips & Software promotions here!