Well if you have downloaded it from some website, here is the screen shot its website.
Browser Hijack by Antivirus XP 2008
REMOVAL PROCEDURE
1. Open task manager(Ctrl+Alt+Del) & kill the following processes by using right click in the following order(the exact names of the files will differ but they will be 12 character long. Also note the names of the files before deleting as at all places the variation of name will be there accordingly. Because of variation I will be using Virus1 for the first one and Virus2 for the second one)
- rhc1cdj0e12r.exe
- pphc5cdj0e12r.exe
2. Now open C:\windows\system32(Assuming you have windows installed in C drive) and trace Virus2 and delete it.
3. Next open c:\program files and find the folder named Virus1. Delete the entire folder.
4. Next delete all traces of Antivirus XP 2008 from desktop and start menu(shortcuts)
5. Empty recycle bin
The following steps require registry editing so follow them carefully. Improper editing could lead to system crash.
6. Go start menu->run-> type 'regedit' and press enter. Regsitry Editor will open up.
7. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Locate and delete virus1 using right click
8. Next Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Locate & delete SMvirus1 using right click
9. Now go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1cdj0e12r
del key Virus1 using right click
10. Now
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Locate 'AntivirXP08' on right side and delete it.
Now there is only one step left which can be performed only when you log in to windows next time.
11.Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1cdj0e12r
del key Virus1
12 Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Antivirus XP 2008
And delete the key Antivirus XP 2008
13 Now if your themes, appearance and settings are missing you can download small tool from here
Now your system is clean from this fake antivirus.
For any comments, questions or suggestions, please do comment in the comment section or click the contact me button above.
18 comments:
I found these steps very easy to follow and was partially successful in removing this virus. The steps that I didn't find was how to restore your wallpaper & the Background tab from that Blue screen that replaced this. Also located several other file names that where Trojans or Worms for that program.
Thanks for your help!
Thanks for your comments.
I have added that too so that you can restore the wallpaper and background tab.
Mudit
hey i got to where you have to delete the rch file its self from the software but it tells me that there was an error while deleting key. please email me eplain what i should do or if there even is a solution i highly appreciate it.
solllidsnake@yahoo.com
when trying to access the registry i get a message saying it had been disabled by the administrator how do I turn everything back on?
Fantastic - thank you very much. It took a while but I managed to follow all the paths. However, like some others, I am unable to remove the blue background and return the desktop tab. Can any one help with that. I have tried using the enable/disable programme suggested - but cannot seem to make the changes
Coralie
For the last steps of getting rid of Antivirus XP 2008 (restoring the tabs "Desktop" and "Screen Saver" in the Display Properties control panel), I found these Microsoft pages extremely helpful:
Steps to manually remove the registry values that were causing the problems (I only had to do the first few for HKEY_CURRENT_USER):
http://support.microsoft.com/kb/921049/en-us
Info about registry values (in my case I wanted to understand what NoDispBackgroundPage and NoDispScrSavPage do):
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93254.mspx?mfr=true
The scripts that you can download to do this on that other blog site might work, but I preferred doing it manually this way.
Thanks for this page here too!
Good luck!
After constant search for removal without having to pay for any software, this is THE most helpful and least confusing explanations I've seen. Thanks so much!
Also when I tried to get my desktop, screensaver and such back, after restarting the computer it would revert back to that stupid virus background. After restoring the wallpaper function via the link you pointed out, I noticed the wallpaper picture had a file name of phcavsj0ev1a (this NOT being the same name as Virus1 or Virus2). Doing a search with this name it came up with files such as blphcavsj0ev1a and lphcavsj0ev1a and another file name that was found in the system32 folder and the Petch folder. Removal of all this restored everything back to normal. Hope this tidbit helps others.
thank you so much for the help, the steps were easy and simple to follow and very effective.
Thank you again for your help.
oh my gosh. thanks so much! you saved me and my little computer!!
Oh! Thank You sooooo Much!! You are a genius! It is people like you, that help people like me get through this crazy world of computers! Thanks again, and keep up the good work!!!
Thanks for the advice, you have helped me so much. Looked for hours on the web to remove that dreadful thing. So glad i found this site.
Once again thanks.
if u wanna restore your background, go to run and type in Gpedit.msc. Under the user configuration tab open the administrative templates tab. THen on the right side of the window, double-click control panel. THen double-click display. Right click prevent changing wallpaper and select properties. Then select disabled and press ok. Do the same for the hide desktop tab or anything else that may be missing.
Quick and Easy. Just what I like,keeping it simple on the system. Both mine and my computer. Thanks a bunch!
I can't get to MenuOrder in the last step but I do have StartMenu. I can't find programs tho
i found this very helpful it did get rid of the actual program and etc ... but what i am still having problems with my computer as in if i don't touch the computer for like 10 minutes and it looks as if the computer is restarting then it goes to a blue screen and if i press enter it goes into the log-in screen to get on my log-in and all the programs are still logged in, do you know what that is because that never occured untill i had the virus
Very good, you help me a lot. Quit and easy.
I can't seem to open "Gpedit.msc" Someone pls help! i hate this blue background!
Post a Comment