Home Who's Online Today's Posts Mark Forums Read
Go Back   The Utopia Forum >
Public Discussions > Announcements
Register FAQDonate Members List Calendar Mark Forums Read

Reply Share
 
Thread Tools Display Modes
  #1  
Old 08-25-2008, 11:57 AM
Revroy's Avatar
Revroy Revroy is offline
UTOPIA Lifer
 
Join Date: Sep 2006
Location: Greenwood, Indiana
Posts: 8,549
Revroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to behold
Default How to remove Antivirus XP 2008 (Uninstall Instructions)

What this program does:

Antivirus XP 2008 is a new rogue anti-spyware program that is advertised through Trojans and other malware. It is advertised in the form of fake security alerts and warnings on web sites that state you are infected with malware or are being attacked in some manner. When you click on these ads, it will automatically download the installer for Antivirus XP 2008 and install it on your machine. In some cases, this program is installed without any intervention at all from you.

Once installed, Antivirus XP 2008 will scan your computer and display a variety of security risks found on your computer that can only be removed if you purchase a license of the software. These risks, though, are all fake and are only being displayed to scare you into thinking you are infected and thus purchase their software. Another tactic that Antivirus XP 2008, and the accompanied malware, uses is to change your desktop background to be a message stating you are infected, popups and fake alerts stating your computer is being attacked, and a fake Internet Explorer page that states Google has found your computer to be infected. All of these are further scare tactics and should be ignored. These methods are all illustrated in the images below.

Screen shot of Antivirus XP 2008




This guide will walk you through removing the Antivirus XP 2008 program and its associated malware for free.



Threat Classification:
Information on Rogue Programs



Advanced information:
View Antivirus XP 2008 files.
View Antivirus XP 2008 Registry Information.



Add/Remove Programs control panel entry:
AntivirXP08



Tools Needed for this fix:
Malwarebytes' Anti-Malware



Symptoms that may be in a HijackThis Log:
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe



Guide Updates:
06/25/08 - Initial guide creation.



Automated Removal Instructions for Antivirus XP 2008 using Malwarebytes' Anti-Malware:


Print out these instructions as we will need to close every window that is open later in the fix.

Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:

Code:
http://rapidshare.com/files/140547859/malwarebytes.Rev.rar
Once downloaded, close all programs and Windows on your computer, including this one.

Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Antivirus XP 2008 related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
When the scan is finished a message box will appear as shown in the image below.
You should click on the OK button to close the message box and continue with the AntivirusXP2008 removal process.

You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

A screen displaying all the malware that the program found will be shown as seen in the image below.
You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

You can now exit the MBAM program.

Your computer should now be free of the AntivirusXP2008 program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

EDIT:Scroll down and read my notes below, I just uninstalled this beast....




Associated Antivirus XP 2008 Files:
Note, Some of these files and folders may be random:

C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\pntqkflv.dll
c:\Program Files\rhcnkrj0etfg
c:\Program Files\rhcnkrj0etfg\database.dat
c:\Program Files\rhcnkrj0etfg\license.txt
c:\Program Files\rhcnkrj0etfg\MFC71.dll
c:\Program Files\rhcnkrj0etfg\MFC71ENU.DLL
c:\Program Files\rhcnkrj0etfg\msvcp71.dll
c:\Program Files\rhcnkrj0etfg\msvcr71.dll
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfg.exe.local
c:\Program Files\rhcnkrj0etfg\rhcnkrj0etfgSkin.dll
c:\Program Files\rhcnkrj0etfg\Uninstall.exe
c:\WINDOWS\system32\pphcjkrj0etfg.exe
c:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
%UserProfile%\Application Data\rhcnkrj0etfg
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuAllU sers
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Autorun\StartMenuCurr entUser
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\BrowserObjects
%UserProfile%\Application Data\rhcnkrj0etfg\Quarantine\Packages



Associated Antivirus XP 2008 Windows Registry Information:
Note, Some of these Registry keys and values may be random:

HKEY_LOCAL_MACHINE\SOFTWARE\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\rhcnkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion "rhcnkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform "AntivirXP08"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "SMrhcnkrj0etfg"
__________________

Reply With Quote
  #2  
Old 08-25-2008, 05:07 PM
Bolan's Avatar
Bolan Bolan is offline
Admin
 
Join Date: Jan 2007
Location: Frozen north
Posts: 5,490
Bolan is a name known to allBolan is a name known to allBolan is a name known to allBolan is a name known to allBolan is a name known to allBolan is a name known to all
Default

good info..hope it helps someone..
__________________

Reply With Quote
  #3  
Old 08-25-2008, 06:15 PM
Revroy's Avatar
Revroy Revroy is offline
UTOPIA Lifer
 
Join Date: Sep 2006
Location: Greenwood, Indiana
Posts: 8,549
Revroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to behold
Default

This thing will hijack most of your startups (regedit, start menu, display properties), and make it almost impossible to recover. You might have to right-click the "start" button, click "Properties", and revert to the "Classic start menu" to get the program to run. Also disable "System restore", if you are using it, as it will restore the virus on the next startup. I THINK I'm clean, now.
__________________

Reply With Quote
  #4  
Old 08-26-2008, 10:04 AM
dppanda's Avatar
dppanda dppanda is offline
Moderator
 
Join Date: Sep 2006
Posts: 2,737
dppanda will become famous soon enoughdppanda will become famous soon enough
Default

NIce Information Rev...Thanks

Here is another Manual way to remove Antivirus XP 2008

1. download RRT

2. Click enable all [Note you may need administrative rights]

3. Click Start /Run /type regedit

4. find Antivirus XP 2008

5. delete if found

6. press [F3] and repeat for next delete ..Continue same procedure to delete all

7. Restart your PC

8. Now you can use any one of the anti-spy software...download here | Xoftspy | | Malwarebytes Anti-Malware | | AVG Anti Malware |

9. That is it

10. Enjoy and Shout | Here |
__________________


Important:- Follows Rules || Code & Hide || Dead Link || Contact Us

You have my COMPLETE attention… Until someone BETTER comes along…
Life without a friend is like death without a witness.

Reply With Quote
  #5  
Old 08-26-2008, 11:13 AM
rafflesrooster rafflesrooster is offline
Senior Member
 
Join Date: Feb 2008
Posts: 240
rafflesrooster is an unknown quantity at this point
Default

wish this had been on last week, i ended up reformating my daughters pc because i could get rid of the bloody thing
Reply With Quote
  #6  
Old 08-26-2008, 02:08 PM
Bolan's Avatar
Bolan Bolan is offline
Admin
 
Join Date: Jan 2007
Location: Frozen north
Posts: 5,490
Bolan is a name known to allBolan is a name known to allBolan is a name known to allBolan is a name known to allBolan is a name known to allBolan is a name known to all
Default

Quote:
Originally Posted by rafflesrooster View Post
wish this had been on last week, i ended up reformating my daughters pc because i could get rid of the bloody thing
yes too bad...its becoming more wide spread each day.
__________________

Reply With Quote
  #7  
Old 08-27-2008, 08:18 AM
Revroy's Avatar
Revroy Revroy is offline
UTOPIA Lifer
 
Join Date: Sep 2006
Location: Greenwood, Indiana
Posts: 8,549
Revroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to behold
Default Antivirus XP

Also recommended to remove this: Spyhunter 3
Code:
http://rapidshare.com/files/140547630/spyhunt.Rev.rar
__________________

Reply With Quote
  #8  
Old 08-27-2008, 12:08 PM
archer7 archer7 is offline
Senior Member
 
Join Date: Oct 2006
Posts: 507
archer7 is an unknown quantity at this point
Default

thanks for the fix. have the same problem.
Reply With Quote
  #9  
Old 08-28-2008, 09:30 AM
nopuxsucks's Avatar
nopuxsucks nopuxsucks is offline
Mod
 
Join Date: Sep 2007
Posts: 1,104
nopuxsucks will become famous soon enough
Default

Thaks Rev, one of my freinds had it. I forwarded your post and he said it worked like a charm! I don't care what Webby says, you are NOT worthless...
LOL
Your bud
Pux


__________________



Reply With Quote
  #10  
Old 08-28-2008, 06:01 PM
Revroy's Avatar
Revroy Revroy is offline
UTOPIA Lifer
 
Join Date: Sep 2006
Location: Greenwood, Indiana
Posts: 8,549
Revroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to beholdRevroy is a splendid one to behold
Default

LOL, you LISTEN to Webby???
__________________

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 08:46 AM.




 

  Add Your URL |  King Fire |  KStar Hosting |  [Directory]




Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
We do not allow any posts that relate to copyrighted material.