Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old July 21, 2008, 05:07 PM
omgwtf's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Montreal
Posts: 1,898
Default quick question...



Seemed that I had some trojans on my pc..I have Kaspersky 7.0, Spybot, Ad-aware, Hitman Pro..what else do I need to install?

So, now that "i guess i'm free" ..its normal that those things remain in the msconfig thingie?..They aren't showing up in regedit..
__________________
Memento mori
Reply With Quote
  #2 (permalink)  
Old July 21, 2008, 05:18 PM
CMetaphor's Avatar
Quadfather
 
Join Date: May 2007
Location: Montreal, Canada
Posts: 4,991

My System Specs

Default

Google the names of those startup items and tells us what it tells ya
__________________
"Backed by common sense and physics!" -Squeetard
Opteron Server for Sale! http://www.hardwarecanucks.com/forum...ade-ideas.html
Reply With Quote
  #3 (permalink)  
Old July 21, 2008, 05:25 PM
omgwtf's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Montreal
Posts: 1,898
Default

Seems that i've been infected with "antivirus xp 2008"

This is how I got rid of Antivirus XP 2008. It is different than the XP Antivirus 2008 most sites refer to.

First you need to stop the program from loading on startup. This is what you do to stop it:

Start, run

Type msconfig

Go to Startup tab

Uncheck lphc35dj0e1an
Uncheck rhc75dj0e1an

Click apply, then ok
Restart computer


Then you need to delete the main files this program uses. Delete the following file:

C:\windows\system32\lphc35dj0e1an.exe

Then delete the following folder and all files in it:

C:\program files\rhc75dj0e1an

This should remove the program from your system but you probably still have a warning message displayed as your wallpaper in Windows and the virus removed the ability to change the wallpaper or your desktop settings.

To restore ability to change your desktop settings and select a different wallpaper and screen saver do the following:

Start, run

type Gpedit.msc

Navigate to User configuration, Administrative Templates, Control Panel, Display

Right click on Remove Display in Control Panel
Click on Properties and select Disabled

Do the same steps to change the following attributes to disabled:

Hide Desktop Tab
Prevent changing wallpaper
Hide Apperance and Themes tab
Hide Settings tab
Hide Screen Saver tab

You should now be able to use your computer normally and change the wallpaper to something other than the warning message Antivirus XP 2008 set it to.

Those names don't show up nothing specifically on google..but it seems they're the same..
__________________
Memento mori
Reply With Quote
  #4 (permalink)  
Old July 21, 2008, 05:55 PM
Infiniti's Avatar
Hall Of Fame
F@H
 
Join Date: Aug 2007
Location: Vancouver, BC
Posts: 1,388

My System Specs

Default

I once had someone who brought me a computer that was INFESTED with viruses. One of the things there was similar to that program you talk about. I found that the easiest way to remove it was to either use SpyHunter or ESET Nod32.
Reply With Quote
  #5 (permalink)  
Old July 21, 2008, 06:22 PM
omgwtf's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Montreal
Posts: 1,898
Default

I'm not infected..I was, but those things just remained there in the msconfig startup list..i've scanned already in safemode with kaspersky, ad-aware, spybot..etc and nothing found, so there's no need to install nod and spyhunter ...I don't think they represent a threat since they weren't found as infected..
__________________
Memento mori
Reply With Quote
  #6 (permalink)  
Old July 21, 2008, 08:24 PM
magictorch's Avatar
Hall Of Fame
F@H
 
Join Date: Apr 2007
Location: Annapolis Valley, NS
Posts: 1,835
Default

I use trendmicro's online scan option. Its a very powerful scan and removal system.
__________________
White Night:: i7920 (4ghz), Rampage III extreme (A1), Mushkin XP 1600 (9,9,9,24),SLI480., white MM horizon.
CPU: Feser 220 int.|Apogee GTZ|S.Res.rev2| MCP655.

GPU: PA120.3|S.Res.rev2|2x EK FC blocks| MCP655.
Reply With Quote
  #7 (permalink)  
Old July 21, 2008, 08:30 PM
Jon_di2's Avatar
Allstar
F@H
 
Join Date: Jul 2008
Location: Toronto, Ontario
Posts: 895
Default

Sometimes its just easier to toss anything you want on an external and to reformat
Reply With Quote
  #8 (permalink)  
Old July 21, 2008, 10:31 PM
Mibs's Avatar
MVP
F@H
 
Join Date: Jun 2007
Location: St. John's, NL
Posts: 311
Default

Quote:
Originally Posted by Jon_di2 View Post
Sometimes its just easier to toss anything you want on an external and to reformat
Agreed.

That antivirus xp 2008 thing is pretty brutal. I saw it on my neighbor's computer when I was helping him with something else. He didn't remember installing it so I tried to get rid of it but it kept coming back. Not sure what he did with it after. But needless to say it definitely is the opposite of antivirus software.
__________________
Intel C2D E6750 @ 3.52 GHz // EVGA 680i SLI Rev. A1 (P31) // 4 GB OCZ Platinum 800 MHz 4-4-4-15 // PC P&C Silencer 750 Quad // Antec P180 // EVGA 8800 GTS 512 // Samsung Syncmaster 226bw 22" LCD

WC Loop: D-Tek Fuzion V2 // Danger Den Maze 5 // Swiftech MCP655 // Swiftech MicroRes // Thermochill PA 120.2 + 4 x Noctua NF-P12
Reply With Quote
  #9 (permalink)  
Old July 22, 2008, 03:33 AM
ebdoradz's Avatar
Allstar
 
Join Date: Mar 2007
Location: Rouyn-Noranda, QC
Posts: 754
Default

just downlaod and isntall trojan remover, its free for 30 days and its working like a charm ..

used it more then once on friend/family infected computer and they are now all working like be4
__________________
Gigabyte GA-MA790XT-UD4P / AMD Phenom II x3 720BE @ x4/ Crucial Ballistic DDR3 / Sapphire 4830 512mb / Corsair 620W PSU / 2*80GB Seagate

DFI LP nF4 Ultra-D / AMD Opteron 165 @ 2.7Ghz/ 2*1GB OCZ Gold GX XTC / Sapphire X1950XT / Fortron 450W PSU / 2*Maxtor 80Gb


Reply With Quote
  #10 (permalink)  
Old July 22, 2008, 04:34 AM
misterd's Avatar
Allstar
F@H
 
Join Date: Jun 2008
Location: Charlottetown, P.E.I.
Posts: 603
Default

An updated Spybot S&D run in safe mode is ususally pretty decent. Especially if you don't want to pay for anything. You can find programs that will remove those startup entries in msconfig. I use ccleaner (short for crap cleaner I heard) and it works great but it can be dangerous if you remove the wrong thing.
__________________
#hardwarecanucks on irc.freenode.net
fiat justitia ruat caelum

Reply With Quote
Reply


Thread Tools
Display Modes